modiloader | be42d97061fa29167f3de98ed09b6f1659ca25a77a2ab4a606ce5d71c6c75293 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be42d97061fa29167f3de98ed09b6f1659ca25a77a2ab4a606ce5d71c6c75293
Size

672KB
MD5

43d9688735318a6491ad453b6898f1a0
SHA1

4ce0b4d13843121e0c360a4a1aa09a35ea118e44
SHA256

be42d97061fa29167f3de98ed09b6f1659ca25a77a2ab4a606ce5d71c6c75293
SHA512

bf9e152c1d6c13eab3427f513f5f700ae6336a21d3b27ddc795731e603a7e3d974e0956183dba5d9a648961ee4f3d37f8afdb40ff76e855418e5b264cd826c1f
SSDEEP

12288:GtSZATQHST7gu5hjvkFkUvSNOuivB9yEZFZbbLyTF8:+UPyT7hF2k+8AmEZz7yTq

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

be42d97061fa29167f3de98ed09b6f1659ca25a77a2ab4a606ce5d71c6c75293
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 605KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE