modiloader | 7b39d713b1932054f429664bfcb86f0c

General

Target

7b39d713b1932054f429664bfcb86f0c
Size

43KB
MD5

7b39d713b1932054f429664bfcb86f0c
SHA1

8560448b2b234a566d46f585bc11824d1595432b
SHA256

cc2b18ad92db7827712e1784f9f6cf9aa4e99ca2e03b8965a40a1976e5357260
SHA512

305f86f430270d3e48dbd1bb8edb4fbd6045c55cef279a894ef2c89fa2100d305cbab94af23946558512508b1a3029e38ae5b7e5d7be898e7ee37f52e3227d84
SSDEEP

768:VSWEolYEnrSP0Yoi4qZOLQNwdXcBq5OpBlaKr91EPFvx3G/39QuV:g6Y2Yv4qZyQNwdcUOpBlaO1ovRnuV

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7b39d713b1932054f429664bfcb86f0c

Files

7b39d713b1932054f429664bfcb86f0c
.exe windows:4 windows x86 arch:x86

6184b38e2bd8812690802396fe692902

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord823

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
exit
strncmp
fopen
fwrite
fclose
_except_handler3
_strcmpi
_stricmp

kernel32

LockResource
TerminateProcess
GetStartupInfoA
DeleteFileA
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
WinExec
_lclose
_lwrite
_lcreat
GetSystemDirectoryA
GetModuleFileNameA
GetCurrentProcess
LoadResource
SizeofResource
FindResourceA
lstrlenA
GetLastError
CopyFileA
GetCurrentDirectoryA
Sleep
CloseHandle
GetCurrentProcessId

advapi32

RegisterServiceCtrlHandlerA
CloseServiceHandle
RegOpenKeyExA
StartServiceCtrlDispatcherA
ControlService
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
RegCloseKey
SetServiceStatus
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
RegOpenKeyA
RegSetValueExA

shell32

ShellExecuteA

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6184b38e2bd8812690802396fe692902

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

advapi32

shell32

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 492B

.rsrc Size: 34KB - Virtual size: 34KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 492B

.rsrc
Size: 34KB - Virtual size: 34KB