modiloader | b1b684e024f05872f4b035114e4c12978807d050d92408269381712afb7e8404 | Triage

Sharing

General

Target

b1b684e024f05872f4b035114e4c12978807d050d92408269381712afb7e8404
Size

16KB
MD5

a486bf5f7dc69621588d2a606ea57d3a
SHA1

c45317c682790df84d47877debdbbb4b6edc2a0e
SHA256

b1b684e024f05872f4b035114e4c12978807d050d92408269381712afb7e8404
SHA512

26eead829c51d4693a6df0d258f08a77bba80620995c4bbb1f4810fdb2bdde9eb6100efb9f7f50fe55be2dffcba9fe0a4e1286f4c038b9a69cdcf65b4d1687b5
SSDEEP

192:nQx6KMgpK3RFLTwAYsOKLkHGZ2vC+ANF+bT2jxD53tcZLnAEZ+fKXC5:SMgo3RFH3HLsuFRxD59ctAE4iC5

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

Processes:

resource yara_rule

sample modiloader_stage2
Modiloader family
modiloader

Files

b1b684e024f05872f4b035114e4c12978807d050d92408269381712afb7e8404
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Idata
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ