modiloader | aaa0b38efd9d86b67fc10c028a62d326_JaffaCakes118 | Triage

Sharing

General

Target

aaa0b38efd9d86b67fc10c028a62d326_JaffaCakes118
Size

124KB
MD5

aaa0b38efd9d86b67fc10c028a62d326
SHA1

43abadeb8f0cb1992874e9391f4e62e7b0b2948c
SHA256

1102cbd9503c3b0f1e806565276f9ab6c350fcd6afe6d365c3c0f08c5013c19d
SHA512

6692a5fe52a48b29e739b5ddaf5695ff333a5d4323c946c0bda9fc282aff4bae70b77c7579be9f97f1df507e993619c1093cb68dcecec745a4cad289825c798c
SSDEEP

1536:IEqAQhmgeGuGiHCj/z/rQ+XBB5Vmt2sii+Z6aEvFdBa9AntYM0N:X4B3VD5XBB5VmtU1OBa9MYJN

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aaa0b38efd9d86b67fc10c028a62d326_JaffaCakes118

Files

aaa0b38efd9d86b67fc10c028a62d326_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn

Sections

Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE