modiloader | 38c6b1d116a31e5d488c27358047113bb8871d50c4325b62ce5a20163ea66d4e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

38c6b1d116a31e5d488c27358047113bb8871d50c4325b62ce5a20163ea66d4e
Size

327KB
MD5

5ce5e730a26309cde9d4511b6a635aa4
SHA1

8cff97e3da4bcaa86f6f14b78a24c8ba3c19d687
SHA256

38c6b1d116a31e5d488c27358047113bb8871d50c4325b62ce5a20163ea66d4e
SHA512

fddafdaeafb39b7a95e611a8bfdea6a8fe180695694c2caf5fdf8c2222f73f58665fc9246ac9b197436b4f7051756437e153cfb7bcc633aafb0f5f026c0e8051
SSDEEP

6144:u869DzkSn55qWjyuMRbUqp3xM9UJe53axaUvObwsuMZCjc8X9kD9ig8GNc:z69DzkOdypVU2O9qe53iaOvsugkrt0i/

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

38c6b1d116a31e5d488c27358047113bb8871d50c4325b62ce5a20163ea66d4e
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ