modiloader | 5fe96456d6f011cec027c37f3f465521 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5fe96456d6f011cec027c37f3f465521
Size

476KB
MD5

5fe96456d6f011cec027c37f3f465521
SHA1

78e6e25e52eddf4863ca9c382799b515518adbd9
SHA256

7b945ef5e5a80c125732bbb49ec5f52a4f21a599304117638581eff8fbce7139
SHA512

6a250d5022822b3e33249338562763a23faca51e43e832f5ab5855d7bb3dad77741c4f6ff18b075d27dfd7e0dc9d700896467e2a6f2816955f8f3eee62d34354
SSDEEP

6144:3z32F3hS/6UXjS50yMzZzckjXlDN7Ng24CdGPCbUEPqzRH5IXOy34AfMiBhUooGb:72F3hSLXjo0L3lRxg2BBPKHeekywTNF

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5fe96456d6f011cec027c37f3f465521

Files

5fe96456d6f011cec027c37f3f465521
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 407KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ