modiloader | dc3a30900be76442505ce3191d147f60_JaffaCakes118 | Triage

Sharing

General

Target

dc3a30900be76442505ce3191d147f60_JaffaCakes118
Size

336KB
MD5

dc3a30900be76442505ce3191d147f60
SHA1

169cde18cd371d3e2013a0cabe418d08ca0d07ed
SHA256

73976ae5353c96d2813bc9078ee49533aeccccf28c80239dd52d57f30c845b24
SHA512

f009d4f2cb2be15e6bb2bb18725200a79ccc3e8a42db03737d80020d340109f97ed6966b7757737691a1554a4fd32d0d01ac7ef4d4ffe231dfd05b18b0c5fcf0
SSDEEP

6144:zSXTREeT1FjHCxgZkx1H6u2oaXkvUkCW8m6Rm7HpzB9mMTstWf3F+D0g:W3T1xHzshvgZY1zBkMTst2g

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc3a30900be76442505ce3191d147f60_JaffaCakes118

Files

dc3a30900be76442505ce3191d147f60_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ