modiloader | Trojan-Ransom[.]Win32[.]Blocker[.]hrft-6edea5e5f5d96882aa5146b15d64a81a7a98af6a616e12889944a4a7a796ef82

General

Target

Trojan-Ransom.Win32.Blocker.hrft-6edea5e5f5d96882aa5146b15d64a81a7a98af6a616e12889944a4a7a796ef82
Size

1.3MB
MD5

d2d230c0301fe16fb5d9278c6b561e56
SHA1

f48493361e4c6a973ac4c83b93910ebfe7b1d416
SHA256

6edea5e5f5d96882aa5146b15d64a81a7a98af6a616e12889944a4a7a796ef82
SHA512

0e3881127ab180dc5b3865db8bafc53fdd824d9e7429733da99d775c5338585787535b8d48eba4f6455f67c096916332bb0061b3f49543e35d57b383432efc8d
SSDEEP

24576:RsHC3q2+CNK+K0+4HWji0xUd3CLjxx8Dw0ch6B93d3qQFq37GkFjN:RD3q2+F+miyUBjpBb3rI3/

Score

10^/10

ModiLoader Second Stage 1 IoCs

resource	yara_rule
static1/unpack001/Patch/Patch.exe	modiloader_stage2

Trojan-Ransom.Win32.Blocker.hrft-6edea5e5f5d96882aa5146b15d64a81a7a98af6a616e12889944a4a7a796ef82
.rar
Patch/Patch.exe
.exe windows x86

009023b6b22e202aa54365d2270f6f95

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
FreeResource
CloseHandle
WriteFile
CreateFileA
MoveFileExA
GetTempFileNameA
GetTempPathA
LockResource
LoadResource
SizeofResource
FindResourceA
GetModuleHandleA
GetStartupInfoA

shell32

ShellExecuteA

msvcrt

sprintf
_exit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter

Sections

.text
Size: 4KB - Virtual size: 796B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 822B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Patch/Read Me Before Use Patch or Keygen.txt