modiloader | 0f7357618cc683d518d38d5abef03932_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f7357618cc683d518d38d5abef03932_JaffaCakes118
Size

384KB
MD5

0f7357618cc683d518d38d5abef03932
SHA1

f5d5e30427d9c5c792532bb3751ffd821d25031a
SHA256

e7d37b30cf2d95a8db249340d83386245a6961e05d53025255bef99177d239a7
SHA512

5d5f6f280bf4b5b8218a66179512097183d5845cbec3302c4731e95335a5a60888a767c32a26c9597ca67fa4e3d8759d136b9a4434427f089318f4887a48cfb2
SSDEEP

6144:GxHOe+9D5mlpJKkojz2XhPCN3YT8OgZlA/pKpfk6kmUPLDiwvYpGKMl/:te+9D5mlpJKkjcC8Omrk6kpPRvH/

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f7357618cc683d518d38d5abef03932_JaffaCakes118

Files

0f7357618cc683d518d38d5abef03932_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ