modiloader | 610635f624bc18334f1009bd16a1288b | Triage

Sharing

General

Target

610635f624bc18334f1009bd16a1288b
Size

111KB
MD5

610635f624bc18334f1009bd16a1288b
SHA1

2fd8667eab8e32ba2bfd5765eb0c770f5f4bb8c3
SHA256

4a38ee3727eb9767f0263318ff0771a6aaa74fc3fcdb618e5eb16ed3a5b0d1a5
SHA512

235a5cfa6621e7b5d4f25de5c732aa52797ca1b78fdc42b8d8c29756d164e0f9998271da13dc04c6f722c47c94ce62c8f5b731273397b5bb53a0f981eab1254a
SSDEEP

1536:TtYYYYYYYYYYYLfEWohMkYlETypxmSg3JOTYj4lTfrPkKoEk3ntkB2+NfJxVae:TtYYYYYYYYYYYS2V1gZiU4JP7A2BVhxD

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
610635f624bc18334f1009bd16a1288b

Files

610635f624bc18334f1009bd16a1288b
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ