modiloader | e50781609890de446042871ce670479c32101378e9e2e37d30f1381e94122cbf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e50781609890de446042871ce670479c32101378e9e2e37d30f1381e94122cbf
Size

576KB
MD5

5e35c2a2b6e1963b0be460b728136228
SHA1

a50f4fd9202a3f764374e0e55b1c1652827b817f
SHA256

e50781609890de446042871ce670479c32101378e9e2e37d30f1381e94122cbf
SHA512

4f54af4f990f8e17758b33d8b99287322ecc3ff4e13ab898d8e22f5952a70aee075d7ddd24035672cd2097cfd85d93c30f2a08d3a1c63d6290597d4150e3190c
SSDEEP

12288:TJDpskNvnFPRSJdBBgIwzLgGOfDrP7r7G:TJtsYpRSPBeIw/gGOfDz/7G

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

e50781609890de446042871ce670479c32101378e9e2e37d30f1381e94122cbf
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

server
Size: 516KB - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE