modiloader | 2023-05-12_8b19f432e7eeec722ec4bd6772ee19e2_kovter | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2023-05-12_8b19f432e7eeec722ec4bd6772ee19e2_kovter
Size

362KB
MD5

8b19f432e7eeec722ec4bd6772ee19e2
SHA1

83fe500749c2ca014b6c6dbabbec51ebcfc75bc0
SHA256

82c730886eb4ae9ce0da681f22151ccf717a9c18ab401976c21f7ce0b9d848cb
SHA512

07eecd38867bf205babb0beae3aa7e448e98fa8b5cf449780386c6701f371c51d67e0e9b86842a9dbd2cc7d90e0e54defd14cd8d302ed33d615abfd1dda2382c
SSDEEP

6144:QlgEenwKdnC0rrdGSkFFMMy0qzpBMYlDB/PA1K/Nk6F3wYQRq83B:xEsbE0rRQep5lxN3FAYHC

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-05-12_8b19f432e7eeec722ec4bd6772ee19e2_kovter

Files

2023-05-12_8b19f432e7eeec722ec4bd6772ee19e2_kovter
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 18KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ