modiloader | 8f01561727b5ce352cbd64af0e1609bf8d3bb24386ca9f028a87c4ca5202c7f8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8f01561727b5ce352cbd64af0e1609bf8d3bb24386ca9f028a87c4ca5202c7f8
Size

824KB
MD5

9adc7e5b84802b0df9a849ec2bc094b0
SHA1

900ce1c7cdaa305ca2160acd6c7faf19c4e5f15f
SHA256

8f01561727b5ce352cbd64af0e1609bf8d3bb24386ca9f028a87c4ca5202c7f8
SHA512

28b51cf790019e9810cba9edead65c8a13829473914a8866cc36e4c5e1576f60f99f85e14941883cfd49e017d9ec50bb0ba43b9f4d9dec4c6ded7360e0e0ce67
SSDEEP

12288:RTXQnPuvfdsh/THWwBfZEQRmg80MbFRNADQl+rXZwSaKGAr1411m0:VAnGvfCh/T2wZEQ80CmNrgA41

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

8f01561727b5ce352cbd64af0e1609bf8d3bb24386ca9f028a87c4ca5202c7f8
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ServiceMain

Sections

.fhfhfh0
Size: 664KB - Virtual size: 664KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhfhfh1
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhfhfh2
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imp
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE