modiloader | d52989838dc8e53061dba6d65e0e1b43cc2ebaa9a670f65e94e2d2c46feeafcd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d52989838dc8e53061dba6d65e0e1b43cc2ebaa9a670f65e94e2d2c46feeafcd
Size

1001KB
MD5

2edd8f87339a7fbbeaa22835dec62d78
SHA1

6f50ac3859741610dbface633afcce1cc9332d5b
SHA256

d52989838dc8e53061dba6d65e0e1b43cc2ebaa9a670f65e94e2d2c46feeafcd
SHA512

b115708fba4387c3ac4b009430df0734a9bc218fd53ddf0725ceccabb2101e09350b8321bb18fc4263263b912056b59161db1a1cb7722726806d02751db12402
SSDEEP

24576:jS2Vp6RwTzJvHVynXw6tzkAxgD+Sd4/aETl/VXp/w0B:lp6STzd1m8leJTl/VX9w0B

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

d52989838dc8e53061dba6d65e0e1b43cc2ebaa9a670f65e94e2d2c46feeafcd
.exe windows x86

cd74c16e19de02339ba1d593de4c426e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord666
ord594
ord526
DllFunctionCall
__vbaExceptHandler
ord711
ord713
ord606
ord716
ProcCallEngine
ord537
ord570
ord100
ord617
ord619

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ