modiloader | e58c9f4df9489046914307a021fc4a4069b00cba9e95092748b05ddf75fc1408 | Triage

Sharing

General

Target

e58c9f4df9489046914307a021fc4a4069b00cba9e95092748b05ddf75fc1408
Size

385KB
MD5

b72483f25e1f3f89bc98fbd15556ecc8
SHA1

a4c395dcb310ddaf7e1c6397dc91e56e8f66323f
SHA256

e58c9f4df9489046914307a021fc4a4069b00cba9e95092748b05ddf75fc1408
SHA512

03f8fee3d5d0454bbf207294e2d2f258958ae264279c30eeb76be70b02fd8187bfbfc281e126968267cdc05e578677ac293b0e868a0ba9568214e6ff3ee49373
SSDEEP

12288:uhTdh1RwKzRDdcRTmJFdhqXcDM63tfErYnnF:SDdcAqXd63tfEqF

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader First Stage 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/sartname.exe	modiloader_stage1

Modiloader family
modiloader

Files

e58c9f4df9489046914307a021fc4a4069b00cba9e95092748b05ddf75fc1408
.zip
sartname.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 524KB - Virtual size: 524KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 64B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 596KB - Virtual size: 595KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ