modiloader | Trojan-Ransom[.]Win32[.]Blocker[.]hrft-25623df3a1f12c5473309f0d399e2797af202446b3c2a7a7a8d81277d5f4e8c1

General

Target

Trojan-Ransom.Win32.Blocker.hrft-25623df3a1f12c5473309f0d399e2797af202446b3c2a7a7a8d81277d5f4e8c1
Size

4.0MB
MD5

7bab0ece328715ee02ae9ebbeb5e7524
SHA1

cd77528b0dfa68bca5ce22fe77226208a17527a7
SHA256

25623df3a1f12c5473309f0d399e2797af202446b3c2a7a7a8d81277d5f4e8c1
SHA512

1bad05833cbcbdb3f68e53c4ba52836211f881de83912a68f0ada69ee9395467441ced77a7fa7778306ce1c53b928023f74a83faf4f0f5bb817cc1f06f8254d3
SSDEEP

98304:xfcogz6ayprbzz+DwJG6y1yLBdP0el/509t3j:xfchOaarbH+sQUPNY

Score

10^/10

ModiLoader Second Stage 1 IoCs

resource	yara_rule
static1/unpack001/MaxUninstallerSetup.exe	modiloader_stage2

Trojan-Ransom.Win32.Blocker.hrft-25623df3a1f12c5473309f0d399e2797af202446b3c2a7a7a8d81277d5f4e8c1
.rar
MaxUninstallerSetup.exe
.exe windows x86

009023b6b22e202aa54365d2270f6f95

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
FreeResource
CloseHandle
WriteFile
CreateFileA
MoveFileExA
GetTempFileNameA
GetTempPathA
LockResource
LoadResource
SizeofResource
FindResourceA
GetModuleHandleA
GetStartupInfoA

shell32

ShellExecuteA

msvcrt

sprintf
_exit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter

Sections

.text
Size: 4KB - Virtual size: 796B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 822B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
serial.txt