modiloader | 87c5a182401094b060719da5ba69a486 | Triage

Sharing

General

Target

87c5a182401094b060719da5ba69a486
Size

350KB
MD5

87c5a182401094b060719da5ba69a486
SHA1

0d9480f748740c0ead3b551ecc5f5546363e74b3
SHA256

cff8d77435e150c6dd3b19b1f440b5fb9683a92577c77cb76797fde54ad9921a
SHA512

35f5a72e520b910f62b5d245f5a4f3bafd60c69b5cbd8cd31b42ade48c7297eed4d5095e9b4d8ba9e8ca36c765639b78f73af4b628a2d04cfe0a75b59b579141
SSDEEP

6144:ScbCfNj+FU2oXPs6CmhDu6PdsjVwupvUkZhWc0O9oaoasBCX4VZMQSatM81fpzBp:cGoXPvC8D+vbsqoVZhSatnSI

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87c5a182401094b060719da5ba69a486

Files

87c5a182401094b060719da5ba69a486
.exe windows:0 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 321KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ