modiloader | e10bcf6b5e436eb96ad92ac2ef8317df_JaffaCakes118 | Triage

Sharing

General

Target

e10bcf6b5e436eb96ad92ac2ef8317df_JaffaCakes118
Size

282KB
MD5

e10bcf6b5e436eb96ad92ac2ef8317df
SHA1

bf87fb1f340d751d3ef183c98003903293a51052
SHA256

5c2f653066d3a4e0ee0af293b9c3800220603e992a630e9181065aef7c2dc68e
SHA512

8b1ffca777c01b4d3768cbcb394f7ec179d22d7cbd61d41f77d631ca765b741aa2a58634843b6dbee093d8591eefb540565a9b5f20434b49976a5d2cee236943
SSDEEP

6144:w6LRwbLWfBuCFSvJBpuQiEdsgVwufvUkvKoC5BnQXjdU:TObHCFSvJBpDvG5zmq

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e10bcf6b5e436eb96ad92ac2ef8317df_JaffaCakes118

Files

e10bcf6b5e436eb96ad92ac2ef8317df_JaffaCakes118
.exe windows:4 windows x86 arch:x86

99f5b0b723d6fca2813f516623081e1c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

VirtualFree
VirtualAlloc
ExitProcess
GetProcAddress
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
FreeLibrary
GetLastError
CreateMutexA
LoadLibraryA

user32

wsprintfA
MessageBoxA

Sections

.data
Size: - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 249KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ