modiloader | 351ae5c63c1b848da0eaa2a63480da9e[.]cab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

351ae5c63c1b848da0eaa2a63480da9e.cab
Size

31KB
MD5

351ae5c63c1b848da0eaa2a63480da9e
SHA1

a061769c855494bb81a0fdd5694e1b4296be70c0
SHA256

9af1ec0df10d44c8894c4cf8457a39a28c3b24cc62b71436399b09be1c9dcc92
SHA512

5aac882f3548e6b03244978410b62187356abb3ea49c7526f8d3d7b6fe4a8a10d072d2949b806a90bfb0d5028fb2a1396f256df40726cff46a436f8fa6143f13
SSDEEP

768:zgmDCY72PQbleByQP51KMYxANsk8q/7Eni3IUnAkJ:HEPXByq1eaNsoN3IU

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
static1/unpack001/kav.exe	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/kav.exe

Files

351ae5c63c1b848da0eaa2a63480da9e.cab
.cab
kav.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ErCaN
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ErCaN
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ErCaN
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ