modiloader | ce44e2bc135b917d0c04b4aaa0f2abe28dc73578d25d22f53054a64a9a7adb44 | Triage

Sharing

General

Target

ce44e2bc135b917d0c04b4aaa0f2abe28dc73578d25d22f53054a64a9a7adb44
Size

63KB
MD5

82f4555d2b765df2f6e28a59d0f31789
SHA1

4a502b79f9ab6cb703e0f78b0ea6a091173fdeda
SHA256

ce44e2bc135b917d0c04b4aaa0f2abe28dc73578d25d22f53054a64a9a7adb44
SHA512

803efc211c1f75b914189d51dacca7ae5e9294db1f1c39d78e302557376f5a3caf655c3e2707948cde23f1e6e5f4742c4f5143baaa55ee12a1ade2eefb35fb73
SSDEEP

768:YMQDDqUb0pQ+yfCx1MVDsOJ4M0p8gSFXJARdBzrx2kaNvFFHx:uDqwoQXCYzyGXy/Bz12LvF

Score

10^/10

upx modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

ce44e2bc135b917d0c04b4aaa0f2abe28dc73578d25d22f53054a64a9a7adb44
.exe windows x86

bd00da95048ae58bce9548b0dfc8a0f7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

SizeofResource
SetThreadContext
LockResource
LoadResource
LoadLibraryA
GetWindowsDirectoryA
GetThreadContext
GetProcAddress
FreeResource
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
GetThreadLocale
GetStartupInfoA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

GetKeyboardType
MessageBoxA
CharNextA

Sections

UPX0
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE