modiloader | c4af1fa870bb1e1e11fe65f54ded9fd3258e32243c6006e7d0ca980bef90bd8e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c4af1fa870bb1e1e11fe65f54ded9fd3258e32243c6006e7d0ca980bef90bd8e
Size

2.2MB
MD5

aa492640e999f676f65a75cd76c72d88
SHA1

7ce374ad96c74d6ba131f8a97bf0857ddc30eb3d
SHA256

c4af1fa870bb1e1e11fe65f54ded9fd3258e32243c6006e7d0ca980bef90bd8e
SHA512

2d6705e6f651cb78b7f0925737349d444f7d9cfd090809a79b9cbea70a5551d626be6f8a30c785c19262ab99f4d960f1091ba964e5b63ab4f9bf637caba71cd3
SSDEEP

49152:KwzsZ4S3Ek7fdDS6GekA14ovazUlMWFiBjd/vSvCbE7:KwwZB3Ee6ekA1pSSM2CjdXuCb

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

c4af1fa870bb1e1e11fe65f54ded9fd3258e32243c6006e7d0ca980bef90bd8e
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ