modiloader | 3b7a0d07ff01714e2f52fd16b2594c1d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3b7a0d07ff01714e2f52fd16b2594c1d
Size

3.7MB
MD5

3b7a0d07ff01714e2f52fd16b2594c1d
SHA1

019d69af9d161bf504cba84d181f8cc8c094b28b
SHA256

f0011544ddcabd2625df729ae589e54dabc83f99736d9465db351b24c01b8e48
SHA512

1c389718a2017103185d6970e24840d4f87096515d3a24bfd2f8bfaea9451bffddb9b1318bc5cff51078ad12af0a132117a8da49a7512119cab6bbada42017da
SSDEEP

49152:GNdJ8sFKLLPxmPAHGJIH7RRWIZ1qTX9mmioLcLbWJ7PuFO:GNT8sFqPxmPAQKl9gcpoLcLbe

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b7a0d07ff01714e2f52fd16b2594c1d

Files

3b7a0d07ff01714e2f52fd16b2594c1d
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE