modiloader | e1fd4c94de192600eb42307fc0b9bfce_JaffaCakes118 | Triage

Sharing

General

Target

e1fd4c94de192600eb42307fc0b9bfce_JaffaCakes118
Size

88KB
MD5

e1fd4c94de192600eb42307fc0b9bfce
SHA1

b7cb6b88ddfaae022afbf5817a8f38345d423646
SHA256

5ca264fa091c2f3692fb96e9d4be869fd8786a8c9f3469ea8c0e52eb0ff71191
SHA512

19b44d9c371a4bd913c61d54e674e46e112e8fb13b9ac60c14a72497518f08f958a4065f1eebb488884185e75f96a8687a44d1108c95f9c16074eb7db29f95fe
SSDEEP

1536:zK4+cjhXlzy+ikMF/kJUdT53qig6o4lSb9fd+AX4Xu9ySX4:P+c++xMF/kJaTcig4l4V+U9ySX

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1fd4c94de192600eb42307fc0b9bfce_JaffaCakes118

Files

e1fd4c94de192600eb42307fc0b9bfce_JaffaCakes118
.exe windows:4 windows x86 arch:x86

69e07db933f5fc460572cfd04ac3c0f5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord586
MethCallEngine
ord595
ord596
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord606
ord714
ord608
ProcCallEngine
ord644
ord537
ord100
ord616
ord546

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ