modiloader | 3337576503c3e2d8876f50191ae8995b04a4536f816025c543d0e20250598fd8[.]zip

General

Target

3337576503c3e2d8876f50191ae8995b04a4536f816025c543d0e20250598fd8.zip
Size

400KB
MD5

a1bb3dcc97644d9b9e3722b02bdc6bd1
SHA1

4bf725e0b28ff560a7ef75cdd89171a5d14a1f32
SHA256

a8a482712110b30d7416a78fc2de709fc7698a93d6aed1e818b7fd80ad39d178
SHA512

6b300229fa3deab9e5dfb8df2def06d0a5e91019316310549baf75f3e5fe0ecb6a8a403a78cc30c6fbb30d130bbfed5743063adb01b02d595d6e46591a5f0259
SSDEEP

6144:uLGCNzxYHOUab7xWEdm8eiZ33uMv6bcWViabuM3EWXgwXyoOZwrzRcceszW88:uFiTexWEdGu33hv7cbGDoOZwrzzNqJ

Score

10^/10

modiloader

ModiLoader Second Stage 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/3337576503c3e2d8876f50191ae8995b04a4536f816025c543d0e20250598fd8.exe	modiloader_stage2

3337576503c3e2d8876f50191ae8995b04a4536f816025c543d0e20250598fd8.zip
.zip

Password: infected
3337576503c3e2d8876f50191ae8995b04a4536f816025c543d0e20250598fd8.exe
.exe windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 18KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ