modiloader | aabc076fee2a88b3032ee28d5ad25240_JaffaCakes118 | Triage

Sharing

General

Target

aabc076fee2a88b3032ee28d5ad25240_JaffaCakes118
Size

72KB
MD5

aabc076fee2a88b3032ee28d5ad25240
SHA1

bf26c420e3030707702e44e59950e9284f52fc9f
SHA256

ce4932e4f645f24aa7a86709c093e8d8013cf97969f82880c9d8e5f1b1a04fe2
SHA512

aebecdf8c53de7f3ba68800f2fbfb9e776897699f688efc8e16b0cd6140cb8055ad6e421e4e61c2dfba53703039b870ae5025de1434e35153279b01154e7117b
SSDEEP

768:KI3T3XCyKCG4kotNNGVjYQpvJXN5T/wG3JcoYRjZk37x/dbEYfvyJBn+:Ke3SANNG/X95T/wGZeRjK3t/dQWeB+

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aabc076fee2a88b3032ee28d5ad25240_JaffaCakes118

Files

aabc076fee2a88b3032ee28d5ad25240_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE