modiloader | 6398d91815d64fb372c0125f7b53ac74788ae7c80ac704e1b6ab2e327042eac3 | Triage

Sharing

General

Target

6398d91815d64fb372c0125f7b53ac74788ae7c80ac704e1b6ab2e327042eac3
Size

525KB
MD5

1eb2572c36afe1832732413fcec49bbe
SHA1

cd9b8f19cc582920b6163bb2a58ed13a37e73b56
SHA256

6398d91815d64fb372c0125f7b53ac74788ae7c80ac704e1b6ab2e327042eac3
SHA512

72e4aa9a33982677662126f466093e190d4c6fd93793f406427669f245a532a8ae756ddc0a9f9931481a820dd206439fb3d6da8193d483eb5412b6c96de66de5
SSDEEP

6144:C9J623cdUmR7W6XKDla2nf9PzuDorEDGgrpO2gd2k4xsMiGAv5NIseImC:CJZMPQlakoBrEmBxed5NIse

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

Processes:

resource yara_rule

sample modiloader_stage2
Modiloader family
modiloader

Files

6398d91815d64fb372c0125f7b53ac74788ae7c80ac704e1b6ab2e327042eac3
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 516KB - Virtual size: 515KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ