modiloader | 0b4672dc6e6af366aed1017cb2bcdb82 | Triage

Sharing

General

Target

0b4672dc6e6af366aed1017cb2bcdb82
Size

651KB
MD5

0b4672dc6e6af366aed1017cb2bcdb82
SHA1

1128d2fc91fe3a02e1b957414324870c65b2dc46
SHA256

35c843f60fe9326c18b55f120fb82efef312046a238b0aabe489054a37c2c3c1
SHA512

ceae0dd45b844718514edfa5956da7693630ece3709807c0cbced6428923430d550d3504a9ff7ed165607b0f7a74992e78f3c9e5efff1f9ee7ea4c930a9415b1
SSDEEP

12288:kpyZT1jrCxu/mDwLRI6BxcDqp9aqCcajVuD3Z7BPQGMWYur0s0D:kUx1jjOD3SxcDDcNDqWYurL0

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b4672dc6e6af366aed1017cb2bcdb82

Files

0b4672dc6e6af366aed1017cb2bcdb82
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ