modiloader | faa43e04e48e882428c8721cf13ef384_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

faa43e04e48e882428c8721cf13ef384_JaffaCakes118
Size

32KB
MD5

faa43e04e48e882428c8721cf13ef384
SHA1

b9ba44edb04c1d174c1375639a1a63f25c0f2d84
SHA256

9d6521353e8d262005b9e5bca6058c15544edb2f9dd467e4b9103823684e1090
SHA512

987392e36b7ca54e0387d191b26bd1fdf5a13a56a0aa3c10d57aeaafa1f6db3ef37d836f1aa4ccbb282f474244974867bba8229114d13958ef5c8006eb6c7abb
SSDEEP

768:RoiiqZOHZQhnSPm3GqkIHZ3JTgOl0NkptwqotMrLkAk:RviqZiZQhATq553SO23q0kXk

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
faa43e04e48e882428c8721cf13ef384_JaffaCakes118

Files

faa43e04e48e882428c8721cf13ef384_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn

Sections

CODE
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ