modiloader | JaffaCakes118_52eb0e74d7dbd4a22904b59bfce08710 | Triage

Sharing

General

Target

JaffaCakes118_52eb0e74d7dbd4a22904b59bfce08710
Size

242KB
MD5

52eb0e74d7dbd4a22904b59bfce08710
SHA1

10dcc6b70e92eb178ce57c0d93e1e307b195d1d2
SHA256

4d48dcdeea40d778e381641b6a40ad47d8194e8cb7b9d1d33a1c180890d44e9f
SHA512

ec37212ea19295f33a0440b20c7c6fe5f14b62780316b7838df853f63cc9f4ba024ed53201f2317d2c41a01864c5a8d1408cb92fa2138c8cfc587ff4023fdaed
SSDEEP

3072:D9K0aay8vVIsskvgW8vkwWD76bhfNpiUp4xoOTWm0QVY4RPA0QNmBryOg/afEnuy:hKwzskXSxwKm5PpA5NAeacR4

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_52eb0e74d7dbd4a22904b59bfce08710

Files

JaffaCakes118_52eb0e74d7dbd4a22904b59bfce08710
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

COMResModuleInstance
duibi_cpu_dll

Sections

CODE
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 106B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ