modiloader | c542b6a1f63ae91ff68461a057f4a6ef366531f8562faa8252238d13e272d3d0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c542b6a1f63ae91ff68461a057f4a6ef366531f8562faa8252238d13e272d3d0
Size

556KB
MD5

8a6c80d38d9af3c9872d861c17c2e166
SHA1

1d363acb2b223b007435d2f5a6f1fd89b90209a1
SHA256

c542b6a1f63ae91ff68461a057f4a6ef366531f8562faa8252238d13e272d3d0
SHA512

d4e6e5dbffefcb28f976a0e2c186aef1bd8b69f905f14afea8c449bc33388188bf214d5f1c794ae65a2e16b7ed5ba162d0686db87f147a38af5f368a1f849bdf
SSDEEP

12288:SgWx01zMwqAkwMly1RLt1Bkv/zD1I90DrOY3GSf7uOYteE:SB01gwfk+Ft1Bk3z5s0Sq7uD

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
static1/unpack001/3.exe	modiloader_stage2

Modiloader family
modiloader

Files

c542b6a1f63ae91ff68461a057f4a6ef366531f8562faa8252238d13e272d3d0
.cab
3.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.nsp0
Size: 772KB - Virtual size: 772KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata2
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE