modiloader | 296eba909e2f817c28b25b6d2f266912

General

Target

296eba909e2f817c28b25b6d2f266912
Size

125KB
MD5

296eba909e2f817c28b25b6d2f266912
SHA1

649ba86f2c9c260c14895ec31e9aaa0a71707d6f
SHA256

d4f01066561eda6e1c0d473f1d6e45daf16e676affafa5bb3996ce249d0a2bc8
SHA512

a3bea3545facb761baa9cef51f7f6bf54bcf6b00a64738281229049df414db3f53c5961a8662323e6e3aa4e00ec4f1076b4bc41c37b414c5b0c9f5b3d5d04e7c
SSDEEP

1536:GIqlamQItiARDHlq3zQfapU4fARzVv27xgFqTE6cFCmivsXSHT7IUOGk:WAqD2zRpU44RZv2wqTOCfv8IEdGk

Score

10^/10

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
296eba909e2f817c28b25b6d2f266912

Files

296eba909e2f817c28b25b6d2f266912
.exe windows:4 windows x86 arch:x86

7ac9fc989be97c86082a02d29f116422

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

lstrlenA
WritePrivateProfileStringA
WriteFile
WinExec
Sleep
SizeofResource
SetSystemTime
SetFilePointer
SetEndOfFile
ReadFile
MoveFileExA
LockResource
LoadResource
LoadLibraryA
GetVersionExA
GetSystemTime
GetSystemDirectoryA
GetShortPathNameA
GetProcAddress
GetFileSize
GetCommandLineA
FreeResource
FreeLibrary
FindResourceA
ExitProcess
DeleteFileA
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
GetThreadLocale
GetStartupInfoA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shlwapi

PathFileExistsA

user32

CreateWindowExA
PostMessageA
IsCharAlphaA
GetWindow
GetMessageA
GetForegroundWindow
GetClassNameA
FindWindowA
DispatchMessageA
GetKeyboardType
MessageBoxA
CharNextA

Sections

UPX0
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7ac9fc989be97c86082a02d29f116422

Headers

File Characteristics

Imports

kernel32

advapi32

shlwapi

user32

Sections

UPX0 Size: 120KB - Virtual size: 120KB

.rsrc Size: 1024B - Virtual size: 4KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 120KB - Virtual size: 120KB

.rsrc
Size: 1024B - Virtual size: 4KB

.avc
Size: 2KB - Virtual size: 4KB