modiloader | f2adbad26008e84979f40c1e0a6572e9_JaffaCakes118 | Triage

Sharing

General

Target

f2adbad26008e84979f40c1e0a6572e9_JaffaCakes118
Size

672KB
MD5

f2adbad26008e84979f40c1e0a6572e9
SHA1

0a5ad4eee992b4ecb6f01204da9ea89ea2b078eb
SHA256

a4da3b6d1610158b46fd04f41d3f04bb0be2d7f225dad0424e83f8fd16bda6ca
SHA512

02e395d526d8ad875ecd31d7ef728090ae384c34fd3d202fcd4eea38e360644f554b6195ca7ca60f4962ea8864cc94b436963783cdb9a3cce2772afe2e26cc1e
SSDEEP

12288:1ZHgXKsA7O6+WtoagnzoXDIK9KS7weI16K7YkzT1w:3gZAi6+WtcnzoTIBveI1L5zT1w

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2adbad26008e84979f40c1e0a6572e9_JaffaCakes118

Files

f2adbad26008e84979f40c1e0a6572e9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 609KB - Virtual size: 609KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 23KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ