modiloader | 2023-05-11_7945be80d31f623f860992b852afe482_kovter | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2023-05-11_7945be80d31f623f860992b852afe482_kovter
Size

362KB
MD5

7945be80d31f623f860992b852afe482
SHA1

6b69cc93112308c718f90d5cfabeec1c01dc7c51
SHA256

d585402536746401e965718023fdc708b8e05f67c32c74b5a9339ee838635875
SHA512

78c4c0c0d8ae0da72422af8ce4e0cf3901b9978534be77a40d0fc1f5f2a01e0627c1f6eb12cad39c7ab523276dbe7c1cfd58dab2117b078b71a347317a68341e
SSDEEP

6144:0+ff6eX6S2kbJk0keirakys03htLOobuilHFZodm/xD3EGAkQ9qaWzZ:xfi4FXniitdbLxD3ak/P

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-05-11_7945be80d31f623f860992b852afe482_kovter

Files

2023-05-11_7945be80d31f623f860992b852afe482_kovter
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 18KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ