modiloader | 0f495ea55d056112fd47ed2ac0aeac8b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f495ea55d056112fd47ed2ac0aeac8b_JaffaCakes118
Size

683KB
MD5

0f495ea55d056112fd47ed2ac0aeac8b
SHA1

745fb80100a9c02c81c0df6be43e04772a34eeee
SHA256

d3ca15b6fff54a93f0b5a53183921f4f9c0d8c69cd470293106117eb057a00c2
SHA512

8996092dd7bf4b5638bc2544c6b8b83d6b925d11c2de6df908a5ab460596fc704beb11917f74700884a64b4aef38b9a7c569a315367d92af25aa82e028410294
SSDEEP

12288:1xxekfi2ub/Q+8sofDdKZg+m++rr7xS2Vp6RwTyC7bJJvHX:Ykm/aBrqk++1S2Vp6RwTZJvHX

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f495ea55d056112fd47ed2ac0aeac8b_JaffaCakes118

Files

0f495ea55d056112fd47ed2ac0aeac8b_JaffaCakes118
.exe windows:1 windows x86 arch:x86

ec0fd12ddc31ab199fd4cc6c243cf6d0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA

kernel32

GetCommandLineA
GetCurrentProcessId
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
LoadLibraryA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
WriteFile

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA

crtdll

__GetMainArgs
exit
free
malloc
memset
raise
rand
signal
srand
strcat
strchr
strncpy
time

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 596B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 160B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 924B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE