modiloader | 304d553299e245f0b907b0b50a50d3ad_JaffaCakes118 | Triage

Sharing

General

Target

304d553299e245f0b907b0b50a50d3ad_JaffaCakes118
Size

875KB
MD5

304d553299e245f0b907b0b50a50d3ad
SHA1

63348283b822c25960133717aadccb2ed02f37af
SHA256

09da4f36e931cb15393834e79fce688ce21ff8a6bb082193a7e1e66df91feed3
SHA512

f312734df4f1c80ddd3c11539375de93d8335223e53855d3ab75c693cf60f4effc4f61bc182289d67585f3dee7377ddb08c20ee4d644abe9e8cca424f1e48a8f
SSDEEP

24576:B5T0kUJQbdHVFQlyOW8oooiAhYJWtA7q:B53UEHVFQAp5iAOgtAG

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
304d553299e245f0b907b0b50a50d3ad_JaffaCakes118

Files

304d553299e245f0b907b0b50a50d3ad_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ