modiloader | fd3da4861b986b2fdbd61af2b2ee8b4a_JaffaCakes118 | Triage

Sharing

General

Target

fd3da4861b986b2fdbd61af2b2ee8b4a_JaffaCakes118
Size

11.8MB
MD5

fd3da4861b986b2fdbd61af2b2ee8b4a
SHA1

a9c3db8f5806ff4afaeb4554d7cc219aa8850beb
SHA256

32d8057b95350f30fd4acdee5d500efacf2c519046953243a3d90afb832ba7cd
SHA512

ebd3065910b40216760302c09ec9605125681253fe51d26d6b5fe2cbd1c11656eb395c77440d107a53c4d73762c61f3c97b91fe820f23e73c6eff971620660f5
SSDEEP

98304:Xd/M3eCRhMluo76Ue3dd2wxVacRE15dtCayuDHo8J4K:XyuFlqU+dd2wxVs15DCMDHo8Jd

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader First Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage1

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd3da4861b986b2fdbd61af2b2ee8b4a_JaffaCakes118

Files

fd3da4861b986b2fdbd61af2b2ee8b4a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

asfd2131
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.newimp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE