modiloader | 2023-05-20_869b82ef8eef5074c0fedba15ac46954_kovter | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2023-05-20_869b82ef8eef5074c0fedba15ac46954_kovter
Size

426KB
MD5

869b82ef8eef5074c0fedba15ac46954
SHA1

8083705460875d2aabe55bb5af7b5e5dc40ef338
SHA256

4b86eb9dca44fd0ca1f5da737c5a5c955d577a891a9acb4e1b88e6c31773a2ff
SHA512

5c71f86d8fa0c579d05a316b590a74af942a91826c4d6a97c33f049590289afc8f6f383426f973f919c136e546135c6b0af9b085f1d7b266b0bd077d4e298ea1
SSDEEP

6144:Sn4i6siCUPD03i4RcEUXxpRR7LyP/EKbyye+IQi49uE8EOsLAkgI+vzjTW4:SD6SUr0SEmjDyHEa/e+Ilcp8ZsLSvh

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-05-20_869b82ef8eef5074c0fedba15ac46954_kovter

Files

2023-05-20_869b82ef8eef5074c0fedba15ac46954_kovter
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ