modiloader | a77cb6a99714fb8f1bb43dbc37ae8b48522368d6c69d6367b9753d928e5c07b5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a77cb6a99714fb8f1bb43dbc37ae8b48522368d6c69d6367b9753d928e5c07b5
Size

676KB
MD5

4f58e92bf3febcf6c1526138febb911e
SHA1

997438e503b451e3196be2825ba5b2761afbe0fa
SHA256

a77cb6a99714fb8f1bb43dbc37ae8b48522368d6c69d6367b9753d928e5c07b5
SHA512

de9fb8f727bb6d0465623b79e366af8147615da2f864d62caab114fb1af76ed4895b28249a7ec6a1836aef74fe2dfa8ff4e10ce6fa56c7299edc4a2695348261
SSDEEP

12288:Pw8INEKT8XOqLNbc+jZdFH1/nrruyvh9gmJVIJiTr/e:4nNE9+qLuenHd2wEmJuJiTze

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

a77cb6a99714fb8f1bb43dbc37ae8b48522368d6c69d6367b9753d928e5c07b5
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 609KB - Virtual size: 609KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 9KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

1
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

!eprot
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ