modiloader | 2023-05-11_4a4df3d7bf76799582ff48e08f6eb778_kovter[.]exe | Triage

Sharing

General

Target

2023-05-11_4a4df3d7bf76799582ff48e08f6eb778_kovter.exe
Size

362KB
MD5

4a4df3d7bf76799582ff48e08f6eb778
SHA1

2ae7917d1d569b73f2b5b67a7a7559cf0da01ea3
SHA256

afcf80c537e13cd72c706247b561232d508ecbdbc3d58241c2e7e8d56d9d7919
SHA512

29be0545d3345f9f6059d13739fc0cad14d2405ce7081544f74da7b99d02ce0f44d52ea593de75c739359e7a2dfaabd57db3e69884d6ecb4d9d85c6d7200c595
SSDEEP

6144:0vafleRJ2eYNCxWj2kNLMS26MVfB0mCvpz1Smd3/47vfAf7GrQdq8r3:7fQv2PgMVLGB8vh47vIfKrbc

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-05-11_4a4df3d7bf76799582ff48e08f6eb778_kovter.exe

Files

2023-05-11_4a4df3d7bf76799582ff48e08f6eb778_kovter.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 18KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ