modiloader | 1dc7d54e18162bddda88fbb227ca61cb01235818126832058652db9c9464d157

General

Target

1dc7d54e18162bddda88fbb227ca61cb01235818126832058652db9c9464d157
Size

56KB
MD5

0abfb53efd9833b15391962752691d80
SHA1

1e8c4e3ac059ad84a8e6f1425db9b9f670b992c8
SHA256

1dc7d54e18162bddda88fbb227ca61cb01235818126832058652db9c9464d157
SHA512

9ae89e63313520c6eaa3c59896409a19f92f0d674d033240b5b9d64eb3e5c09a2add0068a1138300c76b85388ca002b24328b19ffe55b5eca8c6cee86215620c
SSDEEP

768:VSWEolYEnrSP0Yoi4qZOLQNwdXcBq5OpBlaKr91EPFjXx3G/39QuV5:g6Y2Yv4qZyQNwdcUOpBlaO1ojXRnuV5

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

1dc7d54e18162bddda88fbb227ca61cb01235818126832058652db9c9464d157
.exe windows x86

6184b38e2bd8812690802396fe692902

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord823

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
exit
strncmp
fopen
fwrite
fclose
_except_handler3
_strcmpi
_stricmp

kernel32

LockResource
TerminateProcess
GetStartupInfoA
DeleteFileA
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
WinExec
_lclose
_lwrite
_lcreat
GetSystemDirectoryA
GetModuleFileNameA
GetCurrentProcess
LoadResource
SizeofResource
FindResourceA
lstrlenA
GetLastError
CopyFileA
GetCurrentDirectoryA
Sleep
CloseHandle
GetCurrentProcessId

advapi32

RegisterServiceCtrlHandlerA
CloseServiceHandle
RegOpenKeyExA
StartServiceCtrlDispatcherA
ControlService
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
RegCloseKey
SetServiceStatus
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
RegOpenKeyA
RegSetValueExA

shell32

ShellExecuteA

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6184b38e2bd8812690802396fe692902

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

advapi32

shell32

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 492B

.rsrc Size: 34KB - Virtual size: 34KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 492B

.rsrc
Size: 34KB - Virtual size: 34KB