modiloader | 7a105030c834d123e1b47fc8edf30b5e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7a105030c834d123e1b47fc8edf30b5e
Size

384KB
MD5

7a105030c834d123e1b47fc8edf30b5e
SHA1

58b32818f69e8cb9718b14d217205631298a0df7
SHA256

6067a8861939d5fadebab4792b98063e6bc7c39682e82268b1d4e29649425b62
SHA512

19f09fdf0c1ee4ef9d7d2626ddee50167f23239a23a86fe20538c3c887ba9f80747e10f664d61e4f40b6125c07aff794581d5e390a640fcf53976508ccf54079
SSDEEP

6144:GVk05yZS+ev95iv/LR2aQS9hqDfEh99oSO9r6ii29Y0KKUtldsNxlw:s5yZS+ev95iXhf27Eh3iiAY5tldsxw

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a105030c834d123e1b47fc8edf30b5e

Files

7a105030c834d123e1b47fc8edf30b5e
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ