modiloader | dad0be79a1e1d18a9c51109c76792ddf4c5915fde250e7847772c2e20a14da01 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dad0be79a1e1d18a9c51109c76792ddf4c5915fde250e7847772c2e20a14da01
Size

750KB
MD5

eddea97d313cbd230016097f6310586e
SHA1

4d1d3be8707f71814e745f35fa872cfec639e70c
SHA256

dad0be79a1e1d18a9c51109c76792ddf4c5915fde250e7847772c2e20a14da01
SHA512

0509b9615dcf9f1892e8af5dd91f67ada04602fc41bedad549cca0f876b75fc599a5a83a77f965384db0606a6bd5aa2f897c09ff3d8395055cfd93d78e597f6e
SSDEEP

12288:8H2mQmOERanz/wymacYI/oADZh3IgxFKQDzh9XwZ+Q+U8C7:m7zonzVmvOuX4Vmzh9wZUU8C

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

dad0be79a1e1d18a9c51109c76792ddf4c5915fde250e7847772c2e20a14da01
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 641KB - Virtual size: 641KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 15KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ