modiloader | f3be1ddce74a3901b6b53c1966920a11_JaffaCakes118 | Triage

Sharing

General

Target

f3be1ddce74a3901b6b53c1966920a11_JaffaCakes118
Size

703KB
MD5

f3be1ddce74a3901b6b53c1966920a11
SHA1

51f0b4768ac36ce9b13673113115e3980f702ad3
SHA256

36eadbf744dce8e262ee15292a0d1d588cd7fd8da7a7060e9a32d236e5586697
SHA512

473d728e7210a3d71f296735fd88fa94f471201e16993f7ff2bc5bac6e6276a7b69426e67e1a57250e1bff9c57a4536f06df5217308a879e68e7897926005e90
SSDEEP

12288:TD6xl/sN2wyUP1cAU7oHBqWA9U1eKsQ7W5QBe1dM6i9VBX9wORpzGIPUAB:TMRWyUP1cAU7MNwUQhQ7W5QBeY64VBXj

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f3be1ddce74a3901b6b53c1966920a11_JaffaCakes118

Files

f3be1ddce74a3901b6b53c1966920a11_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 580KB - Virtual size: 579KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ