modiloader | c600781fde274aaae3e3cc8d8182c96a_JaffaCakes118 | Triage

Sharing

General

Target

c600781fde274aaae3e3cc8d8182c96a_JaffaCakes118
Size

214KB
MD5

c600781fde274aaae3e3cc8d8182c96a
SHA1

01826294aba79842e5d3e8c5379ebc49072764aa
SHA256

f31d7d76860d41aae3b486113685349d00e0bd70d0f39239136df87e144e0c8d
SHA512

a40614b0df4929f8d0d73de0c1de06b670b4787bd803d0c7134715524c90d9d6b4bc74d41653cf97c182c9dc9e66a7e1776a3de40537bc8841a5eb1f1ddacfe8
SSDEEP

3072:B6eYiCbQmQQaCZWF7QhDXkJVJ8XFRGS9XhKaE74nk2le1wdQLeKzb1/d6+d+GB/o:X2c2XqJ82S9Ql75strq3HBez0Y5

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c600781fde274aaae3e3cc8d8182c96a_JaffaCakes118

Files

c600781fde274aaae3e3cc8d8182c96a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 333B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ