modiloader | 20230517b532d352685523141305fa9135192256kovter[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20230517b532d352685523141305fa9135192256kovter.exe
Size

426KB
MD5

b532d352685523141305fa9135192256
SHA1

fa0e364afa99bca61d747e23a04eddc5b10ffdb2
SHA256

677393ff5efc9f6f050b4b5ed62579f2f050eeec53e7a17cb51c31c148546f59
SHA512

16fd0ff50df7aefed9ebb4e221b86bd72e6e73c9b761216f37f7c26d328ca577e58d70e68b249cfe873e6073a5d258bcb4a88d4214bade8817de9b7376e09eda
SSDEEP

6144:LL0IMdpqDpE9TWvZqtMNXzhTqm8jjyhNYIa/19zTD8WGLA+m4dZvR5SE+v8BW5:LfrDp6TgZqtklvNiHPD8WS8yBb8

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20230517b532d352685523141305fa9135192256kovter.exe

Files

20230517b532d352685523141305fa9135192256kovter.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ