modiloader | 0c1f0270c1f1af4c429b3425cb32828a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c1f0270c1f1af4c429b3425cb32828a
Size

48KB
MD5

0c1f0270c1f1af4c429b3425cb32828a
SHA1

942b85ede659364a8cc60a6020269ba215761673
SHA256

d49631f2f407027af16c22100c139f132f0bb84f6c4316e6aa8465953de6f1a7
SHA512

1f7b29d22df4ef6c8c991d0fd78ef31d820efda49d4f84e4041797ce4f8113ba71eccdee5457fdf89b8d6b8b96774d48c0871894ba5257e24ee3b117b4257cfd
SSDEEP

768:6mpM8NHn9/NyvOSj71F3Wl31TCU2txOwV8JtFqidNbh3Rc3iN:6aLf4Oi1F3PtAFJtFd5N

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c1f0270c1f1af4c429b3425cb32828a

Files

0c1f0270c1f1af4c429b3425cb32828a
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn

Sections

CODE
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ