modiloader | 2023-04-21_66ec0f1426042dfc88bd922956428c9e_kovter | Triage

Sharing

General

Target

2023-04-21_66ec0f1426042dfc88bd922956428c9e_kovter
Size

329KB
MD5

66ec0f1426042dfc88bd922956428c9e
SHA1

1524ceb090b9b40273a38cee2e3566d2e9631ce8
SHA256

3f7458e658401c15b675db78a2e9871ca3eeff3c6e299c4545515e56b66466df
SHA512

d4c2e65d2b4a83c3b383ba9ea5c59059b6ae2bc090710b1290ad54c68b403ada372262271b06586632f4ecca5fe2685f3060c8c11ea8ed80cba8bddeb7ddec9e
SSDEEP

6144:DSoywCFI00FkyFQkjmkeOcbhdO0OR3rROCdP/gTfEb/hurQhq+17:DSoFCm5NDGdoRfifEbYrrE

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

Processes:

resource yara_rule

sample modiloader_stage2
Modiloader family
modiloader

Files

2023-04-21_66ec0f1426042dfc88bd922956428c9e_kovter
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 18KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ