modiloader | JaffaCakes118_0b3df9add8d167a1916b79f434e148df | Triage

Sharing

General

Target

JaffaCakes118_0b3df9add8d167a1916b79f434e148df
Size

679KB
MD5

0b3df9add8d167a1916b79f434e148df
SHA1

ce8fc58b195f40215c5592a94a9238d8e55a6acf
SHA256

dbfc2b7e412b207ad508ef0e144f6ccb0982dc3fc6a1a43dc604fe502bd35022
SHA512

63b71a83e321c7105e7ceef18ea5cfa793c1d6f43ea6aa2ceb69d2f09fa3d5984c7982fe9dbb714031a82ca869bf4e532cdf2039117f0777be657df1146f9d27
SSDEEP

12288:FTbNUdZURigKJwg4/Ft46nuQO0lPFJgyS/FJyiTS5:tbmURi5Sg4D4jQ3PFJ4LyiTS5

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_0b3df9add8d167a1916b79f434e148df

Files

JaffaCakes118_0b3df9add8d167a1916b79f434e148df
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 608KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 9KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ