modiloader | 3e6db06bde0d06c2084a1cf06dbb62c8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3e6db06bde0d06c2084a1cf06dbb62c8_JaffaCakes118
Size

70KB
MD5

3e6db06bde0d06c2084a1cf06dbb62c8
SHA1

357421649954e2cb5a964b789b4ccae8e0d60075
SHA256

ab5e784e2405895a75546a498291f9a9517288b7a4cee795eca212c775e8933d
SHA512

1e056be571c3dbd9c9b57de39b838a4602df5cfb102ceaee37f04d3590ed23add2c8be172b6de86f4c2d3e1dcba013865dde9f61de0fe6c5bd081aad17a5159a
SSDEEP

1536:/1NDd0qox1hMqdlsuurqHNAphcyt9q/Ng:tNc/pllQqHUC4kNg

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e6db06bde0d06c2084a1cf06dbb62c8_JaffaCakes118

Files

3e6db06bde0d06c2084a1cf06dbb62c8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2b60251c0a16ea4ae9b774354627bdb8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
__vbaPut3
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
ord666
__vbaAryDestruct
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
ord709
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaGet4
__vbaI2I4
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaUbound
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord100
__vbaAryLock
__vbaVarDup
_CIatan
__vbaStrMove
__vbaAryCopy
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeStr

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ