modiloader | e1f720d5f35898661142804b4c66f3e6_JaffaCakes118 | Triage

Sharing

General

Target

e1f720d5f35898661142804b4c66f3e6_JaffaCakes118
Size

848KB
MD5

e1f720d5f35898661142804b4c66f3e6
SHA1

0e6f46e0cc3c28a2feebff57222e6c16c3af9846
SHA256

c9c6bb4c7eeec0784756ff83b404e6c9f9c0ed30f2faf37ce9fdbe7137831971
SHA512

d6420071f7052901c6ffa0b7e0d3266ff9c59e842d7a66395664438c5a23f7917c8debd78621364df74f6ae302c2b5e86836cd7a58ebdf5ddc53c5432f586dd9
SSDEEP

12288:pSltGgozqi5paO0lp9USQVUSyrkA4RZ6J+v5NdTgxWaSTAbu:p02eas1USImaRIwPuIaSTN

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1f720d5f35898661142804b4c66f3e6_JaffaCakes118

Files

e1f720d5f35898661142804b4c66f3e6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 816KB - Virtual size: 815KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wkt0
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE