modiloader | 409fb2ee2fc8a23c0ac586f4e31e1780 | Triage

Sharing

General

Target

409fb2ee2fc8a23c0ac586f4e31e1780
Size

40KB
MD5

409fb2ee2fc8a23c0ac586f4e31e1780
SHA1

8e72e2eb72daf8a867f4c6c962cd439783738931
SHA256

05b278cdced7571da3bd319cc1e0155a007168523f2243bbf3df88616404b317
SHA512

26a4f040f92b48ea3dee9fa29808a6e8f7096f97d2d1cd59d3bd00c7ded174b9739370c2a8d82aedce50c7c66f78f610cf09034ae82fc0ddcf19d9268ba7d017
SSDEEP

768:Bs8d22LdX9wTB0DTzLIlLWx2Gkrdf8Sh2tME:B7XLdievgikpPS

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
409fb2ee2fc8a23c0ac586f4e31e1780

Files

409fb2ee2fc8a23c0ac586f4e31e1780
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 30KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ