modiloader | d2f0b1866dba2350f2656da564f016a65f7af000a6e16c746612711be8386952 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d2f0b1866dba2350f2656da564f016a65f7af000a6e16c746612711be8386952
Size

708KB
MD5

41a1509667d76de49f35e93c2c7b635b
SHA1

34baec27005216e2cd775050d960b9784827d7e5
SHA256

d2f0b1866dba2350f2656da564f016a65f7af000a6e16c746612711be8386952
SHA512

02b9446c6afe4992b0cb2afdeee9be330ed4127d546439e7a6dba9af8b8d4e2ade8b13579f7e1085ca951a774c57ba4c1dcfcf24b0f7690667cedc2a0fe11676
SSDEEP

12288:Tugl095nSxHxzsFb+4pbzsUn7TFLv0oKmzYRo+LTKv8:Sy0XSxH9so4pHZNT9crLTf

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

d2f0b1866dba2350f2656da564f016a65f7af000a6e16c746612711be8386952
.exe windows x86

4f84c9c0b2107cca782e0dd3f09c4ea6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaPutOwner4
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaFileOpen
__vbaNew2
__vbaVar2Vec
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
_CIatan
_allmul
_CItan
_CIexp
__vbaFreeStr

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 696KB - Virtual size: 692KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ