modiloader | 0d9ea4a12d29d79b00bd3d0788f531642832b799bdc3baaebd0ee213cee4720e[.]zip

General

Target

0d9ea4a12d29d79b00bd3d0788f531642832b799bdc3baaebd0ee213cee4720e.zip
Size

168KB
MD5

c19b99eab307284b0a3a02a02c13885a
SHA1

82ce6e5e7e99a4019ebdbf49f2996519134d2609
SHA256

9c279892ff6593e18378ff1ec57a1be85f16061650924541062a1607dee3f13a
SHA512

f592f945e91df61b5ca4a1f2a776f4cbcfdc18b6396784db8a6d86047992addd382c1463b7a7e6c23a6855b013e9062267f0215e78a5225ba9a81c6fded4c790
SSDEEP

3072:87gqfNNgY/W8VSYrOCLyA65NPlcV41kEab2DRcOre0leI1pU/gQIC3hjUN/z0DZ:87pJ/W84YrOU65NPt1kEgyRhreyjULIa

Score

10^/10

modiloader

ModiLoader Second Stage 1 IoCs

resource	yara_rule
static1/unpack001/0d9ea4a12d29d79b00bd3d0788f531642832b799bdc3baaebd0ee213cee4720e.exe	modiloader_stage2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0d9ea4a12d29d79b00bd3d0788f531642832b799bdc3baaebd0ee213cee4720e.exe

0d9ea4a12d29d79b00bd3d0788f531642832b799bdc3baaebd0ee213cee4720e.zip
.zip

Password: infected
0d9ea4a12d29d79b00bd3d0788f531642832b799bdc3baaebd0ee213cee4720e.exe
.exe windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 18KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ