modiloader | 2023-04-24_f8ec5c69b8644c3b1b111ec2a1c05e83_kovter | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2023-04-24_f8ec5c69b8644c3b1b111ec2a1c05e83_kovter
Size

880KB
MD5

f8ec5c69b8644c3b1b111ec2a1c05e83
SHA1

1b2f84081f9d14cc08f5780cb062484a1cb9260e
SHA256

b9198f2d139a4ed7246475ade97f7d63acc6a30d3c79baefcd80dd1bbdaa4ee4
SHA512

707c4ee6f2b86d5dc9cd99aebb83cdde8450b9621e21631486d49a01e9647ee64e025d628e55a8f27754a642686a4ebb7358b5f293629ecee2d8ab47ec319cb0
SSDEEP

24576:Rc8FU91pTI8iYmE1qTopAFPfCZS5b9T7GqSV:Rc8FS1KtYR1qMpAFyZ4b9TSqS

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-04-24_f8ec5c69b8644c3b1b111ec2a1c05e83_kovter

Files

2023-04-24_f8ec5c69b8644c3b1b111ec2a1c05e83_kovter
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ