modiloader | JaffaCakes118_00512769a91021a9661bc83d6c246057 | Triage

Sharing

General

Target

JaffaCakes118_00512769a91021a9661bc83d6c246057
Size

812KB
MD5

00512769a91021a9661bc83d6c246057
SHA1

4449e726a0c0835667b3396aec6bacb5c2d2fc78
SHA256

36f923ef3c4c35c130ef407f24ba2c8fe522a721d038bedf4c1bfaf365c57931
SHA512

06c0a37188f4d791c611b44291961043256756ca05de2e513420e706a066bd4fdea2ea132a500255e9e323d7186985155293a0f1548461ff1678e40f2aa663a5
SSDEEP

12288:4YknjLpbBNoLE126lU1tMGjYIFW4+zyZGumGgTtrDJrPsfL4oTO27uqULG1R:4Ykjlbr+8lUCpeZM3BDhPC5u/G

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_00512769a91021a9661bc83d6c246057

Files

JaffaCakes118_00512769a91021a9661bc83d6c246057
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ