modiloader | 25d0000dll[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

25d0000dll.dll
Size

200KB
MD5

ed64ec9e7bdbcf0faf71b19b0ab7f304
SHA1

d442266b69cf96b18265ea1d29be1233d79326b1
SHA256

5757f9d4102a4b083b3c867ccc560ee0d1752cdf0988353b0b0807b967b89220
SHA512

36b0099dc77639e9b598fbf2e831755a8c401ef871425f9557bfff0b5ea02be5c1d303c83dcb25b0f757f54d13533f29df2723c16ee931556eb199c03f3b14a8
SSDEEP

3072:AmGgXn9EcR/rIUDqQZRdAzbmb79WgcBv8WMFh93m0L9cWvHn5G+tPn+:Am/9Z9rIUDT8A4Mz920ptHc+

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25d0000dll.dll

Files

25d0000dll.dll
.dll windows x86

62a9ccb34d6177c5902597277a45e42b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegOpenKeyA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
TranslateMessage
MessageBoxA
LoadStringA
IsMenu
GetSystemMetrics
GetMessageA
DispatchMessageA
CharNextA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
lstrcmpiA
WriteProcessMemory
WriteFile
WinExec
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualAllocEx
VirtualAlloc
SetFilePointer
SetEvent
SetEndOfFile
ResetEvent
ReadFile
OpenProcess
MultiByteToWideChar
LoadLibraryExA
LoadLibraryA
LeaveCriticalSection
IsBadWritePtr
IsBadReadPtr
InitializeCriticalSection
GetVersionExA
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcess
GetCPInfo
FreeLibrary
FormatMessageA
ExitProcess
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateProcessA
CreateFileA
CreateEventA
CreateDirectoryA
CompareStringA
CloseHandle
Sleep
CreateProcessAsUserW
VirtualAllocEx
SetThreadContext
GetThreadContext

winmm

timeSetEvent

ole32

CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitialize

ntdll

NtQueryInformationFile
NtOpenFile
NtClose
NtWriteFile
NtReadFile
NtCreateFile
ZwFlushInstructionCache
ZwWriteVirtualMemory
ZwProtectVirtualMemory
ZwReadVirtualMemory
RtlMoveMemory
ZwProtectVirtualMemory
NtResumeThread
ZwUnmapViewOfSection
NtClose
NtClearEvent
NtFreeVirtualMemory
ZwProtectVirtualMemory
RtlMoveMemory
RtlDosPathNameToNtPathName_U
NtDeleteFile
RtlInitUnicodeString

url

InetIsOffline

Sections

.....
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

......
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.....
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

....
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

......
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

......
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.....
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62a9ccb34d6177c5902597277a45e42b

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

winmm

ole32

ntdll

url

Sections

..... Size: 144KB - Virtual size: 144KB

...... Size: 4KB - Virtual size: 4KB

..... Size: 4KB - Virtual size: 4KB

.... Size: 16KB - Virtual size: 16KB

...... Size: 8KB - Virtual size: 8KB

...... Size: 12KB - Virtual size: 12KB

..... Size: 8KB - Virtual size: 8KB

.....
Size: 144KB - Virtual size: 144KB

......
Size: 4KB - Virtual size: 4KB

.....
Size: 4KB - Virtual size: 4KB

....
Size: 16KB - Virtual size: 16KB

......
Size: 8KB - Virtual size: 8KB

......
Size: 12KB - Virtual size: 12KB

.....
Size: 8KB - Virtual size: 8KB