modiloader | 5895dbd75788824a64bb774d83d62ef0 | Triage

Sharing

General

Target

5895dbd75788824a64bb774d83d62ef0
Size

1.0MB
MD5

5895dbd75788824a64bb774d83d62ef0
SHA1

f5f33ea6afd66b48eedbaa6aa385c0168c69f952
SHA256

fa0728a0588e2953db1a123047453f0be27407c6007f3d823c75530de5db0050
SHA512

30046ae9c9998fef3319fd1dece93b601d39dff19892b47f0049fbea78590855b89a12ab578e5aa0acbf7a1172ae3e60314ed6370165038fbb281e57c1951996
SSDEEP

24576:1El9v/m2iBXLGqWrIe5qOdSiT5exYPDsgtBXXGvdW:1Enhsm/5J7TcxssgPcW

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5895dbd75788824a64bb774d83d62ef0

Files

5895dbd75788824a64bb774d83d62ef0
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.nsp0
Size: 768KB - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RPCrypt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 524B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ