modiloader | 1ab41e8d94eb58232d56306bf7999518c306a10338d46397c4735fbb7e8a070c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1ab41e8d94eb58232d56306bf7999518c306a10338d46397c4735fbb7e8a070c
Size

144KB
MD5

736e0623c7e824a18748f63f3fe28bb9
SHA1

458894d9093ffd68c6417dde61025b7d617dfd2c
SHA256

1ab41e8d94eb58232d56306bf7999518c306a10338d46397c4735fbb7e8a070c
SHA512

fe2594973af6481e165f95a6a799469d7d88610eee0d1cca3bc7590829143c2bddd5eae22d8325dbf8cde25d98ad586abd7ce8095d4744ed2688d7b43c245c2c
SSDEEP

1536:I0q4Q6mueDbPEPiHCj/PKrOP8B2h2ZOO49TBWYQs:n3zLZKr68B2kOOmQJs

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

1ab41e8d94eb58232d56306bf7999518c306a10338d46397c4735fbb7e8a070c
.dll regsvr32 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn

Sections

.Upack
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE