modiloader | ad42999cc09bc466c274da398a13047fc7d78d9c8f6a86f869fddbbb681a9116 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ad42999cc09bc466c274da398a13047fc7d78d9c8f6a86f869fddbbb681a9116
Size

686KB
MD5

32297574dc64f30a4c9197eddd24f3e1
SHA1

50fc4f1c234663c1570d9c37c504873b56ce2727
SHA256

ad42999cc09bc466c274da398a13047fc7d78d9c8f6a86f869fddbbb681a9116
SHA512

d722a9322cf08b2efde62530c293ba3a455f81e66a735596889041fb7608657f2986986d2f8d49681a44b9d574d555ca2c79e5af8022404cc9c00a1eeb4b2e23
SSDEEP

12288:0bAh7WxXBmKaC5wa1ASQiLWqFzgyikeNAtKwpj/86TJa:3VWxaC5wa1tqqdXE+86To

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

ad42999cc09bc466c274da398a13047fc7d78d9c8f6a86f869fddbbb681a9116
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 613KB - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 22KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ