modiloader | eb7856b7aef5910a570127af7a95a2ff_JaffaCakes118 | Triage

Sharing

General

Target

eb7856b7aef5910a570127af7a95a2ff_JaffaCakes118
Size

836KB
MD5

eb7856b7aef5910a570127af7a95a2ff
SHA1

3331364b06ad31c6953009dd838f8a1c3c98d6ec
SHA256

c18f54bdea2fb66a02a2f871de2b02c1f4ff8bc40789eb17a7050a6926e26230
SHA512

3f3a5e81bf6dcd0c0bc9355c67c339e2faead9de638dc89a11a544fe6984a75d10e94de2691b86f669c370a154be447fc77d528bd8bcc5f3a9a408317483bf19
SSDEEP

24576:JPipyklwCMvru5KKTOFWQbwRseoT0u28mczO7+:JPi+VWQb28T0dczA+

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb7856b7aef5910a570127af7a95a2ff_JaffaCakes118

Files

eb7856b7aef5910a570127af7a95a2ff_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 632KB - Virtual size: 632KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ