modiloader | ced298d4048bed5fa8b6f975800467c1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ced298d4048bed5fa8b6f975800467c1_JaffaCakes118
Size

701KB
MD5

ced298d4048bed5fa8b6f975800467c1
SHA1

428f677cca102a5f83997bbdb5b027f37b322904
SHA256

377cb577ac1e72c6d29c7717ba83c3b0f6fbe36169ac34ffc07006ede77b037b
SHA512

6c79e5cf3d2596ee0f9f71b6659b900753f0da26cd46d6f6abeea2cad69db7deb33607c86c85fd57c646e206ad76e06dc6e9ee1fd8fcc725f3d22729550e5c56
SSDEEP

12288:gkdR1m1tj1HRTT78od3LkRzj+K5dmTPMTpSWndNm/tta4E95eESQBibGRV:ldmJHJT9dbo7aTPMAWy/tS95/ibGRV

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
static1/unpack001/挖掘鸡7.2最新版_cngr.exe	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/挖掘鸡7.2最新版_cngr.exe

Files

ced298d4048bed5fa8b6f975800467c1_JaffaCakes118
.rar
挖掘鸡7.2最新版_cngr.exe
.exe windows:4 windows x86 arch:x86

138e4a7206e25dc2e617507c025a11b6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
Sleep
DeleteFileA
WaitForSingleObject
CreateProcessA
lstrcmpA
SetEndOfFile
SetFilePointer
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetLastError
CreateFileA
lstrcpyA
GetTempPathA
GetModuleHandleA
GetStartupInfoA

user32

wsprintfA

shell32

ShellExecuteA

msvcrt

__p__commode
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__dllonexit
__p__fmode
__set_app_type
_except_handler3
_controlfp

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1002B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fyf
Size: 252KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fyf��
Size: 684KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fyf
Size: 796KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
河源下载站-cngr.cn.url
.url
淘宝热卖.url
.url
？！必读说明.txt

Sharing

General

Malware Config

Signatures

Files

138e4a7206e25dc2e617507c025a11b6

Headers

File Characteristics

Imports

kernel32

user32

shell32

msvcrt

Sections

.text Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 1002B

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 1KB

.fyf Size: 252KB - Virtual size:

.fyf�� Size: 684KB - Virtual size:

.fyf Size: 796KB - Virtual size:

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 1002B

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1KB

.fyf
Size: 252KB - Virtual size:

.fyf��
Size: 684KB - Virtual size:

.fyf
Size: 796KB - Virtual size: