modiloader | 05d400a11b2f76f801bf24d9931a080e_JaffaCakes118 | Triage

Sharing

General

Target

05d400a11b2f76f801bf24d9931a080e_JaffaCakes118
Size

246KB
MD5

05d400a11b2f76f801bf24d9931a080e
SHA1

1b62f520e645ec755f46780a29b3ae82f5651160
SHA256

156e75a8ca85c25e11dcaed9e721f956540ac68253c479d0079e4317b2ed7faa
SHA512

0a3df97725203136c622f7fc24381d8fd749bbc7369f0489a065d9ef8b5a4f47858489059417d0a7e832b34e1c70ba261d1820d5bc4e2d8baa07eae2a6dc5ad3
SSDEEP

6144:qfBuCFSvJBpuQiEdsgVwufvUkvKoC5oNQXjd:vCFSvJBpDvG52Y

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05d400a11b2f76f801bf24d9931a080e_JaffaCakes118

Files

05d400a11b2f76f801bf24d9931a080e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ServiceMain

Sections

CODE
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 70B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ