modiloader | 32cf857247f5882785ce815900c0ccce | Triage

Sharing

Copy URL Twitter E-mail

General

Target

32cf857247f5882785ce815900c0ccce
Size

10.5MB
MD5

32cf857247f5882785ce815900c0ccce
SHA1

3ad44ef12776d7486ef672623822879102c0dd4f
SHA256

4e47a0d691dfa30d892cb2d7b7c35de5b3cf4ab8caedab643ccb95d9c003c544
SHA512

eef0e1bc84640c589ae0f562e886fc47cd9035b3173d5876a8fbc781ec925bdd4ea31821a80c6015fdd2c4b717f93460348adc4342ceab01ca891dc22641ed08
SSDEEP

196608:Y0A3WsWJPMDRIwcjbaBjiTRLJTFTXsFY8pkp2/4P2XUkCL3CBXPgv:M3WZlMDy33Mi1LNJXsF1qpjP2EXTagv

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader First Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage1

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32cf857247f5882785ce815900c0ccce

Files

32cf857247f5882785ce815900c0ccce
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 15.4MB - Virtual size: 15.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 32KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 76B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ