modiloader | 26c1cbc3f20326a297e5c8b6427e1e95_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

26c1cbc3f20326a297e5c8b6427e1e95_JaffaCakes118
Size

2.0MB
MD5

26c1cbc3f20326a297e5c8b6427e1e95
SHA1

1325a16ca24962df3a8e279bcd727fe019950a6b
SHA256

d3cba40dab03e9101ef7a30e49e14a6c2f590939d50646d9677b7b594413075c
SHA512

283b2b06766be4a9d04dadfef8c18dd888f4a95f0869b330a4a5714de3255d32aa289a5449af9cc9d54f9621c326e5a5e157fb737258d317ba74ec9198a6c510
SSDEEP

49152:Ep6STadPM7a+p7b7Vn/LY+MXH5ByS8hvk1lZPgx:A6c7a8R/LhgTW8rZm

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26c1cbc3f20326a297e5c8b6427e1e95_JaffaCakes118

Files

26c1cbc3f20326a297e5c8b6427e1e95_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d131c913606ffc7f68b87b385950f105

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord666
ord594
ord526
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord713
ord606
ord716
ProcCallEngine
ord537
ord570
ord100
ord617
ord619

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ