modiloader | dbca8ceff6525266c76a4b8073deb0ec_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dbca8ceff6525266c76a4b8073deb0ec_JaffaCakes118
Size

48KB
MD5

dbca8ceff6525266c76a4b8073deb0ec
SHA1

c92f5025f6b40b8357861ad8f483836bee24aee9
SHA256

28d8c0c1c1a9a5a1e5956684989f5b0618d0432f6738d1e629a687f66ac1e677
SHA512

d2ac6948dd45f7d9a07bf285b2dce624958d551020f7261c6a65c56852b86b9d20e702abce8b7330e0bf48f23df2af38837a14c73c1a7e5e3c032eb4342b878c
SSDEEP

768:9fJ8NRDLw3hKT76QYZcUOl9y0fIkoUHrH2nxwuN1x1orptLbK1SBYWmtKZ:9fwRDetD0fIBxvPmpbBjyK

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dbca8ceff6525266c76a4b8073deb0ec_JaffaCakes118

Files

dbca8ceff6525266c76a4b8073deb0ec_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ