modiloader | 2023-08-27_71acc845146a571d555a65371052348b_kovter_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-27_71acc845146a571d555a65371052348b_kovter_JC.exe
Size

426KB
MD5

71acc845146a571d555a65371052348b
SHA1

203aec6844915e3f4fb475b0a3b06c70d83a8d80
SHA256

eeb5aa2673f5fa43ffab6c115a09272090d69c12d43412f845a9c7af5e0f36ab
SHA512

040e8fe23ada2af9875aff4f06defb634a48b982fdee8461e1bbd0a4551a99f601cd0603563c5d6fd0813c3ad0220c8d2c705829e842484f0c6100f41ec1a126
SSDEEP

6144:ZSL8ORZiBiWCEpXoSASfnZAUTyHwQTzdZZGIsuDO2IgLUnuE+vzjTq:8LjiEaej0nyQQnDZGIFKRgL/vq

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-08-27_71acc845146a571d555a65371052348b_kovter_JC.exe

Files

2023-08-27_71acc845146a571d555a65371052348b_kovter_JC.exe
.exe windows:1 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ