modiloader | 9439234a7552d16d9139d78a476b0312935e41e8bf1c77d5c627f6b80e3090d6 | Triage

Sharing

General

Target

9439234a7552d16d9139d78a476b0312935e41e8bf1c77d5c627f6b80e3090d6
Size

44KB
MD5

11731cd0b8266a93c302d61bbd5537b2
SHA1

114bd0b2a1a0402c6fc26598a1427e4856723f24
SHA256

9439234a7552d16d9139d78a476b0312935e41e8bf1c77d5c627f6b80e3090d6
SHA512

7f4321dd46bc8b0a6c1f529454046dc660ffbbd1026236686d36f2855b7bcb4edbc600f064c3dfcc9e0a68e3a4fffd070333a5da1ee5498add1deb837e213981
SSDEEP

768:F88t3HdfNSvuh0KLZPMVGQULqEPTzBUjAAoXE+dAXXgUG32/:F7vYuh0KL2GtLPajAXXEqut/

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

9439234a7552d16d9139d78a476b0312935e41e8bf1c77d5c627f6b80e3090d6
.dll regsvr32 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn

Sections

CODE
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ