modiloader | 5b0204997a8b5ac074695fd8b0e454c9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5b0204997a8b5ac074695fd8b0e454c9
Size

31KB
MD5

5b0204997a8b5ac074695fd8b0e454c9
SHA1

20f2490ec42da4be8f2a6345fd9a788c272245e9
SHA256

484557df07c91ebcd399caa711053fc2ca31ba882b32d8ff72c6ff1441b3a6d9
SHA512

061df3e87c0979225d9fc4fce516b40d45dda537d1df38f13b0d3fad8a0841dc13bdc3cdb9bee1d093db6f5ae0c83060dbc36fe9f9bafe358d52a4bcd2ece089
SSDEEP

768:CCyQqlhmQQZmeqE7kILjymWwj9qbkcFyDi:SQqlhmQSmFE7kImDsi

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b0204997a8b5ac074695fd8b0e454c9

Files

5b0204997a8b5ac074695fd8b0e454c9
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ