modiloader | 4f303ea19681a6df1d3ffc3369197e4ac4878ab3a2dbec42bca84e7e4d5e0e98 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4f303ea19681a6df1d3ffc3369197e4ac4878ab3a2dbec42bca84e7e4d5e0e98
Size

296KB
MD5

490f0c2ff6c38efdfb6f24f79ec9a220
SHA1

48755a7e62d153ce52cbf6e09a2d73a5fc0f33fb
SHA256

4f303ea19681a6df1d3ffc3369197e4ac4878ab3a2dbec42bca84e7e4d5e0e98
SHA512

a7a0365b8b33d9d5a3df380d71545514276f673e6afa1b3a8d6aad9e926518369614f65e37ae52cb7993042e9fa40913f89b83e18ea739b47c032dda394bf511
SSDEEP

6144:RA3ubQbRCaEKVTwvUkuHujtCuk8AoaFwdEJz/8j+2KucpdE1e:RARCaEKVsvfU9F/g+Zude

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

4f303ea19681a6df1d3ffc3369197e4ac4878ab3a2dbec42bca84e7e4d5e0e98
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ServiceMain

Sections

CODE
Size: 258KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 70B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ