modiloader | f0fd28c9b09f00f8fba7effbfdf70d0aad5a8a6655662008594721651bcd637c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f0fd28c9b09f00f8fba7effbfdf70d0aad5a8a6655662008594721651bcd637c
Size

18KB
MD5

0696320b8367030d61c74b2fe304f5b6
SHA1

588534b2d5717a267c129958d7b595122e86a1ee
SHA256

f0fd28c9b09f00f8fba7effbfdf70d0aad5a8a6655662008594721651bcd637c
SHA512

646a9f83698330a3956122cfed87cafbc3939f1e4dfceb51255f43ba1508465ea3986352a6d774e3e74a8798a2db094391c83e2aaba0940872c87277fd0fbfef
SSDEEP

192:n9L2HlWv2IdSLy4VoMqfaGWa10NKQNlwLiQ7SjWANm4XY1ONv/YDMHDPLL1JYZvR:9RdCytMqlWsmQmSAN1o12PnzWxSAzFh

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

f0fd28c9b09f00f8fba7effbfdf70d0aad5a8a6655662008594721651bcd637c
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 978B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ