modiloader | 29674d8b6448a323d9ce71a9d80b5eb4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29674d8b6448a323d9ce71a9d80b5eb4_JaffaCakes118
Size

42KB
MD5

29674d8b6448a323d9ce71a9d80b5eb4
SHA1

478f2e5cec4ce1203f8feb5cc3075c85b5fbb4ae
SHA256

bcaa85c11afce11861b47574bfc4398f6c57bd652fd71927c9f78122c902354a
SHA512

31c82d114fef2e98e250574d157d4d83b5449ab6922c31af02bf4a935cd1c5773d259cd0eea0bb21b74869fe3fcfd2dc3b19b9dc0f4f5a9c66c17af3f446727d
SSDEEP

768:2iFKqnQefsPgy9YeLqdXM0rF37LK/VSLxYjKPqgHdIFMer1:xwqnQUar9YeLolrZ7LHL3Fer1

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29674d8b6448a323d9ce71a9d80b5eb4_JaffaCakes118

Files

29674d8b6448a323d9ce71a9d80b5eb4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ