modiloader | c859fff434c705551a156575dff4fc09a3e20da6fcc56ddb450d82a5782946b0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c859fff434c705551a156575dff4fc09a3e20da6fcc56ddb450d82a5782946b0
Size

134KB
MD5

c722b4b5dcdd8fe56e4f78c278d0bce0
SHA1

3682e8c182ba3c4ac4f3a2478a6f968bfebf9451
SHA256

c859fff434c705551a156575dff4fc09a3e20da6fcc56ddb450d82a5782946b0
SHA512

2c3179fed3a14779b6f5e0e169d391f6b2c980918f741620531d372e9305c8cc10dba0b72ba95cb6db64085718e0267a50860b9c4bca0802dd56add31d2ba932
SSDEEP

3072:LI5znnHrDj8/zzYkA8mN7cAQ69LYbGFSbxXK:cNnnz+zkNcALLYuS16

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

c859fff434c705551a156575dff4fc09a3e20da6fcc56ddb450d82a5782946b0
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ