modiloader | JaffaCakes118_39a486b4b13941b8d56f155f8da73192 | Triage

Sharing

General

Target

JaffaCakes118_39a486b4b13941b8d56f155f8da73192
Size

202KB
MD5

39a486b4b13941b8d56f155f8da73192
SHA1

78f1975ea7e16650e2cab6ce9d5293cc8d33297f
SHA256

22baf100f11b5ab56a54f6585aaa20961116ecc41bcc64def4099f7e3db126f1
SHA512

5aac73aa77323247473deec9439d1f09e0196d349e450d4c531288ea2de94744907029b2338b5d90ff38a3b29515da05ea6e04d33cbc38013455382a2d0c8857
SSDEEP

6144:BWeYkq6ZlLpK3w3Y0hz2asiFPsl4aREb1rpVKc1KTex4p:vYknjLpTXhaaJslSnVt8Tex4p

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_39a486b4b13941b8d56f155f8da73192

Files

JaffaCakes118_39a486b4b13941b8d56f155f8da73192
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ