modiloader | e7e1aa7e0b097d50d0ac8d48c2425ef4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e7e1aa7e0b097d50d0ac8d48c2425ef4_JaffaCakes118
Size

478KB
MD5

e7e1aa7e0b097d50d0ac8d48c2425ef4
SHA1

5393eb6b9466ae490c9db3ee383cfe1b100f4220
SHA256

c003c996bb4ce6fbc24ad90bddd3df310469464b442cf4417ca4bfa188a8f436
SHA512

0fba572ece989deb561c85b0b71316b874aba35577e298d039441a3237d36f3bad0adb79f1b138b85610585896055cce67a444e5fe7bfb9cc0cd0c0c369ce310
SSDEEP

12288:3Z2XdlJ8HuF2mAulfKnW7ikTr5sWF/sWFL:3+SHuFaBnAiw1

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader First Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage1

Modiloader family
modiloader

Files

e7e1aa7e0b097d50d0ac8d48c2425ef4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

33:00:00:01:1a:2f:2e:15:ee:b6:85:47:95:00:00:00:00:01:1a
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24-10-2018 21:07

Not After

10-01-2020 21:07

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft America Operations+OU=Thales TSS ESN:3E7A-E359-A25D,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-07-2018 20:11

Not After

26-07-2019 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-07-2018 20:08

Not After

26-07-2019 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:f3:cf:bf:46:dd:64:77:7f:76:40:f2:53:e8:82:27:f9:bb:0f:2b:f2:c6:82:3a:95:e4:d4:f7:ab:84:9f:45
Signer

Actual PE Digest

b4:f3:cf:bf:46:dd:64:77:7f:76:40:f2:53:e8:82:27:f9:bb:0f:2b:f2:c6:82:3a:95:e4:d4:f7:ab:84:9f:45

Digest Algorithm

sha256

PE Digest Matches

false

a8:03:9e:b2:9b:9a:e8:75:2a:76:b1:8c:ac:96:e5:4c:e8:cf:86:d4
Signer

Actual PE Digest

a8:03:9e:b2:9b:9a:e8:75:2a:76:b1:8c:ac:96:e5:4c:e8:cf:86:d4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 53KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

33:00:00:01:1a:2f:2e:15:ee:b6:85:47:95:00:00:00:00:01:1aCertificate

Extended Key Usages

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

b4:f3:cf:bf:46:dd:64:77:7f:76:40:f2:53:e8:82:27:f9:bb:0f:2b:f2:c6:82:3a:95:e4:d4:f7:ab:84:9f:45Signer

a8:03:9e:b2:9b:9a:e8:75:2a:76:b1:8c:ac:96:e5:4c:e8:cf:86:d4Signer

Headers

File Characteristics

Sections

CODE Size: 352KB - Virtual size: 351KB

DATA Size: 5KB - Virtual size: 4KB

BSS Size: - Virtual size: 53KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 25KB - Virtual size: 24KB

.rsrc Size: 71KB - Virtual size: 70KB

33:00:00:01:1a:2f:2e:15:ee:b6:85:47:95:00:00:00:00:01:1a
Certificate

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

b4:f3:cf:bf:46:dd:64:77:7f:76:40:f2:53:e8:82:27:f9:bb:0f:2b:f2:c6:82:3a:95:e4:d4:f7:ab:84:9f:45
Signer

a8:03:9e:b2:9b:9a:e8:75:2a:76:b1:8c:ac:96:e5:4c:e8:cf:86:d4
Signer

CODE
Size: 352KB - Virtual size: 351KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 53KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 25KB - Virtual size: 24KB

.rsrc
Size: 71KB - Virtual size: 70KB