modiloader | f2a5985b57a7f349270f65bc5cfc3b5c4d901121533e1ce3f474e04840c24561

Sharing

Copy URL

Twitter E-mail

General

Target

f2a5985b57a7f349270f65bc5cfc3b5c4d901121533e1ce3f474e04840c24561
Size

272KB
MD5

6bce49036d5d14c9bee2c446fd975794
SHA1

029c46f328fbff9333b02b3f7452d04cd8a119a5
SHA256

f2a5985b57a7f349270f65bc5cfc3b5c4d901121533e1ce3f474e04840c24561
SHA512

72ae81f76819ee21b2f7c633753b3fd038789e784ccb9c4ca20f92adc7bd41c4cf56fc134e2593a7c7622b23d05ecddef31268b93c0b27109ec28812ccf8ca18
SSDEEP

6144:oKpogbYw4dw8j/pbQ/1pFMZ/nmUQtb9rKcXGTFO7HvPh32:oKpogbx4dNQ/nUvRYKcXbZ2

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader First Stage 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/Urgent Inquiry___289812.exe	modiloader_stage1

Modiloader family
modiloader

Files

f2a5985b57a7f349270f65bc5cfc3b5c4d901121533e1ce3f474e04840c24561
.zip
Urgent Inquiry___289812.exe
.exe windows x86

Code Sign

33:00:00:00:cc:cb:b8:13:eb:5d:72:2d:45:00:00:00:00:00:cc
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:148C-C4B9-2066,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-08-2016 20:17

Not After

02-11-2017 20:17

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:8e:87:91:a4:57:1a:5f:ca:3e:00:00:00:00:00:8e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17-11-2016 22:09

Not After

17-02-2018 22:09

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:ca:43:16:df:c7:aa:4d:80:63:fc:08:9e:4b:21:fb:4e:0f:a0:4f:25:b8:69:70:90:29:f3:bf:60:55:54:b0
Signer

Actual PE Digest

af:ca:43:16:df:c7:aa:4d:80:63:fc:08:9e:4b:21:fb:4e:0f:a0:4f:25:b8:69:70:90:29:f3:bf:60:55:54:b0

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

18-05-2022 18:07
Valid: false

61:1d:d0:40:5c:77:a1:f0:bd:7f:d3:e3:42:b3:a5:63:f2:f1:d8:e9
Signer

Actual PE Digest

61:1d:d0:40:5c:77:a1:f0:bd:7f:d3:e3:42:b3:a5:63:f2:f1:d8:e9

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

30-04-2017 23:25
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 415KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

33:00:00:00:cc:cb:b8:13:eb:5d:72:2d:45:00:00:00:00:00:ccCertificate

Extended Key Usages

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:8e:87:91:a4:57:1a:5f:ca:3e:00:00:00:00:00:8eCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

af:ca:43:16:df:c7:aa:4d:80:63:fc:08:9e:4b:21:fb:4e:0f:a0:4f:25:b8:69:70:90:29:f3:bf:60:55:54:b0Signer

Signature Validations

Verification

18-05-2022 18:07 Valid: false

61:1d:d0:40:5c:77:a1:f0:bd:7f:d3:e3:42:b3:a5:63:f2:f1:d8:e9Signer

Signature Validations

Verification

30-04-2017 23:25 Valid: false

Headers

File Characteristics

Sections

CODE Size: 415KB - Virtual size: 414KB

DATA Size: 5KB - Virtual size: 4KB

BSS Size: - Virtual size: 2KB

.idata Size: 9KB - Virtual size: 9KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 29KB - Virtual size: 28KB

.rsrc Size: 90KB - Virtual size: 89KB

33:00:00:00:cc:cb:b8:13:eb:5d:72:2d:45:00:00:00:00:00:cc
Certificate

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:8e:87:91:a4:57:1a:5f:ca:3e:00:00:00:00:00:8e
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

af:ca:43:16:df:c7:aa:4d:80:63:fc:08:9e:4b:21:fb:4e:0f:a0:4f:25:b8:69:70:90:29:f3:bf:60:55:54:b0
Signer

18-05-2022 18:07
Valid: false

61:1d:d0:40:5c:77:a1:f0:bd:7f:d3:e3:42:b3:a5:63:f2:f1:d8:e9
Signer

30-04-2017 23:25
Valid: false

CODE
Size: 415KB - Virtual size: 414KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 29KB - Virtual size: 28KB

.rsrc
Size: 90KB - Virtual size: 89KB