modiloader | 4fd062452f497d3a2ca31863d071d328 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4fd062452f497d3a2ca31863d071d328
Size

425KB
MD5

4fd062452f497d3a2ca31863d071d328
SHA1

f58b14322f28a63a40af28dd29cc0f9bffddb98d
SHA256

26af2637c222c76987029962a00f3483c7ea5b60d6f1413846847e4753a06709
SHA512

40592aa47166d5d76bc06a3f719eb0aa6f6504cf2c50c44cb2e01406ef979654d0c9f52c20450d3a99e2559c7dec407adc91f36d1f414e8a561bd8caa4a4510c
SSDEEP

6144:2bsDcOeUGggfVsqP48vPvmtPAHNDWNaz2f62+RZ12hJD7y/EvbsWt+9J+fmjcMHk:2M5gfc83vWAKfYRqhJCEDs7a

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4fd062452f497d3a2ca31863d071d328

Files

4fd062452f497d3a2ca31863d071d328
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ