modiloader | 4c6bcd94cbddf470a1967b282772b506 | Triage

Sharing

General

Target

4c6bcd94cbddf470a1967b282772b506
Size

841KB
MD5

4c6bcd94cbddf470a1967b282772b506
SHA1

99152c5f388b27d6565b83366da7dd0bee615d2a
SHA256

5bd78c18ae975e1c5bf6f1c40f9a19ef1461c8ed2980051f452782a171e829d5
SHA512

cdbc70f814ad068215fbefe2ab06f2d37f37c4c2b0ecc613ef8de91c160e5c4f5249123ecbbce5394bd591ca993b452d73407a787f7766c87b34810ca8e5e4e1
SSDEEP

12288:y6hVOPWy+1VtcwS+BIGAYoQQqyRy1ZaTWnu8vDfMgHqSVc0rCUmxs:y6HaWfVqwS+BQlzN4vPnu8v71H5CUmx

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c6bcd94cbddf470a1967b282772b506

Files

4c6bcd94cbddf470a1967b282772b506
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 734KB - Virtual size: 733KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ