DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn
Behavioral task
behavioral1
Sample
a3e7adbdd0ebc66379bdc96da0a5794955ef746d4e6db08f591a742fbef06f0c.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a3e7adbdd0ebc66379bdc96da0a5794955ef746d4e6db08f591a742fbef06f0c.dll
Resource
win10v2004-20221111-en
Target
a3e7adbdd0ebc66379bdc96da0a5794955ef746d4e6db08f591a742fbef06f0c
Size
148KB
MD5
5acfe633185054869b3c32ba7deb8170
SHA1
2d0544308c0a776dcbf3cb97219432b0d3752f42
SHA256
a3e7adbdd0ebc66379bdc96da0a5794955ef746d4e6db08f591a742fbef06f0c
SHA512
765d34832332d29a996e95ee51c5b62842e51dbce98b78239c614723a6d498431b571b44369a2f129652d957b3a82bf036f906db718e5a67218043ee50ca7eb4
SSDEEP
1536:8l4qmQbmmelfzPPuiHCj/uwd3DiB3AgpXsATaEOO2p:tKDUz+Qwd32B3xpXbOBp
Processes:
resource | yara_rule |
---|---|
sample | modiloader_stage2 |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE