modiloader | 931230df0924a86d315f1b857798af0e_JaffaCakes118 | Triage

Sharing

General

Target

931230df0924a86d315f1b857798af0e_JaffaCakes118
Size

519KB
MD5

931230df0924a86d315f1b857798af0e
SHA1

84d71486da427d9ededad96bfd4d2258a81a43e3
SHA256

da07bfa9dd7d6bc9308981022d42e48a4f442cd0d3513c62ed616a0b5d60a447
SHA512

599e96488d1aa9189b98bb16e32713fb84b36c148b5bd7c5408e311778039d22383c489da9765e9234b2b8aabf896c98db0f182b61a8e43ebda39eafdbad6a7d
SSDEEP

6144:ypo+QPxj9naYNdWK9LA/lqajtmC5hNF2viTi3ZQ0wrP7oe/z+fmE0ffJLszWQQGE:sopda25umYmv6ipvUP3E0p7bvp

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
931230df0924a86d315f1b857798af0e_JaffaCakes118

Files

931230df0924a86d315f1b857798af0e_JaffaCakes118
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ