modiloader | daa6fc9ce47213d49ba91a8b78a80757_JaffaCakes118 | Triage

Sharing

General

Target

daa6fc9ce47213d49ba91a8b78a80757_JaffaCakes118
Size

331KB
MD5

daa6fc9ce47213d49ba91a8b78a80757
SHA1

f59089791f289f0d2ec3b5729ef46827f4fa6d41
SHA256

87422011d60613bf2f591057dd05fea2b896d56c5781b1875f1728b471b9d549
SHA512

9a716152086a13d1c2e6ad16d35304e9260cec4982b7220d5a6ed41694fbddfa87c050892604141e6e7c4016af0761781e308787d14aa9ff31a80d4d8b270157
SSDEEP

6144:cCFNcE5fx1TYK4xkv/BugEm4QrxcTq670nCGQktzJwZkiZalKRDw9:9NcE5fT54xkv/B34Qi240SktzJbipG9

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
daa6fc9ce47213d49ba91a8b78a80757_JaffaCakes118

Files

daa6fc9ce47213d49ba91a8b78a80757_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ