modiloader | d6e2f98f080ac56a392ebcadeb3a4394_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d6e2f98f080ac56a392ebcadeb3a4394_JaffaCakes118
Size

332KB
MD5

d6e2f98f080ac56a392ebcadeb3a4394
SHA1

2784134c43968d02f0e51034206d31c8e5940083
SHA256

af6573a43e28ad27399c233702005e6f9a4a93d42c5dd0a9a175f7073b715420
SHA512

17ed70e6993eec881c421f227c6b9a6987c0a0fbc05d3b1bb0e49d6e53d2cce8126019a0376a60a51c5b6a524da0a47fd734b72c25e154fd70803fa6e08341b7
SSDEEP

6144:sG377xS2Vp2CeiorXdwTBpL536pcCJJvHQ:nr7xS2Vp6RwTUbJJvH

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6e2f98f080ac56a392ebcadeb3a4394_JaffaCakes118

Files

d6e2f98f080ac56a392ebcadeb3a4394_JaffaCakes118
.exe windows:4 windows x86 arch:x86

866bd684d2ed1b74b36045593f4a616c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetCurrentThreadId
GetLastError
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
FreeLibrary
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
WriteFile
WinExec
VirtualAlloc
VerLanguageNameA
TerminateProcess
Sleep
SizeofResource
SetFileTime
SetFilePointer
SetEndOfFile
ReadFile
PeekNamedPipe
OpenProcess
MoveFileA
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
IsBadReadPtr
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalAlloc
GetWindowsDirectoryA
GetVersionExA
GetTimeFormatA
GetTickCount
GetThreadLocale
GetTempPathA
GetSystemInfo
GetSystemDirectoryA
GetSystemDefaultLangID
GetStringTypeExA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFileSize
GetFileAttributesA
GetExitCodeProcess
GetEnvironmentVariableA
GetDriveTypeA
GetDiskFreeSpaceExA
GetDiskFreeSpaceA
GetDateFormatA
GetComputerNameA
GetCommandLineA
GetCPInfo
GetACP
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitThread
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessA
CreatePipe
CreateMutexA
CreateFileA
CreateDirectoryA
CopyFileA
CompareStringA
CloseHandle
GetCurrentProcess
GetVersionExA

oleaut32

SysFreeString
SysReAllocStringLen

advapi32

RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegFlushKey
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
GetUserNameA
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
StartServiceA
ControlService
DeleteService
OpenServiceA
CloseServiceHandle
EnumServicesStatusA
OpenSCManagerA

gdi32

StretchDIBits
StretchBlt
SetTextColor
SetStretchBltMode
SetROP2
SetDIBits
SetDIBColorTable
SetBkMode
SetBkColor
SelectPalette
SelectObject
RealizePalette
PatBlt
MoveToEx
GetSystemPaletteEntries
GetStockObject
GetPaletteEntries
GetObjectA
GetDeviceCaps
GetDIBits
GetDIBColorTable
GdiFlush
DeleteObject
DeleteDC
CreateSolidBrush
CreatePalette
CreateICA
CreateHalftonePalette
CreateFontA
CreateDIBitmap
CreateDIBSection
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
BitBlt

user32

CreateWindowExA
wvsprintfA
mouse_event
keybd_event
UpdateWindow
UnregisterHotKey
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
SystemParametersInfoA
SwapMouseButton
ShowWindow
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowLongA
SetTimer
SetForegroundWindow
SetFocus
SetDoubleClickTime
SetCursorPos
SetClipboardViewer
SetClipboardData
SendMessageA
ReleaseDC
RegisterHotKey
RegisterClipboardFormatA
RegisterClassA
PostThreadMessageA
PostQuitMessage
PostMessageA
OpenClipboard
MoveWindow
MessageBoxA
LoadIconA
LoadCursorA
KillTimer
IsWindowVisible
IsClipboardFormatAvailable
InvalidateRect
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
GetWindowLongA
GetSystemMetrics
GetSystemMenu
GetSysColor
GetWindow
GetMessageA
GetKeyState
GetForegroundWindow
GetDoubleClickTime
GetDesktopWindow
GetDC
GetCursorPos
GetClipboardData
GetClassInfoA
FindWindowExA
FindWindowA
FillRect
ExitWindowsEx
EnumWindows
EnumDisplaySettingsA
EnableWindow
EnableMenuItem
EmptyClipboard
DispatchMessageA
DestroyWindow
DefWindowProcA
CopyImage
CloseClipboard
ChangeDisplaySettingsA
ChangeClipboardChain
CallWindowProcA
CharUpperBuffA
ExitWindowsEx

wsock32

WSACleanup
WSAStartup
WSAGetLastError
WSACancelAsyncRequest
WSAAsyncGetServByName
WSAAsyncGetHostByName
WSAAsyncSelect
getservbyname
gethostbyname
socket
send
select
recv
ntohs
listen
ioctlsocket
inet_ntoa
inet_addr
htons
getsockname
connect
closesocket
bind

winmm

waveInUnprepareHeader
waveInStart
waveInReset
waveInPrepareHeader
waveInOpen
waveInClose
waveInAddBuffer
mciSendStringA

msacm32

acmStreamUnprepareHeader
acmStreamPrepareHeader
acmStreamConvert
acmStreamReset
acmStreamSize
acmStreamClose
acmStreamOpen

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

shell32

ShellExecuteA
SHFileOperationA

netapi32

Netbios

Sections

.pelock
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pelock
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pelock
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pelock
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pelock
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pelock
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

866bd684d2ed1b74b36045593f4a616c

Headers

File Characteristics

Imports

kernel32

oleaut32

advapi32

gdi32

user32

wsock32

winmm

msacm32

avicap32

shell32

netapi32

Sections

.pelock Size: 192KB - Virtual size: 192KB

.pelock Size: 16KB - Virtual size: 16KB

.pelock Size: 12KB - Virtual size: 12KB

.pelock Size: 12KB - Virtual size: 12KB

.pelock Size: 16KB - Virtual size: 16KB

.rsrc Size: 52KB - Virtual size: 52KB

.pelock Size: 20KB - Virtual size: 20KB

.avc Size: 8KB - Virtual size: 8KB

.pelock
Size: 192KB - Virtual size: 192KB

.pelock
Size: 16KB - Virtual size: 16KB

.pelock
Size: 12KB - Virtual size: 12KB

.pelock
Size: 12KB - Virtual size: 12KB

.pelock
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 52KB - Virtual size: 52KB

.pelock
Size: 20KB - Virtual size: 20KB

.avc
Size: 8KB - Virtual size: 8KB