modiloader | 6371c9ed4221ba17a767fea8df017e3f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6371c9ed4221ba17a767fea8df017e3f
Size

96KB
MD5

6371c9ed4221ba17a767fea8df017e3f
SHA1

7338c7e88ac4f36633c97a385389fd2788cc4544
SHA256

d3aa65fbd884147c8b724eb77d33c927771e25e1cfd21a82af5b92c78a6a1a88
SHA512

f410ca7bf98d3bc0deb3cf0d25a7a04850c9e98ff974a4e3b754f8772ffd6d66c3d4b1f84980f89aa756e9801937d890db2db14f5375a1532aef8e900de51a42
SSDEEP

1536:zAAA+nIxenxxxxxxxxxxxxxxxxIIcreQFRLg5l93RAuxxxxxxxxxxxxxxxxxksj1:laIzQFOiwP9R0R+0O18CtMHJJlVxVUSm

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6371c9ed4221ba17a767fea8df017e3f

Files

6371c9ed4221ba17a767fea8df017e3f
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ