modiloader | 88dbdf5ca4bae8b87fcbf3fc52c10728_JaffaCakes118 | Triage

Sharing

General

Target

88dbdf5ca4bae8b87fcbf3fc52c10728_JaffaCakes118
Size

690KB
MD5

88dbdf5ca4bae8b87fcbf3fc52c10728
SHA1

e287aa337031ec31502f2c69f8e4eb976afdb1f9
SHA256

c077bd27c418baedba1579fb21fda2638b4f5ef2622213849b38ea41694acdd2
SHA512

10a2f82fa318bcc41aa9f553040747b40f53d09b15fdcf5c3a9cb29e64377b528e62904a3e754dc2280bb9fd62490cc1078155cb46fc2bca887b4564bdca1b0c
SSDEEP

12288:Pugl095nSxHxzsFb+4pbzsUn7TFLv0oemzYRo+LTKv8:Gy0XSxH9so4pHZNTBcrLTf

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

Processes:

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
88dbdf5ca4bae8b87fcbf3fc52c10728_JaffaCakes118

Files

88dbdf5ca4bae8b87fcbf3fc52c10728_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 608KB - Virtual size: 608KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ