modiloader | a8ccc3ebb7344bb55e7ffc6315e8f0a9_JaffaCakes118 | Triage

Sharing

General

Target

a8ccc3ebb7344bb55e7ffc6315e8f0a9_JaffaCakes118
Size

747KB
MD5

a8ccc3ebb7344bb55e7ffc6315e8f0a9
SHA1

ecca44453ed7d0d02b047f685b497f72f87ff22e
SHA256

dbaab8c70e1753b9c05fd98a09c571fdc3110a801de928b133b0d3c2d74662e1
SHA512

147eaa99efbf48bfaffc215f23e1084fda5f2216db03c8085cbf1564a397a78895dea8f681e67bd225014bd4315fd1d07c0e81617e14e818216f3a18413f5ea2
SSDEEP

12288:O2rUsmoD1o6lVsloQAjnRlJ9FhlwipbN0hgTn91NW9yucHQb/cH3UqCILs9:3YsmoJB7sFAjnVPwiv0hS91NW4uL/bx

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8ccc3ebb7344bb55e7ffc6315e8f0a9_JaffaCakes118

Files

a8ccc3ebb7344bb55e7ffc6315e8f0a9_JaffaCakes118
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 500KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rlp
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE