Behavioral task
behavioral1
Sample
0d01013b1f14b2ea42571ddf704bb79b.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0d01013b1f14b2ea42571ddf704bb79b.exe
Resource
win10v2004-20231215-en
General
-
Target
0d01013b1f14b2ea42571ddf704bb79b
-
Size
355KB
-
MD5
0d01013b1f14b2ea42571ddf704bb79b
-
SHA1
cea68518d5b128e02994acd0317924e5c6ec6f25
-
SHA256
bbccc89d05c938ab9f07d4ab91410cf843c11bc4228bf3a17c7bedc25e8a7299
-
SHA512
42935c96a0703a3a3a4dff784e052efb1de8998ed9ded0feb569f2bb9579b3c3cd729d635dc5c07ede6e0e42ced60d9625edc3c750288282df7ccd6ff1597620
-
SSDEEP
6144:ZSxshI966AGkAjOpoaY7vcvXtMRgSNU4LnqTG00LgleLqf:ZSxEq6xGJOpqTwXMgSG4Gi9AQ6
Malware Config
Signatures
-
ModiLoader Second Stage 1 IoCs
resource yara_rule sample modiloader_stage2 -
Modiloader family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0d01013b1f14b2ea42571ddf704bb79b
Files
-
0d01013b1f14b2ea42571ddf704bb79b.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 10KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.udata Size: 299KB - Virtual size: 300KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.adata Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE