modiloader | 7840dba83fdeac6759a0228937928fc87dd44695faad61867b63426a04a64f2f

Sharing

Copy URL Twitter E-mail

General

Target

7840dba83fdeac6759a0228937928fc87dd44695faad61867b63426a04a64f2f
Size

241KB
MD5

5c00cdad244449e606a182aff20c06e0
SHA1

f16084c8130c839c08bccb46a7b382f4d35dc8ba
SHA256

7840dba83fdeac6759a0228937928fc87dd44695faad61867b63426a04a64f2f
SHA512

0df1a66381dbe2382aa6dce3e5c07cc940b8003b661c4d36eb40d7852c794fa339bcc0f4802d6bf36fddab2caedf72c86699601eb6fd10a0ed1c98575ca1b867
SSDEEP

3072:NA9bRasa9ug37QmaHdsVhGyNgWXeK4sS4IJKe7bLHt7au/ntX3g8wviC57vw8gGq:m1ITdBNJh0FPq8KVxNzm

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

7840dba83fdeac6759a0228937928fc87dd44695faad61867b63426a04a64f2f
.exe windows x86

bd9959c1b015f67a54b32b5fd7d42939

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

Sleep
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
CreateDirectoryA
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
WriteFile
WaitForSingleObject
VirtualQuery
VirtualAlloc
TerminateProcess
SizeofResource
SetThreadPriority
SetPriorityClass
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
OpenProcess
MoveFileA
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalAlloc
GetWindowsDirectoryA
GetVersionExA
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetSystemDirectoryA
GetStringTypeExA
GetStdHandle
GetProcAddress
GetPriorityClass
GetModuleHandleA
GetModuleFileNameA
GetLogicalDriveStringsA
GetLocaleInfoA
GetLocalTime
GetLastError
GetExitCodeThread
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameA
GetCPInfo
GetACP
FreeResource
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateSemaphoreA
CreateFileA
CreateEventA
CopyFileA
CompareStringA
CloseHandle

advapi32

RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegFlushKey
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
GetUserNameA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

mpr

WNetOpenEnumA
WNetEnumResourceA
WNetCloseEnum
WNetCancelConnection2A
WNetAddConnection3A

oleaut32

SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayRedim
SafeArrayCreate
VariantChangeTypeEx
VariantCopyInd
VariantCopy
VariantClear
VariantInit
SysFreeString
SysReAllocStringLen
SysAllocStringLen

shell32

ShellExecuteA

user32

mouse_event
keybd_event
VkKeyScanA
UnregisterClassA
TranslateMessage
SystemParametersInfoA
ShowWindow
SetWindowLongA
SetTimer
SetParent
SetKeyboardState
SetCursorPos
SendMessageA
RegisterClassExA
RegisterClassA
PostQuitMessage
PostMessageA
PeekMessageA
MsgWaitForMultipleObjects
MessageBoxA
MapVirtualKeyA
LoadStringA
IsWindowVisible
IsWindowEnabled
IsIconic
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowLongA
GetSystemMetrics
GetMessageA
GetKeyboardState
GetForegroundWindow
GetDesktopWindow
GetCursorPos
GetClassInfoA
GetCapture
GetAsyncKeyState
FindWindowExA
FindWindowA
EnumWindows
DispatchMessageA
DestroyWindow
DefWindowProcA
CreateWindowExA
CallWindowProcA
BringWindowToTop
CharNextA
CharUpperBuffA
GetKeyboardType
LoadStringA
MessageBoxA
CharNextA

wininet

InternetGetConnectedState
InternetSetOptionA
InternetReadFile
InternetQueryOptionA
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

winmm

mciSendStringA

wsock32

WSACleanup
WSAStartup
WSAGetLastError
WSACancelAsyncRequest
WSAAsyncGetServByName
WSAAsyncGetHostByName
WSAAsyncSelect
gethostname
getservbyname
gethostbyname
gethostbyaddr
socket
setsockopt
send
select
recv
ntohs
listen
ioctlsocket
inet_ntoa
inet_addr
htons
getsockopt
getpeername
connect
closesocket
bind
accept

Sections

��0
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bd9959c1b015f67a54b32b5fd7d42939

Headers

File Characteristics

Imports

kernel32

advapi32

mpr

oleaut32

shell32

user32

wininet

winmm

wsock32

Sections

���0 Size: 232KB - Virtual size: 232KB

.rsrc Size: 2KB - Virtual size: 4KB

.avp Size: 6KB - Virtual size: 8KB

��0
Size: 232KB - Virtual size: 232KB

.rsrc
Size: 2KB - Virtual size: 4KB

.avp
Size: 6KB - Virtual size: 8KB