modiloader | d06d609019f7d4eff87b9eb65c7782ab18d0625d6f925a84fcdbf8c51865237a

General

Target

d06d609019f7d4eff87b9eb65c7782ab18d0625d6f925a84fcdbf8c51865237a
Size

90KB
MD5

362976f0f5e221265bf6a4030fa60f53
SHA1

92bffcf6ee390fe76fd2528532f16b36029d4796
SHA256

d06d609019f7d4eff87b9eb65c7782ab18d0625d6f925a84fcdbf8c51865237a
SHA512

cfd8770f9b93b76423063966cefbd4e91ea9bbf89d7f2b83c22a067604e2937b0ae7d53f4614618f11d4cbadfd3f6b14a8ad9c5ba11edb8eeb1e3c20b05f9655
SSDEEP

1536:YcHA5dZuvrKA1r4Jwwi55dlvo89UBYKpJ0pHWG7m9pAsiyRJtLLg4rJjx/:Ycg7UrKqUwflAZYKX6aAsiy7tLUeJj

Score

10^/10

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	modiloader_stage2

Modiloader family
modiloader

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

d06d609019f7d4eff87b9eb65c7782ab18d0625d6f925a84fcdbf8c51865237a
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 144KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 144KB

UPX1 Size: 83KB - Virtual size: 84KB

.rsrc Size: 6KB - Virtual size: 8KB

Headers

File Characteristics

Sections

CODE Size: 152KB - Virtual size: 152KB

DATA Size: 13KB - Virtual size: 13KB

BSS Size: - Virtual size: 2KB

.idata Size: 5KB - Virtual size: 5KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 10KB - Virtual size: 9KB

.rsrc Size: 10KB - Virtual size: 10KB

UPX0
Size: - Virtual size: 144KB

UPX1
Size: 83KB - Virtual size: 84KB

.rsrc
Size: 6KB - Virtual size: 8KB

CODE
Size: 152KB - Virtual size: 152KB

DATA
Size: 13KB - Virtual size: 13KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 5KB - Virtual size: 5KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 10KB - Virtual size: 10KB