modiloader | 600fb571febb6863b4f8aad8da3895d2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

600fb571febb6863b4f8aad8da3895d2
Size

921KB
MD5

600fb571febb6863b4f8aad8da3895d2
SHA1

3265f27d3fc67cac83e459461d232b8a8294baf1
SHA256

8f71a75809c6029edead12e74f4f5be01ce3c03af23d33c0d10e30eed281bd33
SHA512

a5c86ed5b53793ebb2f3eaff359fca85b2886c65469885519c74ed3757b1195a1d44c89eab59a69c45f1e21cff8ad0be7da4e52c70fd0ee6149129982ac20d34
SSDEEP

24576:4nKYO4ZiCq+3GV+1iCBDETH0a6g9qN15KD:4n7O4ZiJPV+MuDcOg85W

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
600fb571febb6863b4f8aad8da3895d2

Files

600fb571febb6863b4f8aad8da3895d2
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 906B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ