modiloader | 53ec8f4dd8f856ccc979ac0cbab11530 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

53ec8f4dd8f856ccc979ac0cbab11530
Size

42KB
MD5

53ec8f4dd8f856ccc979ac0cbab11530
SHA1

1c4a9b54a48bd5244273ead14ad1aa202ae2739a
SHA256

29ee619decdc875deb65f3e598f531a96cea55fdc75c47d75480ee769e6070ff
SHA512

41cadb5c0c3e6e482f13c4da3db665f1115709315a646a9827f99b30e6a5d59ec711b3bee23d86e2ebafd60372698285c1cf384c1c58951672d76d29d3db6230
SSDEEP

768:JwwyxQouEWjSHD23fbU50aaaxwdYzsRPw8rt9pwUNDtM1kGs1Hbs42:04jqi5axwdrPp5NhMTs1HbsV

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
53ec8f4dd8f856ccc979ac0cbab11530

Files

53ec8f4dd8f856ccc979ac0cbab11530
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ