modiloader | 8ea4f8cce42d4de1f99542fd6be8d8bb_JaffaCakes118 | Triage

Sharing

General

Target

8ea4f8cce42d4de1f99542fd6be8d8bb_JaffaCakes118
Size

27KB
MD5

8ea4f8cce42d4de1f99542fd6be8d8bb
SHA1

fc58e58246a5f0bd482289e9c90c8d59b5bec777
SHA256

1ee6c7af00dd0c328999cea0ea44060de70e473ef4548729205f81007c557c51
SHA512

debc353a04dd16b1b5ce90476e8830bd05f235659aeb104ac4563bd0e517121028df8717930173126adf74d2c9928ca1c33edd8c0be6efc80f42fbf2887ee08c
SSDEEP

384:t9mRSCF82EkoaoP6qhNyp/XFzbL9pfjwJRWVLnptepi1GqyT0ERCoui/:t4RzS2r5oPjhNyp/htpOELG+EEoui/

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

Processes:

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
8ea4f8cce42d4de1f99542fd6be8d8bb_JaffaCakes118

Files

8ea4f8cce42d4de1f99542fd6be8d8bb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 566B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mini9
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE