modiloader | VirusShare-002babe29772013f178335001aabe1b0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

VirusShare-002babe29772013f178335001aabe1b0
Size

180KB
MD5

002babe29772013f178335001aabe1b0
SHA1

7f56422aa3f0fdb3e9fe2ccc2001c3c6f53f9879
SHA256

7592e0538ab25ad3091fc7c0867886e99f92b18b722618c2f5c31773516c20d2
SHA512

10fad60c03936f340dfdfaa392da51ac448bc17de3e6b9fa1093c8ca8fe7b749ef42c6b2796831f89b37198579177c799fe782a296f490fe274a41cb1b800152
SSDEEP

3072:ojO3JSQLLnpLFJiCtJkvcCDF4dmx367mdfcOFVFMyji3Q4we4vjDFi7wVF:oa3JSQvpPaD+dwKCdf/VLji3DwFvQCF

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirusShare-002babe29772013f178335001aabe1b0

Files

VirusShare-002babe29772013f178335001aabe1b0
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ