modiloader | 55f26236a403c759f984b9275ebdeeb7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

55f26236a403c759f984b9275ebdeeb7_JaffaCakes118
Size

1.5MB
MD5

55f26236a403c759f984b9275ebdeeb7
SHA1

afb9f402e58ae38ccc9dda8d2326a2cedaefc41c
SHA256

df9c1dd536fd48c4f4fb6fbe18622a5237e616d3e5752146e2565573d773e79a
SHA512

1d5bfa126b0fcba43f60911a0639ba4e3c9c28f57deb409679e374f33cad9ff309e5406896f1a7de7e7bf3ecebdabd3e61e599bb92cf4fef66c3c712396e6adf
SSDEEP

24576:uVculjx81hKdOalbPbo9H9W7yw11iGR/TkMAxG9Syo/3TKt8qNlymkyHUz45q+Pj:uVXdnTaYBtTkM6G9S3+Dl6D0

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
55f26236a403c759f984b9275ebdeeb7_JaffaCakes118

Files

55f26236a403c759f984b9275ebdeeb7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UBBs1r4i
Size: - Virtual size: 770KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zuGi5pHu
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

VQWl6R8S
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

JimW79A5
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

B0BTKZb1
Size: 24B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

F1KbEwuo
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

uBgNH30x
Size: 24B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ