modiloader | c6d23f67f078b638d8075d16a9e3a106fd94cfa7808d12b4352295b1af442e3b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c6d23f67f078b638d8075d16a9e3a106fd94cfa7808d12b4352295b1af442e3b
Size

362KB
MD5

f2749671ddec8c63c82068ca4eb3ed83
SHA1

71098d28737e038ce1ba9f3e0912bee362af3cf2
SHA256

c6d23f67f078b638d8075d16a9e3a106fd94cfa7808d12b4352295b1af442e3b
SHA512

744731a754557c82dcdb62d0856ecd5a946503c0d3017daf4684bacf417307f07430a36fd78507c9d8fbf87d2ad41be3601c00e2a91264f452ae660cf25ff019
SSDEEP

6144:CG377xS2Vp2CeiorXhwTBQn0531pcCJJvH:Rr7xS2Vp6FwTFbJJvH

Score

10^/10

upx modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

c6d23f67f078b638d8075d16a9e3a106fd94cfa7808d12b4352295b1af442e3b
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE