modiloader | 2023-05-12_9da4df1878b3edb8ce9190ad03fc2e77_kovter | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2023-05-12_9da4df1878b3edb8ce9190ad03fc2e77_kovter
Size

362KB
MD5

9da4df1878b3edb8ce9190ad03fc2e77
SHA1

a360c410c89a90834fa7c7a60a7704217d179e4c
SHA256

55615db6bdbd420d20052930059f5094a025ddade3f3dde706162d82e5dafc4f
SHA512

9ffb00d6fec4a599cbcd9ef82519333badb250c8b7ba040ee12cb69121a6d9e6f93e7190668684c797bca066e963c3c4495ddf41e439db137f480e412fef6d26
SSDEEP

6144:dq81CXSygfSQuU5B+klIB2KqUnDhCCav5zxYSh5/EzEHqxQdq0Hny:H1CCHK6LyhCvxEzEKxjJ

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-05-12_9da4df1878b3edb8ce9190ad03fc2e77_kovter

Files

2023-05-12_9da4df1878b3edb8ce9190ad03fc2e77_kovter
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 18KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ