modiloader | df4a61ee18a6728025257b395a7564a2c9c9fd4b2233e7a23244f75f8ce96bb9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df4a61ee18a6728025257b395a7564a2c9c9fd4b2233e7a23244f75f8ce96bb9
Size

370KB
MD5

49154730738074b7671400c3b533fcf4
SHA1

203d3228323a192e7b95d6b1e23d1621e3672fd2
SHA256

df4a61ee18a6728025257b395a7564a2c9c9fd4b2233e7a23244f75f8ce96bb9
SHA512

7fa980598a389c23d10ef25581db7c5e0098c048cdf259e175c579f06d69a77ce19ef39cef2e5b46acdd6d50f2cb6fccdc9921234fd0b6f569a640e530f67e4e
SSDEEP

6144:hGyjnBSkuV1d4eZd88ORJIz/wTB4xG3Xpc96slK/YeK:0YnBSkuVUeZdYGwTh7sM/YeK

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

df4a61ee18a6728025257b395a7564a2c9c9fd4b2233e7a23244f75f8ce96bb9
.exe windows x86

b00bffeafe1be25cb00670d0acaf9845

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
__vbaPut3
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
ord666
__vbaVarForInit
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaGet3
ord529
__vbaStrCmp
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
__vbaPrintFile
ord606
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord537
ord645
_CIlog
__vbaFileOpen
ord570
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaStrToAnsi
__vbaVarDup
ord616
_CIatan
__vbaStrMove
__vbaAryCopy
_allmul
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ