modiloader | e689cbd5b6decdbdd116535028dfb14e_JaffaCakes118 | Triage

Sharing

General

Target

e689cbd5b6decdbdd116535028dfb14e_JaffaCakes118
Size

700KB
MD5

e689cbd5b6decdbdd116535028dfb14e
SHA1

1537b6acc219492730eb4dcd29ff724704a7513e
SHA256

d6ac8915bd833f8f58989a300b4707e1f4a1d15953f05e9081e12da57dd98642
SHA512

c13a9f7f7e4dca35856f6f29282b59b077210618aae71c156a48c463bc560c2bfe653a4ca709b453259decb1824690a6a07e99449198bfa6be64e8b1eadc0e78
SSDEEP

12288:4rmRu5u2ev63GCTSp3axiLFcF4Px8TYl99HK1qxbhk8bPOIG:4rm851eS270ih64p8TYl9UahksPOIG

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e689cbd5b6decdbdd116535028dfb14e_JaffaCakes118

Files

e689cbd5b6decdbdd116535028dfb14e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 686KB - Virtual size: 685KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ