modiloader | JaffaCakes118_6ae970ca90d908b5dbed04e6f0b5cc60570337aa148a34af3deb803f7582e349 | Triage

Sharing

General

Target

JaffaCakes118_6ae970ca90d908b5dbed04e6f0b5cc60570337aa148a34af3deb803f7582e349
Size

160KB
MD5

fabea5b4447f422e7979af6075f0a51d
SHA1

78c6ab3f41011c8ffa30a635846680c50532168f
SHA256

6ae970ca90d908b5dbed04e6f0b5cc60570337aa148a34af3deb803f7582e349
SHA512

46e83fc7bf3ba356f4c06b9b02191050c7ca71ab2e17355fdf46fc9b8d4e9691af1290e4465da23eabb41b4c3d364c584a604076d5e84e3ecaf857104ab5f862
SSDEEP

3072:xQONWF4Dlmfq3bqAnqDOeQLaaOSSrEk8r1ESVFyE:qOw4DAPAnuQydSVD

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader First Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage1

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_6ae970ca90d908b5dbed04e6f0b5cc60570337aa148a34af3deb803f7582e349

Files

JaffaCakes118_6ae970ca90d908b5dbed04e6f0b5cc60570337aa148a34af3deb803f7582e349
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ