modiloader | Trojan-Ransom[.]Win32[.]Blocker[.]hrft-003e7b1778325084212c470e2be9a9bded72798db1271697ab52ddf735e409e1

General

Target

Trojan-Ransom.Win32.Blocker.hrft-003e7b1778325084212c470e2be9a9bded72798db1271697ab52ddf735e409e1
Size

3.1MB
MD5

84736d559b76837cb6c2ca99221dee2c
SHA1

6eeaf9614a0d0341a9ccd318cda7439b8346d066
SHA256

003e7b1778325084212c470e2be9a9bded72798db1271697ab52ddf735e409e1
SHA512

6a97b08e85a5266741792331aa7b34f5c443be45a7290b0512427634897d8e0d766484426e3b38d4d970eee2ebf2368bffde0341b729380581ed4c668d4fcae5
SSDEEP

49152:RD3q2+F+miyUBjpBb3rI3zn4U6fGcbjbuqqT3ENDGNLRnuc4mZZZ+:I2+EmiyUBjpx3u4NpHuLRbZZM

Score

10^/10

ModiLoader Second Stage 1 IoCs

resource	yara_rule
static1/unpack001/Patch/Patch.exe	modiloader_stage2

Trojan-Ransom.Win32.Blocker.hrft-003e7b1778325084212c470e2be9a9bded72798db1271697ab52ddf735e409e1
.rar
Patch/Patch.exe
.exe windows x86

009023b6b22e202aa54365d2270f6f95

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
FreeResource
CloseHandle
WriteFile
CreateFileA
MoveFileExA
GetTempFileNameA
GetTempPathA
LockResource
LoadResource
SizeofResource
FindResourceA
GetModuleHandleA
GetStartupInfoA

shell32

ShellExecuteA

msvcrt

sprintf
_exit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter

Sections

.text
Size: 4KB - Virtual size: 796B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 822B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Patch/Read Me Before Use Patch or Keygen.txt