modiloader | 2023-03-08_f9951f5e40c21a78a631ab7b4a60ba89_kovter[.]exe | Triage

Sharing

General

Target

2023-03-08_f9951f5e40c21a78a631ab7b4a60ba89_kovter.exe
Size

362KB
MD5

f9951f5e40c21a78a631ab7b4a60ba89
SHA1

5d73c066e1ba881f038c049fbafcb28070b4fe26
SHA256

2a02608130d8a74a6f641132c071bed4cf0bf0838dc0f53fcdf807fc851818a1
SHA512

96a4c3387636971511cc1146fc5e9c9a454a98e3f1cdb52e52127a565171aa4977f041efd15f2eb8f268bf6138c23b0a061025339acb8f66ba5a1f41d3e12024
SSDEEP

6144:UeyWvDVBSuFPRxMmcAk/eP8ph6sy4oV9bisv9tvX4FO/5VdPFMBWQRq+MCS:RyADhzveeP8p89dvn5VdPacbhR

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

2023-03-08_f9951f5e40c21a78a631ab7b4a60ba89_kovter.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 18KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ