modiloader | da3da2ba5d8ba914b610ffda4bab98b3c7485b8f814eaf0d932f829689be9d1d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

da3da2ba5d8ba914b610ffda4bab98b3c7485b8f814eaf0d932f829689be9d1d
Size

148KB
MD5

62aa2b974882bb2cacc6bf21780704b6
SHA1

cb9463c5297fb35ae0b6473cdc16b91bb24ee6f6
SHA256

da3da2ba5d8ba914b610ffda4bab98b3c7485b8f814eaf0d932f829689be9d1d
SHA512

2f0d5a8b663ab0aad91cde318472c2e55fb0cec98007b21a85b6e4316d051da8883347740144a8ad1a75cf0f23471a3092f3c4eb1e1ea57a058ba75df1716fdd
SSDEEP

1536:Rl4qmQbmmelfzPPuiHCj/uwd3DiB1AgpXsATaEOO2B:CKDUz+Qwd32B1xpXbOBB

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

da3da2ba5d8ba914b610ffda4bab98b3c7485b8f814eaf0d932f829689be9d1d
.dll regsvr32 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn

Sections

.Upack
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE