modiloader | 6ecc2999e23886a005c4125ac399e86b8f02530edca0b61c38460707e6d63041 | Triage

Sharing

General

Target

6ecc2999e23886a005c4125ac399e86b8f02530edca0b61c38460707e6d63041
Size

853KB
MD5

04f8b0341439e5bd4d3d62c115859c10
SHA1

7924426ec3e28c4d2bf695318206420c22c1f688
SHA256

6ecc2999e23886a005c4125ac399e86b8f02530edca0b61c38460707e6d63041
SHA512

a3051e063cbd4cf3eeafead98a162db32f0cfb1504cf18d219b137c9d0755539a0ac61a96ae1a9981a9704a91e044e6fd38b182dab59f563048d4cf08c5d1c9a
SSDEEP

24576:/6wSK2nPpKQGXN4SmqkqEV/s8NTSLcYC4Bc9y:Cp32OBqcFs+TYcn4uy

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

6ecc2999e23886a005c4125ac399e86b8f02530edca0b61c38460707e6d63041
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 608KB - Virtual size: 608KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yvs
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE