modiloader | 0f4c63cdad6959786f46fc0d5a7aab3d | Triage

Sharing

General

Target

0f4c63cdad6959786f46fc0d5a7aab3d
Size

665KB
MD5

0f4c63cdad6959786f46fc0d5a7aab3d
SHA1

17aecec064eaf7b546186103a2a85c6a1c43c8a1
SHA256

94995f8abb063903376085aee2d337c21293ed9df4f1ba9668e34f28bed40625
SHA512

086ebac29686568627362557686719f7cda7e5284de553e289fae88f4f22e71a18d89cbe4f240d0298118002f0fe111e2df6818205fc6621bde708af021cc102
SSDEEP

12288:9USZ6lVrCdN8ca4V+edhBnRo4BYCLR9YTBaOsTYMi:9jwXCDtJVj9vBLNYaOsTY3

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f4c63cdad6959786f46fc0d5a7aab3d

Files

0f4c63cdad6959786f46fc0d5a7aab3d
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

��ɱ
Size: 600KB - Virtual size: 604KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

��
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: 19B - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ