modiloader | Trojan-Ransom[.]Win32[.]Blocker[.]hrft-712180e8896654cfefcdfba11e1f2c6796220a12cbfc40eee7ded066246e02a0

General

Target

Trojan-Ransom.Win32.Blocker.hrft-712180e8896654cfefcdfba11e1f2c6796220a12cbfc40eee7ded066246e02a0
Size

45KB
MD5

d110c052caaf46052e7441cb7793170a
SHA1

cf401d1d5991e0ae47996b38f9189bff98eb839e
SHA256

712180e8896654cfefcdfba11e1f2c6796220a12cbfc40eee7ded066246e02a0
SHA512

3858d5a304251363cdb23984e277874a8832aa238cad62d4ea92d5869be7fad0fabf89ed7c2d5c34580b7153c4ee925a6cba258e53159e9e90abf8c5c907f73b
SSDEEP

768:RgmIagQkXgSHQfnng9fYc6FNRfF0gElXoLbIGSETAuAMSoBW6XBvM9Rbzxn5UARr:2zQkXgSHQfng1Y/Fbug8ubIGfTEM1ZML

Score

10^/10

ModiLoader Second Stage 1 IoCs

resource	yara_rule
static1/unpack001/Patch/Patch.exe	modiloader_stage2

Trojan-Ransom.Win32.Blocker.hrft-712180e8896654cfefcdfba11e1f2c6796220a12cbfc40eee7ded066246e02a0
.rar
Patch/Patch.exe
.exe windows x86

009023b6b22e202aa54365d2270f6f95

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
FreeResource
CloseHandle
WriteFile
CreateFileA
MoveFileExA
GetTempFileNameA
GetTempPathA
LockResource
LoadResource
SizeofResource
FindResourceA
GetModuleHandleA
GetStartupInfoA

shell32

ShellExecuteA

msvcrt

sprintf
_exit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter

Sections

.text
Size: 4KB - Virtual size: 796B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 822B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ