modiloader | 65d675c2b2ddaa5d4cd9e664e828ff6f[.]bin | Triage

Sharing

General

Target

65d675c2b2ddaa5d4cd9e664e828ff6f.bin
Size

206KB
MD5

ae4e8e5de594d6ac50719c6de0102986
SHA1

ff1daa5ee1079caeef069b8d14cbb8dc2585d48f
SHA256

80542fb595d77d74639db79d5b2a775f820b4b11c3d5e861a15deb9c79d94428
SHA512

3e6f6a6428a4e70d9433af7a7b3a0e01b6d41acc77e13dc8df64ed64e4d9a3ba4ba9c0eff4fe2fbfd2e281c20058160df4acda388196cb63e317ae11bd8ac4ad
SSDEEP

6144:WaY9QlQe39uz67mcyynkufrwrikc6PkeMps:vYelQe3986Cenk/+kcsz

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/23510e22393982e935093cce2d34e81ec14f75a63a19d4ffd64680bfe0a03df8.exe	modiloader_stage2

Modiloader family
modiloader

Files

65d675c2b2ddaa5d4cd9e664e828ff6f.bin
.zip

Password: infected
23510e22393982e935093cce2d34e81ec14f75a63a19d4ffd64680bfe0a03df8.exe
.exe windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 18KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ