modiloader | 0b7927369382e066477942b846cf63f548061207ccb513e60f515f191cd3ec90 | Triage

Sharing

General

Target

0b7927369382e066477942b846cf63f548061207ccb513e60f515f191cd3ec90
Size

166KB
MD5

6c925d7f69ba47e3e8ccb2474cf74cc0
SHA1

24108206b07bdd746de942832535cb6de7daab29
SHA256

0b7927369382e066477942b846cf63f548061207ccb513e60f515f191cd3ec90
SHA512

bf0ce52e920286a62d34aeb2f4b4d101d1d7ff565a79e79ffcc7e9d53a8446ef0b770dfd8ecad28f36d93f8f793c0066fa85a764ee38c201c29ff64912939dbc
SSDEEP

3072:mxkJK5AHrgLdB6Ysm6naFnhToIj6VPr6gYU58MjpAoBQDWDbnXgsXs227qJB4C6Y:ik8OHrgpysnZjEPgBMjpAornwnOJB4ZY

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

Processes:

resource yara_rule

sample modiloader_stage2
Modiloader family
modiloader

Files

0b7927369382e066477942b846cf63f548061207ccb513e60f515f191cd3ec90
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ