modiloader | 28ab49a9a0fbcc7d67d8c4c55f75981a | Triage

Sharing

General

Target

28ab49a9a0fbcc7d67d8c4c55f75981a
Size

397KB
MD5

28ab49a9a0fbcc7d67d8c4c55f75981a
SHA1

1a5508e6dc12cdfd44a39f7ceefe397b8131f932
SHA256

ec93850d8b0bf23cb80102ab0ff9d7c9c60cb4dacc155756dfc028a1592a3895
SHA512

50a23296336e37888a9a79ae89d7e892a53793f1692face9d4bd56097e48583e4e3c0392954c276f8e4a45c38593fa81735ef173e5b4d1f1c89f7c0d88faaf42
SSDEEP

6144:9yz9x3+08J8CVvLXmaeLFlWmQt29g2zfnlfBXGXnwOZLsTBPla7LR:9HJ8C1KawWmQthYH8nbZLsTTa

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28ab49a9a0fbcc7d67d8c4c55f75981a

Files

28ab49a9a0fbcc7d67d8c4c55f75981a
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ServiceMain

Sections

CODE
Size: 329KB - Virtual size: 329KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.MaskPE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ