modiloader | 0a012ecbb4eca7af55fd62e32cfc7ce6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a012ecbb4eca7af55fd62e32cfc7ce6_JaffaCakes118
Size

380KB
MD5

0a012ecbb4eca7af55fd62e32cfc7ce6
SHA1

94bee3f7d90a5cbd6ed0b5bd08417d84b1431bc2
SHA256

aeaeb2065b5c589158951e2064991fdf51ef711a14fa78298b2e29587267cedf
SHA512

041237232823fe91221ad6b6a1e6e6787cd79d9b134e95bf5b0313bca99a585ff74ce4634c4481c886f9e51f283e685879807738dc59a7fc4b5ac79a0e582136
SSDEEP

6144:N7BDd7L38Npyf30z5may6qjds3VwuBvUkJZYOCH4foaSs1xqkAOlA0lXC5T/Uoy:N7/a0fkzUayavBiOVAcA0w/UR

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a012ecbb4eca7af55fd62e32cfc7ce6_JaffaCakes118

Files

0a012ecbb4eca7af55fd62e32cfc7ce6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 345KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ