Behavioral task
behavioral1
Sample
140f2b392b76f408cf22e34f24e03784bf06113c85c483d67e317d8bda795e2c.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
140f2b392b76f408cf22e34f24e03784bf06113c85c483d67e317d8bda795e2c.exe
Resource
win10v2004-20231127-en
General
-
Target
140f2b392b76f408cf22e34f24e03784bf06113c85c483d67e317d8bda795e2c.exe.zip
-
Size
3.3MB
-
MD5
439675edeed0bb790ea2f2ae00261a77
-
SHA1
6885e0e4fcba2f80666efc24c16ba481bea3c279
-
SHA256
c7b86b1c0eaf82e93bb67fdf6c98124fe0810a0c0bede0c38548a3b9643932d9
-
SHA512
4cc740f697df3ff7d9bfb6d9f9a4f6d8f9d25a33cf127369d51236901053db3ccbc717efd19b6b25a162ff88dd6c53d9f29002635a22b43f2d869b5827ace251
-
SSDEEP
98304:jEws9amplNJQ+VkF4h3vA92fLhbaLweNv0lFP5bpF3F+/Ew:orVlNJ9nh3vA929bc30HxP1+7
Malware Config
Signatures
-
ModiLoader First Stage 1 IoCs
Processes:
resource yara_rule static1/unpack002/out.upx modiloader_stage1 -
Modiloader family
-
Processes:
resource yara_rule static1/unpack001/140f2b392b76f408cf22e34f24e03784bf06113c85c483d67e317d8bda795e2c.exe upx -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/140f2b392b76f408cf22e34f24e03784bf06113c85c483d67e317d8bda795e2c.exe unpack002/out.upx
Files
-
140f2b392b76f408cf22e34f24e03784bf06113c85c483d67e317d8bda795e2c.exe.zip.zip
Password: infected
-
140f2b392b76f408cf22e34f24e03784bf06113c85c483d67e317d8bda795e2c.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
UPX0 Size: - Virtual size: 1.6MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 3.3MB - Virtual size: 3.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 14KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 98KB - Virtual size: 97KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 16KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 24B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 54B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 107KB - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2.3MB - Virtual size: 2.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
JCLDEBUG Size: 145KB - Virtual size: 145KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ