modiloader | 491174c74510a363956a7f0436db342a9146f1ca271a0630a927e23b7c2231ba | Triage

Sharing

General

Target

491174c74510a363956a7f0436db342a9146f1ca271a0630a927e23b7c2231ba
Size

97KB
MD5

7aedd380699d7c61e9d69b58f17701ed
SHA1

8efd9266dd3584ba6334b5e785ee3c6934c8e714
SHA256

491174c74510a363956a7f0436db342a9146f1ca271a0630a927e23b7c2231ba
SHA512

bcd93de6c7af16d8aa4d823b54714b957b8a2291377c69ffc74dc657c7eb5d70672f3c9898446472aefe8ca0224e14d770993c232d46ce7daa80c434d1b709cd
SSDEEP

1536:6QZMUY6lTQV1qkE/MD5yMhzT526t4DrHe6TlBIywg445ErantrPhFmE64DnX:6d6JUndxzTQcsHegBIZgXoatzhFxDX

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

491174c74510a363956a7f0436db342a9146f1ca271a0630a927e23b7c2231ba
.exe windows x86

a3661eaff458df127d96040332abf5be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord516
ord522
ord631
ord632
ord526
EVENT_SINK_AddRef
ord561
DllFunctionCall
ord563
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord608
ord717
ProcCallEngine
ord537
ord644
ord645
ord681
ord100
ord617

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ