modiloader | 779647a11423ee1927a668d8e434a423 | Triage

Sharing

General

Target

779647a11423ee1927a668d8e434a423
Size

362KB
MD5

779647a11423ee1927a668d8e434a423
SHA1

2051e5dee5cbae37fd823aae74e283712c6d27dc
SHA256

1797c3bd96273dc34e390ef7a3ec73d40dbb0a19f793d0aab5a0583c8c6596f3
SHA512

62ed541ed503be17ff0529b80ea9042e3649172df2e52e5ea701de787cf2dbb65162c06ed47051b144e868a18051748fc52a34e61faf9dc36e71c84aea232af6
SSDEEP

6144:uC6afjCY8rIoWigkFNvUkOC3kv6l3y90snTBV31j:zWY8rXWiZvDUyl3gnT5j

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
779647a11423ee1927a668d8e434a423

Files

779647a11423ee1927a668d8e434a423
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ