modiloader | 57df7a91b0fa30d4577cd59db12db688 | Triage

Sharing

General

Target

57df7a91b0fa30d4577cd59db12db688
Size

120KB
MD5

57df7a91b0fa30d4577cd59db12db688
SHA1

435302c963ddf43675870cabff32ff6ad9cb1b90
SHA256

3430c355ad9fccafcc8f3140ac5da991ea1f9a68ab2f3d0d08e5aac177092694
SHA512

064e09238fa2fc9edbb12ed7db7bd37f1e8748c62c3c99decd67b6a734de9b2218daca0662d4e2b4737f0b6b2774c734f815c3ce90c9619c96fe634ae35970de
SSDEEP

3072:qWeYkq6Z8FELgkKFF5j9QQvB3xIzRp7MZiKVkituKlQ1aHV:qWeYkq6ZlLpK3p95SMZihivQq

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57df7a91b0fa30d4577cd59db12db688

Files

57df7a91b0fa30d4577cd59db12db688
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ