modiloader | e9162e886791805f72884a2bae9a100bd337d893a363973926544862ef67f1e0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e9162e886791805f72884a2bae9a100bd337d893a363973926544862ef67f1e0
Size

1.0MB
MD5

1c3d15ba1d152f568dd49d0b9fc34588
SHA1

f3a171fe18544328ef98efbcd367f2044330ec86
SHA256

e9162e886791805f72884a2bae9a100bd337d893a363973926544862ef67f1e0
SHA512

50f2e53fb5a233ec5af5364279ba7965abbcca7f78f98b1e17c6c60a60d5fd281cc0775f26fa821e327b10232b9c8152ffff9c7001cbc5e875d14630bedba9c5
SSDEEP

24576:W85BzEyAlqTf2yn62JvC7RR1EmXXTQB3QRWcFGp:Wy6gm7RfTk3QRWcU

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

e9162e886791805f72884a2bae9a100bd337d893a363973926544862ef67f1e0
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.nsp0
Size: 772KB - Virtual size: 772KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata2
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE