modiloader | 64f0c918f70d2d8005db981711070111 | Triage

Sharing

General

Target

64f0c918f70d2d8005db981711070111
Size

3.0MB
MD5

64f0c918f70d2d8005db981711070111
SHA1

bd9a6b8e1efebec578a327a2da72e40e052e8778
SHA256

4398c4077f8a0492079dacc1f7ebc767ac4881a13a5142ec752f5018bf9d583a
SHA512

9cb7852f37ab9f310089328663a5622072e1247e250de17a8d3c514a98c52270ad37c205fe2472b306f4f93cd5f663a2b900c75e7751f3ec9f14fd8c08c6f86f
SSDEEP

49152:vsUzN/i5lRyxkLu9tqCaMMpgtwIbHLG2kmKjvqjepPsobHGQvgLDzzz9qa0Q26:kUZ+YllaMMpgtPamKjqj0PsobHGQvc/

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader First Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage1

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64f0c918f70d2d8005db981711070111

Files

64f0c918f70d2d8005db981711070111
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 904KB - Virtual size: 904KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 52KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ