modiloader | e24b76ff271da705e5e498c104a08e49_JaffaCakes118

General

Target

e24b76ff271da705e5e498c104a08e49_JaffaCakes118
Size

766KB
MD5

e24b76ff271da705e5e498c104a08e49
SHA1

0673699003b31f78a806be9564bccd8bca17a34b
SHA256

c31c64035c10494176d39ffe8f3fbb3278827d7561f062db6392f2e74ba08419
SHA512

5a6a04bf6f32249755c5d60eb44c172c4a502975e6973e8f73545d1835fa326ab615318c14ec757c8a204f3a8909380b6aa496bde869bad812fd7481fb664d2f
SSDEEP

12288:rCTO6wDkihzKWLnPjlW/AlTXE0B43v++cw4Ov7JbocjkdufVBHBzuwJFVvkqF6nc:36wXK2nPjgQGXN4KkokqFZM5gNTXNl

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e24b76ff271da705e5e498c104a08e49_JaffaCakes118

Files

e24b76ff271da705e5e498c104a08e49_JaffaCakes118
.exe windows:4 windows x86 arch:x86

df74c8f289e675a5632bbbb73ae73946

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockResource
LoadResource
FindResourceA
WinExec
GetTempPathA
GlobalAlloc
GetProcAddress
GetModuleHandleA
HeapFree
ReadFile
CreateFileA
GetProcessHeap
GetFileInformationByHandle
GetSystemDirectoryA
DuplicateHandle
GetCurrentProcess
LoadLibraryA
LocalFree
IsBadReadPtr
GetVersionExA
SizeofResource
WriteFile
CloseHandle
HeapAlloc
FreeResource
ExitProcess
TerminateProcess
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
RtlUnwind
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW

advapi32

GetUserNameA
SetEntriesInAclA
SetSecurityInfo
GetSecurityInfo

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 747KB - Virtual size: 746KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df74c8f289e675a5632bbbb73ae73946

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 747KB - Virtual size: 746KB

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 747KB - Virtual size: 746KB