modiloader | c7d91ff47a887a885be38e9fc71a7464_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c7d91ff47a887a885be38e9fc71a7464_JaffaCakes118
Size

1.0MB
MD5

c7d91ff47a887a885be38e9fc71a7464
SHA1

a3d1840436915079e31f32d5260ac859e97e8243
SHA256

e1ef3513a36a3f50c9d192e2ce4228c81aed547829fb954283d910533b8fe3b7
SHA512

75f4e5f526c0d9fcd7eca64d79016a3d7e5a6c418c9b247783cd4daa4ea12340fda079094e0b5e64f83bf67aa71a1af393163c477ce959a52c96998d5b94b6cd
SSDEEP

12288:tplLocgRYbhAhTFgEYdxmEPzag3rfPqh5D736kJhyL6TSCswDOoOFMnRfAe2:tDMzYlQSE4LzaeTSYQhye+VcrOFMnRz

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7d91ff47a887a885be38e9fc71a7464_JaffaCakes118

Files

c7d91ff47a887a885be38e9fc71a7464_JaffaCakes118
.exe windows:4 windows x86 arch:x86

947b196f0ad49b7844bb01f586bb5953

Headers

Imports

kernel32

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
lstrcmpiA
WriteProcessMemory
WriteFile
WinExec
WaitForSingleObject
VirtualQuery
VirtualProtectEx
VirtualAlloc
VerLanguageNameA
UnmapViewOfFile
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetSystemPowerState
SetLocalTime
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
SetComputerNameA
ResumeThread
ResetEvent
RemoveDirectoryA
ReadFile
OpenFileMappingA
MulDiv
MoveFileA
MapViewOfFile
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetWindowsDirectoryA
GetVolumeInformationA
GetVersionExA
GetVersion
GetTimeZoneInformation
GetTickCount
GetThreadLocale
GetTempPathA
GetTempFileNameA
GetSystemInfo
GetSystemDirectoryA
GetSystemDefaultLangID
GetStringTypeExA
GetStdHandle
GetProfileStringA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLogicalDriveStringsA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileSize
GetFileAttributesA
GetExitCodeThread
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetComputerNameA
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateThread
CreateFileMappingA
CreateFileA
CreateEventA
CreateDirectoryA
CopyFileA
CompareStringA
CloseHandle
Sleep

user32

GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
keybd_event
WindowFromPoint
WinHelpA
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
SwapMouseButton
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCursor
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetTimer
SetSysColors
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassInfoA
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowExA
FindWindowA
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EnumThreadWindows
EnumDisplaySettingsA
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
CheckMenuItem
ChangeDisplaySettingsA
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegDeleteValueA
RegCreateKeyExA
RegCloseKey
GetUserNameA

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

gdi32

UnrealizeObject
StretchBlt
StartPage
StartDocA
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RestoreDC
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExtTextOutA
ExcludeClipRect
EndPage
EndDoc
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateICA
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
BitBlt

comctl32

ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

winspool.drv

OpenPrinterA
EnumPrintersA
DocumentPropertiesA
ClosePrinter

wininet

InternetGetConnectedState

wsock32

WSACleanup
WSAStartup
WSAGetLastError
WSACancelAsyncRequest
WSAAsyncGetServByName
WSAAsyncGetHostByName
WSAAsyncSelect
gethostname
getservbyname
gethostbyname
socket
setsockopt
send
select
recv
ntohs
listen
ioctlsocket
inet_addr
htons
getsockopt
connect
closesocket
bind
accept

imagehlp

ImageDirectoryEntryToData

winmm

sndPlaySoundA
waveInGetNumDevs
mciSendStringA

shell32

ShellExecuteA

rasapi32

RasGetEntryDialParamsA
RasEnumConnectionsA
RasCreatePhonebookEntryA
RasHangUpA
RasEditPhonebookEntryA
RasDeleteEntryA
RasRenameEntryA
RasEnumEntriesA

urlmon

URLDownloadToFileA

Exports

Exports

HideProcess

Sections

Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

947b196f0ad49b7844bb01f586bb5953

Headers

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

comctl32

winspool.drv

wininet

wsock32

imagehlp

winmm

shell32

rasapi32

urlmon

Exports

Exports

Sections

Size: 1.0MB - Virtual size: 1.0MB