modiloader | 642feb3cec39174dd6273ef7b77cc54b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

642feb3cec39174dd6273ef7b77cc54b
Size

10KB
MD5

642feb3cec39174dd6273ef7b77cc54b
SHA1

cbf1eef9bd6d6a5801b4f3a6e75273f75d6c0797
SHA256

194a483a52badeb14de785a6b0ae3cb7090714fb29e7faf1c454e025970a99fb
SHA512

57ca31d6c800870654cb84a8a8b96511411550a04671f5af8afaf4f74bd0d1a0e417d1c2857231813dd388407d82466fae686da7c6e48640eec3308f4f811948
SSDEEP

192:nVCWhh0hydS4YddiPnNu6kr7hHQwahW1a8IcT:Hh+ydlyiP4brSwZa8v

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
642feb3cec39174dd6273ef7b77cc54b

Files

642feb3cec39174dd6273ef7b77cc54b
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 333B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ