modiloader | e5fc7d844cdf6c30196aacd6f13a5db3e625ef9ca863e36569f32202650ba5ed | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e5fc7d844cdf6c30196aacd6f13a5db3e625ef9ca863e36569f32202650ba5ed
Size

135KB
MD5

f30219bedd93949975761aa428542935
SHA1

fc9de050f8d8a6393e156dbbbd3f759442669173
SHA256

e5fc7d844cdf6c30196aacd6f13a5db3e625ef9ca863e36569f32202650ba5ed
SHA512

80bbb5918a52d4be9a98ff176326c1e5e892393e094b64af607f6c7397fd8b851ef5e9be82d489400f3540d476b7ac6c8b48a87f8df4d4d060569655f51694f5
SSDEEP

3072:EL7GtpOfw/Y7ZwvlA70e4Ggw3mcwJ5IAgPhIcr6BR516DJ2R:6yMw/d7eaMmfJ5IAEIBzR

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

e5fc7d844cdf6c30196aacd6f13a5db3e625ef9ca863e36569f32202650ba5ed
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 160KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

KK
Size: 512B - Virtual size: 520B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE