modiloader | e4adc9bdedc14771f3e5f037b848fbbc_JaffaCakes118 | Triage

Sharing

General

Target

e4adc9bdedc14771f3e5f037b848fbbc_JaffaCakes118
Size

134KB
MD5

e4adc9bdedc14771f3e5f037b848fbbc
SHA1

0025965182d0e5221dd7e27872909506e1643ed6
SHA256

8d549c8f68ba991d7b10dfc4b26878c2fb070c255fffc366e2f9340537c1bd61
SHA512

7dbbc49342fe6562188cf718a4a6ca9db5ba363b5a6f881db2bae378303aa56e0c99982ad02d45689123703f782d0440267acf488a488c6be58dc8daadb026f8
SSDEEP

1536:JYq/Qks19FWT6FnqRnsOpj7rTuAVmWlSYq/Qks19FWT6FnqRnsOpj7rTuAVmWlq:dqF3Ot6AVxoqF3Ot6AVxs

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e4adc9bdedc14771f3e5f037b848fbbc_JaffaCakes118

Files

e4adc9bdedc14771f3e5f037b848fbbc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ