modiloader | 2c7359333bc9a16368d81ba75a10fc36 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2c7359333bc9a16368d81ba75a10fc36
Size

547KB
MD5

2c7359333bc9a16368d81ba75a10fc36
SHA1

69065237f4f4fda961311a98563542775ee089a0
SHA256

429ddfd3af2149de3c21435f9c66ae210979702ca5d0490078442f7ff659ad12
SHA512

25340667f43d253aa0ce255a5c2382cb6edf7dc7cc8bbe650ce3ad2b7672252acfdbe1a4a2a6fe906cb289517b20d31781a53354980fe7074d2d994f1b7fa8e0
SSDEEP

12288:/nLngKpCV8AaWwqUwtKGisinRQx3cNtu:vrgpVJJFiRCcN

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c7359333bc9a16368d81ba75a10fc36

Files

2c7359333bc9a16368d81ba75a10fc36
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 434KB - Virtual size: 434KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ