modiloader | bc5e472bb716ebdf7a72ea75beaa167d_JaffaCakes118 | Triage

Sharing

General

Target

bc5e472bb716ebdf7a72ea75beaa167d_JaffaCakes118
Size

130KB
MD5

bc5e472bb716ebdf7a72ea75beaa167d
SHA1

554bf6982a6b4b8223f49e3951dbe39426e8861c
SHA256

b9439de702a3a624a35f9818a1668a3fcbf7760e0d50a8ec5528b9a158383066
SHA512

5e5ceb24e43d7fb91fa3a1661d34073f656c2d673b6168acb205f4a98b0cdb21e9f81bccc5e736cf98ddfa0c70a5cd8ac847d621391b9c8fbb11acd1141af2f1
SSDEEP

1536:pMvVYqGQbmmeFV4iHCj/zdGmcqQBsBassV2QspKSD7ACrfndzw:pVqDBVvcqQBsassV8Ypcdzw

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc5e472bb716ebdf7a72ea75beaa167d_JaffaCakes118

Files

bc5e472bb716ebdf7a72ea75beaa167d_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn

Sections

Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE