modiloader | dc6dfe988c7de08c2ad30ced9fdae065_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dc6dfe988c7de08c2ad30ced9fdae065_JaffaCakes118
Size

475KB
MD5

dc6dfe988c7de08c2ad30ced9fdae065
SHA1

c3fac90f5d835ef05925221cbd4905046efac328
SHA256

94e439c93910fc50d19d945b6fda1e5d2ac8fe01427dde74ee3ddb0918bc5a04
SHA512

0c8afe7ccb745fa8aa4f44dc8657d0029a0068c56753bc3ceb2fe6b4755e134b27d7f51e75b1fefec361a49586b85ed6759ba398c1a2be073585c710e1deafb0
SSDEEP

12288:U6A+yHvbS+Vnjz936iOnQMRcB8fkpBbYBu:hA1HvbS+VjZd2QMRlspBbYQ

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc6dfe988c7de08c2ad30ced9fdae065_JaffaCakes118

Files

dc6dfe988c7de08c2ad30ced9fdae065_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ServiceMain

Sections

CODE
Size: 418KB - Virtual size: 417KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ