modiloader | 00145a4ab194d4e3f0324cc6d16bff98_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

00145a4ab194d4e3f0324cc6d16bff98_JaffaCakes118
Size

718KB
MD5

00145a4ab194d4e3f0324cc6d16bff98
SHA1

eb8089a9c9144512bd3ac7d4eb901f8df3969985
SHA256

00c3a23f00b980e39f0072a92365034b7c30c27dacec9f66ad7867de2dccac84
SHA512

618de467d339eb96ba6fc04bb3828d7e6dc12b8ac2d5cc65cb6671ce061cfde4672911203c1e3814936f07556c2559dd4205c7112a74044e00f4fc822d3a43b2
SSDEEP

12288:BASZ6lVrCdN8ca43+edLBnRd4mYCLR9YTR/OsTN00K8:BXwXCDtJ359wmLNM/OsTNA8

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

00145a4ab194d4e3f0324cc6d16bff98_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

43:00:6a:30:a8:b9:c1:43:b3:8f:26:5c:d4:f4:77:98
Certificate

Issuer

CN=Microsoft Corporation

Not Before

31-12-2007 16:00

Not After

31-12-2013 16:00

Subject

CN=Microsoft Corporation

Extended Key Usages

ExtKeyUsageCodeSigning

a8:94:8d:d1:64:9f:82:74:b2:30:92:b9:14:dc:52:bf:7c:97:51:fe
Signer

Actual PE Digest

a8:94:8d:d1:64:9f:82:74:b2:30:92:b9:14:dc:52:bf:7c:97:51:fe

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 601KB - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mackt
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

43:00:6a:30:a8:b9:c1:43:b3:8f:26:5c:d4:f4:77:98Certificate

Extended Key Usages

a8:94:8d:d1:64:9f:82:74:b2:30:92:b9:14:dc:52:bf:7c:97:51:feSigner

Headers

File Characteristics

Sections

CODE Size: 601KB - Virtual size: 600KB

DATA Size: 20KB - Virtual size: 20KB

BSS Size: - Virtual size: 5KB

.idata Size: 12KB - Virtual size: 11KB

.tls Size: - Virtual size: 20B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 38KB - Virtual size: 38KB

.rsrc Size: 31KB - Virtual size: 32KB

.mackt Size: 12KB - Virtual size: 12KB

43:00:6a:30:a8:b9:c1:43:b3:8f:26:5c:d4:f4:77:98
Certificate

a8:94:8d:d1:64:9f:82:74:b2:30:92:b9:14:dc:52:bf:7c:97:51:fe
Signer

CODE
Size: 601KB - Virtual size: 600KB

DATA
Size: 20KB - Virtual size: 20KB

BSS
Size: - Virtual size: 5KB

.idata
Size: 12KB - Virtual size: 11KB

.tls
Size: - Virtual size: 20B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 38KB - Virtual size: 38KB

.rsrc
Size: 31KB - Virtual size: 32KB

.mackt
Size: 12KB - Virtual size: 12KB