modiloader | Trojan-Ransom[.]Win32[.]Blocker[.]jzec-1db981fd2138a91e8dccd10967c8a62de72e6c53bdcba152b0cf6f96075169d9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Trojan-Ransom.Win32.Blocker.jzec-1db981fd2138a91e8dccd10967c8a62de72e6c53bdcba152b0cf6f96075169d9
Size

397KB
MD5

6aebc6be41d0c0677b0024417502d265
SHA1

9c3605b60aa0ec7f8191bee9494e1d3e1cd66606
SHA256

1db981fd2138a91e8dccd10967c8a62de72e6c53bdcba152b0cf6f96075169d9
SHA512

658e88ddf375e81b0633d100827f9f8e396396e63170c79ecbd3a0ceeb12b007a42ecbf6ea717a5541d02b13bc497c6f46b69971ae467b5b592f6eb61f34681f
SSDEEP

6144:MLy84u9nSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXzp7:Y+u9nx2GjMY3XKfd/H/9PV7

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

Trojan-Ransom.Win32.Blocker.jzec-1db981fd2138a91e8dccd10967c8a62de72e6c53bdcba152b0cf6f96075169d9
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ