modiloader | 5067722f6227c69097bb377f819d51e8

General

Target

5067722f6227c69097bb377f819d51e8
Size

43KB
MD5

5067722f6227c69097bb377f819d51e8
SHA1

b72c345180f6133d2e48dc6bfe6289880398f796
SHA256

f9bea85bb66b5bf8a567c87f07a9425bd3d423c0b940112831d688d85650e3c8
SHA512

df5c94a1ab856b67a5704487681e97367da4712072885542f9ac8e73bec098a3681a52c19a7b2b92617a9cd52474ac9ed881bc8e4f00e466c9f9c16ddfa61f2e
SSDEEP

768:VaLk8hZHrSP0Aoi4qZOLQNwdXcBq5OpBlaKr91EPFLx3GJqqj9QuV:E1PAv4qZyQNwdcUOpBlaO1oLRhuV

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5067722f6227c69097bb377f819d51e8

Files

5067722f6227c69097bb377f819d51e8
.exe windows:4 windows x86 arch:x86

6184b38e2bd8812690802396fe692902

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord823

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
exit
strncmp
fopen
fwrite
fclose
_except_handler3
_strcmpi
_stricmp

kernel32

LockResource
TerminateProcess
GetStartupInfoA
DeleteFileA
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
WinExec
_lclose
_lwrite
_lcreat
GetSystemDirectoryA
GetModuleFileNameA
GetCurrentProcess
LoadResource
SizeofResource
FindResourceA
lstrlenA
GetLastError
CopyFileA
GetCurrentDirectoryA
Sleep
CloseHandle
GetCurrentProcessId

advapi32

RegisterServiceCtrlHandlerA
CloseServiceHandle
RegOpenKeyExA
StartServiceCtrlDispatcherA
ControlService
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
RegCloseKey
SetServiceStatus
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
RegOpenKeyA
RegSetValueExA

shell32

ShellExecuteA

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6184b38e2bd8812690802396fe692902

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

advapi32

shell32

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 492B

.rsrc Size: 34KB - Virtual size: 34KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 492B

.rsrc
Size: 34KB - Virtual size: 34KB