modiloader | 313624880af4fc7405ff5f05a39183bb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

313624880af4fc7405ff5f05a39183bb
Size

49KB
MD5

313624880af4fc7405ff5f05a39183bb
SHA1

fb482ffff20431919d9fb02011bb12a99e583024
SHA256

8f75f1b570d290181d03d3a3118420b8b7d2188a5766881fe1af8259ca04ddfc
SHA512

c5a37ddf6a81fb9a3d28fc0a6787172734724619c2a23354fb97a9d4448130dc6fa1be593e8c47d865f19bec09090be1aae82bc7f77a73900c8c8a31f7c2f8c7
SSDEEP

768:4FwyxQouEWjSHD23fbU50aaaxwdYzsRgw8rt9pIjUN1P0TQAthcbWJ:q4jqi5axwdaPpfN18zhV

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
313624880af4fc7405ff5f05a39183bb

Files

313624880af4fc7405ff5f05a39183bb
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ