modiloader | c9a3053ccb358e592b5e5fa939afb23484e8d79ae763bff9c688d3ac97af1ac6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c9a3053ccb358e592b5e5fa939afb23484e8d79ae763bff9c688d3ac97af1ac6
Size

688KB
MD5

da2cdca326c510e610e04acd94b0933e
SHA1

1c7703a019e8923ddf14170837b8b8e7b15f951e
SHA256

c9a3053ccb358e592b5e5fa939afb23484e8d79ae763bff9c688d3ac97af1ac6
SHA512

f2c6cc798065990b6a4ea5a63cfb37ddf0b97f4f9cabffcdef34ad9a1e2c98fd66888addac206a5b8ee867944c9d6cc30bffa8159e521e038c74ec38a6c97a21
SSDEEP

12288:vugl095nSxHxzsFb+4pbzsUn7XFLvEoDezYRolLTK8:my0XSxH9so4pHZRT6coLT3

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

c9a3053ccb358e592b5e5fa939afb23484e8d79ae763bff9c688d3ac97af1ac6
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 608KB - Virtual size: 608KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ