modiloader | Trojan-Ransom[.]Win32[.]Blocker[.]hrft-3615f32cbdbaf020248a4cce6f67327dc796a9040a2e3ae8120c2efe96df7505

General

Target

Trojan-Ransom.Win32.Blocker.hrft-3615f32cbdbaf020248a4cce6f67327dc796a9040a2e3ae8120c2efe96df7505
Size

259KB
MD5

7015429409c2fb70084ebe0d35b8d9ef
SHA1

7c8702e3c0e2a1d8f1639f355568fb220c32f2d2
SHA256

3615f32cbdbaf020248a4cce6f67327dc796a9040a2e3ae8120c2efe96df7505
SHA512

9d31014d09c9c705b3fe3497aaa351a0f9abbc1ab5f0263f783cbdc185546c2534026e4dac0071f2e07f2e2c5a090f6bbd250f5522a3bc6435d6019d32188022
SSDEEP

6144:MqgnMs7Lj/tMRJzyVBh2szneP5WzDIUkyHH7E0aj:FOMsHjO3yJ2szeP54cKtaj

Score

10^/10

ModiLoader Second Stage 1 IoCs

resource	yara_rule
static1/unpack001/Patch/Patch.exe	modiloader_stage2

Trojan-Ransom.Win32.Blocker.hrft-3615f32cbdbaf020248a4cce6f67327dc796a9040a2e3ae8120c2efe96df7505
.rar
Patch/Patch.exe
.exe windows x86

009023b6b22e202aa54365d2270f6f95

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
FreeResource
CloseHandle
WriteFile
CreateFileA
MoveFileExA
GetTempFileNameA
GetTempPathA
LockResource
LoadResource
SizeofResource
FindResourceA
GetModuleHandleA
GetStartupInfoA

shell32

ShellExecuteA

msvcrt

sprintf
_exit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter

Sections

.text
Size: 4KB - Virtual size: 796B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 822B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Patch/Read Me Before Use Patch or Keygen.txt