modiloader | ec12f24b941ebac9b1b20fa54316c94c_JaffaCakes118 | Triage

Sharing

General

Target

ec12f24b941ebac9b1b20fa54316c94c_JaffaCakes118
Size

385KB
MD5

ec12f24b941ebac9b1b20fa54316c94c
SHA1

234deb459ee1b11c8ce15f69aeaabe81a69455cd
SHA256

c11116e78cadddaecd08ea228afc2a2e17b0feeeff093a4443f8b914acb9913c
SHA512

817a908738474cff89d1f8f63dbb50097cfb3fa566712cabf80345a429969105dc8aeffd65854aef4e1abac4d3ce57a1a29832d740a2d6736e9b82169182a513
SSDEEP

6144:uByddyG377xS2Vp2CeiorXdwTBgWx4v53CpcCJJvH8ddg:Dr7xS2Vp6RwTyCzbJJvH/

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ec12f24b941ebac9b1b20fa54316c94c_JaffaCakes118

Files

ec12f24b941ebac9b1b20fa54316c94c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\Giovani\Desktop\Giovani\exploitbinder\NathansBinderStub\NathansBinderStub\obj\Debug\NathansBinderStub.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ