modiloader | e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118
Size

320KB
MD5

e72bd5358d4c9c77f3701a10fa68d458
SHA1

6f15c9fae18691ff3bb6c924f70b1bdb17bc5db4
SHA256

c90dd7f986c701400fc6060d836936cec67482f370f841a5f9f2fb674f989bd9
SHA512

f4fc173e05dbed75a83ad88e42c20a2bedf60c15e853a442cb276c9256a87a9a9f60753e34bed98bb460ff3d84206cfc5085c808385285130cc2a727d805c1b8
SSDEEP

3072:4d7qRgouEcW8Hgz/lGUbeWSM1wyRPhRDg3LOk9tXP4:4uFEVYdGawWB8OYtXA

Score

10^/10

upx modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118

Files

e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0ce08e35cd179ad5e08433b152badf1f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

WriteFile
WinExec
WaitForSingleObject
VirtualAlloc
TerminateThread
TerminateProcess
Sleep
SetLocalTime
SetFilePointer
SetErrorMode
ReadFile
OpenProcess
MoveFileA
LoadLibraryA
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GetWindowsDirectoryA
GetVersionExA
GetTimeZoneInformation
GetTickCount
GetSystemTime
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLogicalDriveStringsA
GetLocalTime
GetLastError
GetFileSize
GetExitCodeProcess
GetDriveTypeA
GetCurrentProcess
GetComputerNameA
FreeLibrary
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
DeleteFileA
CreateThread
CreateSemaphoreA
CreateProcessA
CreatePipe
CreateFileA
CreateDirectoryA
CloseHandle
Beep
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetCurrentThreadId
RemoveDirectoryA
GetStartupInfoA
GetModuleFileNameA
GetLastError
GetCommandLineA
FreeLibrary
CreateDirectoryA
ExitProcess
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetSystemTime
GetFileType
CreateFileA
CloseHandle

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegFlushKey
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
GetUserNameA
AdjustTokenPrivileges
CloseServiceHandle
ControlService
OpenServiceA
OpenSCManagerA

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

gdi32

SelectObject
GetDIBits
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

mpr

WNetOpenEnumA
WNetEnumResourceA
WNetCloseEnum
WNetCancelConnection2A
WNetAddConnection3A

msacm32

acmStreamPrepareHeader
acmStreamSize
acmStreamOpen
acmStreamReset
acmStreamConvert
acmStreamClose
acmStreamUnprepareHeader

oleaut32

SysFreeString
SysReAllocStringLen

shell32

ShellExecuteA

user32

mouse_event
keybd_event
VkKeyScanA
UpdateWindow
UnregisterClassA
TranslateMessage
SystemParametersInfoA
ShowWindow
SetWindowLongA
SetTimer
SetParent
SetKeyboardState
SetFocus
SetCursorPos
SetClipboardData
SendMessageA
ReleaseDC
RegisterClassA
PostQuitMessage
PostMessageA
OpenClipboard
OemToCharA
MessageBoxA
MapVirtualKeyA
LoadIconA
LoadCursorA
IsWindowVisible
IsWindowEnabled
IsWindow
IsIconic
IsClipboardFormatAvailable
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
GetWindowLongA
GetSystemMetrics
GetWindow
GetMessageA
GetKeyboardState
GetForegroundWindow
GetDesktopWindow
GetDC
GetCursorPos
GetClipboardData
GetClassInfoA
GetAsyncKeyState
FindWindowExA
FindWindowA
ExitWindowsEx
EnumWindows
EnumChildWindows
EmptyClipboard
DispatchMessageA
DestroyWindow
DefWindowProcA
CreateWindowExA
CloseClipboard
CallWindowProcA
BringWindowToTop
GetKeyboardType
MessageBoxA
CharNextA

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetGetConnectedState

winmm

waveInClose
waveInReset
waveInStart
waveInOpen
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
mciSendStringA

wsock32

WSACleanup
WSAStartup
WSAGetLastError
WSACancelAsyncRequest
WSAAsyncGetServByName
WSAAsyncGetHostByName
WSAAsyncSelect
gethostname
getservbyname
getprotobyname
gethostbyname
gethostbyaddr
socket
send
select
recv
ntohs
listen
ioctlsocket
inet_ntoa
inet_addr
htons
connect
closesocket
bind
accept

Sections

UPX0
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0ce08e35cd179ad5e08433b152badf1f

Headers

File Characteristics

Imports

kernel32

advapi32

avicap32

gdi32

mpr

msacm32

oleaut32

shell32

user32

wininet

winmm

wsock32

Sections

UPX0 Size: 308KB - Virtual size: 308KB

.rsrc Size: 5KB - Virtual size: 8KB

.avp Size: 5KB - Virtual size: 8KB

UPX0
Size: 308KB - Virtual size: 308KB

.rsrc
Size: 5KB - Virtual size: 8KB

.avp
Size: 5KB - Virtual size: 8KB