modiloader | 15f119296f5a5d12c9450b627d6e4a85

General

Target

15f119296f5a5d12c9450b627d6e4a85
Size

71KB
MD5

15f119296f5a5d12c9450b627d6e4a85
SHA1

6e0e373450fe65e628ca37b9c50d52daf8e7de14
SHA256

df1546c3d2ea202751066de728a81884d88a2f11c4f5ac7822f025d840e1326d
SHA512

66bb75b2dea3b127ea0284493116441b0c788dc5891e489dc8bbe9eeaac25b5f2020390e9fed4bde60fb57e33f74d85fea65fcfc9c1382b1c22aec97279b815e
SSDEEP

768:WJ55L9L8rJLCd9kIPkOgRyETC8EqRhttz8f/KSCquMH0GQuJIq5OpBl+OqJTo:I5L9LOaockRTSNCquMH0GQ2OpBl+R

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15f119296f5a5d12c9450b627d6e4a85

Files

15f119296f5a5d12c9450b627d6e4a85
.exe windows:4 windows x86 arch:x86

04c46c74945da5475544f77588a0b3da

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord823

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
exit
strncmp
fopen
fwrite
fclose
_except_handler3
_strcmpi

kernel32

FindResourceA
GetStartupInfoA
ExitProcess
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
OpenProcess
WinExec
_lclose
_lwrite
_lcreat
GetSystemDirectoryA
GetModuleFileNameA
LockResource
LoadResource
SizeofResource
lstrlenA
GetLastError
CopyFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateFileA
DeleteFileA
GetCurrentDirectoryA
Sleep

advapi32

SetServiceStatus
CloseServiceHandle
RegOpenKeyExA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
RegCloseKey
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
RegOpenKeyA
RegSetValueExA

shell32

ShellExecuteA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04c46c74945da5475544f77588a0b3da

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

advapi32

shell32

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 61KB - Virtual size: 61KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 61KB - Virtual size: 61KB