Behavioral task
behavioral1
Sample
dd06fe981c4c4f544efca799ff968f022e1172ed2bb545bf3de1a7cbdcba3f3d.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
dd06fe981c4c4f544efca799ff968f022e1172ed2bb545bf3de1a7cbdcba3f3d.exe
Resource
win10v2004-20230220-en
General
-
Target
63f354e790330913b6ec49a3fd6609ef.bin
-
Size
210KB
-
MD5
acca0692c69e660749b110b8d4988102
-
SHA1
ceec9c7d3e51df42bf14371fc7ebf2c6208c1b4a
-
SHA256
d127781aa8234f4fb099be8009358a6fec42de09c63b0b4488759237b7d9ec56
-
SHA512
ee42b6c8642e7e2c4d49a8a3bd3c18b63a0ed90ac0a8e57434546cef6747845ce7e5e7d5497d96f6911cd50e22a28f37419cf5a76ea41eb3954818166be71fab
-
SSDEEP
6144:cR6/jBHN8BsXDcc+59WZMO/ieOLvg+lTkjdTsZMP3d:7BN8BsXf+PKMO/2zg+ypdN
Malware Config
Signatures
-
ModiLoader Second Stage 1 IoCs
Processes:
resource yara_rule static1/unpack001/dd06fe981c4c4f544efca799ff968f022e1172ed2bb545bf3de1a7cbdcba3f3d.exe modiloader_stage2 -
Modiloader family
Files
-
63f354e790330913b6ec49a3fd6609ef.bin.zip
Password: infected
-
dd06fe981c4c4f544efca799ff968f022e1172ed2bb545bf3de1a7cbdcba3f3d.exe.exe windows x86
Password: infected
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 327KB - Virtual size: 327KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 18KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ