modiloader | cb2aa39170960e8b175390db778df2c9_JaffaCakes118 | Triage

Sharing

General

Target

cb2aa39170960e8b175390db778df2c9_JaffaCakes118
Size

2.9MB
MD5

cb2aa39170960e8b175390db778df2c9
SHA1

28343b72ec85f31c53bf0176b8e8f4c75101d869
SHA256

d7cd31d319c2cb6546d12124a44dc10cd01b87e44fb5d42d0f8591e347ec72e0
SHA512

490817ac068c609894215e1faea30b58c76094829176f24d976a1605cca0f3fd1a290e7cfe4e2eec6e195523244f947385826edbf3a3ca071430533c1eca4a7a
SSDEEP

49152:3m4Sqls8L9NvhStP9vCdRuK2Xdko8DDLHhiv5z:3mZqlDvhqP4dRuK2XdP8fLBiv5

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader First Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage1

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb2aa39170960e8b175390db778df2c9_JaffaCakes118

Files

cb2aa39170960e8b175390db778df2c9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 9KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 319KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE