modiloader | 5dfc3916cdb487dad5513e594caf417d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5dfc3916cdb487dad5513e594caf417d
Size

48KB
MD5

5dfc3916cdb487dad5513e594caf417d
SHA1

e6214f25da9c3cfe6568ed74eb6c1f6aceac1b69
SHA256

7867d1a35db289d13591d3b7d6098149bc03f5e0d8864c2ea3f2ba3efa937f78
SHA512

0d7433de2ecb77942fc033ca437493f2fc26d960ad96b914b8882ad6d97f85892c5f89950a8659fdf007a1d5a83a2906db0543730891525b3c0ab1cdd27d5828
SSDEEP

768:5MQDDqUb0pQ+SxgG2DrPW6MOjCa1JLgsPWthavbWNrtTdJ4N0DQGx6Cjxs1K:bDqwoQ5gGcPWaL/PWt0vG542/

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5dfc3916cdb487dad5513e594caf417d

Files

5dfc3916cdb487dad5513e594caf417d
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ