modiloader | 06f0c3436e546f0ae26193d4465b968d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

06f0c3436e546f0ae26193d4465b968d
Size

32KB
MD5

06f0c3436e546f0ae26193d4465b968d
SHA1

072fd3074bf96b6ee14315063e28b9f2d18d6568
SHA256

00fe538fb0697ffdc3fa4b5d6e66b61ed91343c521fbb3c301fc7885fe813b1e
SHA512

2b9bc2b3d89653783b51fe153eb30cc06965c81ac7c09a506b42ec38bf772548309934b7990d3986a24ba0f87ab96d36242b34e4a0865246d3090d38313edb4a
SSDEEP

768:QoiiqZOHZQh7SPS0fEiIKspvfh8dIUs48h1vzDrHY:QviqZiZQh0S8EiUpHh8dYnh1vzY

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06f0c3436e546f0ae26193d4465b968d

Files

06f0c3436e546f0ae26193d4465b968d
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn

Sections

CODE
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ