modiloader | 41de890fc575da2a7fb9afabb093ab5e_JaffaCakes118 | Triage

Resubmissions

13-10-2024 20:24

241013-y6scqswgrh 10

13-10-2024 20:16

241013-y2axwswemh 10

Sharing

General

Target

41de890fc575da2a7fb9afabb093ab5e_JaffaCakes118
Size

690KB
MD5

41de890fc575da2a7fb9afabb093ab5e
SHA1

76a77e73ec91e87a22203776cd7cf42324f3e618
SHA256

06c7709f74ddbe908cf2eafb3a15f4a3a68d584b71322d8e468e7595d015a616
SHA512

880f0735ab9a35d59a408393e27fbf3cd45ff61d3629095ba16ad5c8637649e9941247168edaed7a6c96c9302f9b4fe9e3ab7fb9e8e1d3d5e1c2bc2c2c3f9c9c
SSDEEP

12288:Zugl095nSxHxzsFb+4pbzsUn7oFLv6otezYRodLTKW8:ky0XSxH9so4pHZ8Tqc4LTs

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41de890fc575da2a7fb9afabb093ab5e_JaffaCakes118

Files

41de890fc575da2a7fb9afabb093ab5e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 608KB - Virtual size: 608KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ