modiloader | 4befb3236952f13997129d388e1b9e7ca4d6be3dc094e58e07982739edda383b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4befb3236952f13997129d388e1b9e7ca4d6be3dc094e58e07982739edda383b
Size

172KB
MD5

42500c727bef30a79842e07af1155ea1
SHA1

9037f2a1f192076fc8dab5ed2e6d31b9103ed405
SHA256

4befb3236952f13997129d388e1b9e7ca4d6be3dc094e58e07982739edda383b
SHA512

9ea92d7f5308cb94935c0262920b25a8882496d5df3a7292daadccf390e311b8bc5cccef65bfa4ad1c2a70dea0d5209d2ce151839525bfc2a871f4db016df768
SSDEEP

3072:RtDulZKkslzZjDDeqCe5ToU21kkH2ip0KuPk2afiMpltkrkbtNLWGtr:R6Kks1rIU2ykH2ipsPnafFlerkb3Lrtr

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

4befb3236952f13997129d388e1b9e7ca4d6be3dc094e58e07982739edda383b
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ