modiloader | 6573d49782df88075f90ff910d299287 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6573d49782df88075f90ff910d299287
Size

684KB
MD5

6573d49782df88075f90ff910d299287
SHA1

237ae5847433274cc626afdba3a59376e38a6bb1
SHA256

53f1d8fd9986d035f7fa2c7483f45abc27edacfadf6d9b09c02b282f4a28a5cd
SHA512

2a5e49342ee70c196ecf1590d6829d9de6e1a74c0878a85ba8936d87089c918b4940479f75d093ccdc304975cdfd6608767853d125494602de5b882699eb1dbb
SSDEEP

12288:L48QIHbAQHZOCKS5gtGRz7aeRvnYFW55LN7FgyN6jKYSTpTe8z:8fI7zKS5gtGtVtYWGjjK/TpTbz

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6573d49782df88075f90ff910d299287

Files

6573d49782df88075f90ff910d299287
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 608KB - Virtual size: 608KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 23KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ