modiloader | 42af1c4ea861540cdf34cf4043398222_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42af1c4ea861540cdf34cf4043398222_JaffaCakes118
Size

350KB
MD5

42af1c4ea861540cdf34cf4043398222
SHA1

5c98aa7320dc936aa81e25075e70ac61d5069b95
SHA256

ed49b4a32b86e92a8024c89d5fda41aa653c32dd19d40b845b14860c1b018afb
SHA512

f79add775dad929624753907dadd2826d9fc750cd7aba8f7ad07e35b3e302df74f0167e300bd9d4204cbba2f47234ce7e6b786dc1dd2adc162aa9df718996b1e
SSDEEP

6144:n+E+MFU2sDs3JqGCGhf+6PdsjVwupvUkZ5W0sO9oaoaEhmX4pZgwetRmeaMaDBcF:bsDs3J1CcfuvTkmopZFetRWCF

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42af1c4ea861540cdf34cf4043398222_JaffaCakes118

Files

42af1c4ea861540cdf34cf4043398222_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ