modiloader | 9280faa2824056a6296572f83f6d99d541842163819d1e3d64206efc44a6a3c7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9280faa2824056a6296572f83f6d99d541842163819d1e3d64206efc44a6a3c7
Size

23KB
MD5

82a118ec68f5dca6beb5dff4d7b619b7
SHA1

2e58a84e78d637bc6f71c109ad02def69abb394a
SHA256

9280faa2824056a6296572f83f6d99d541842163819d1e3d64206efc44a6a3c7
SHA512

7598dd49196104ab8f14422aed563b2aa3375be3b2d87c39e6e804563acb8281674e4363f13e40232141dab4bd234316c222e62f9b10878ebe41d73568f794e3
SSDEEP

384:lNxz0C70tqd+1lzQm7d4XImcyOJ6RPCxD6R4LLJSTdZw5+WDlAzTJjq:+C7IqdStQUw5CV60WT

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

9280faa2824056a6296572f83f6d99d541842163819d1e3d64206efc44a6a3c7
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetMsgHookOff
GetMsgHookOn
ThreadPro

Sections

CODE
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ