modiloader | 8f4a1bc505f7d8284d9649c9e3eea80c | Triage

Sharing

General

Target

8f4a1bc505f7d8284d9649c9e3eea80c
Size

763KB
MD5

8f4a1bc505f7d8284d9649c9e3eea80c
SHA1

69b20777dd39fafdc3772f39f342ebaa3cbe81ae
SHA256

063d1778d02c2bc6b5fa02443c5435115c70164d14670bcd16e74f1a2e3f7b9b
SHA512

5b705979596c36432f690a332ad8f845071de0139b2cf4d719b866d0685751df476a035d083c3c698bb4a0b39938cc6bca2637c44388d6dd48e38ffb1ef6ca74
SSDEEP

12288:ocWJRg418UGcjdafMUIbEeOQfA3lQjjlePcL0CA5bvTGimVM10UYc3S:ELg5UGcBaEU603e4jRlvTNmG10/uS

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f4a1bc505f7d8284d9649c9e3eea80c

Files

8f4a1bc505f7d8284d9649c9e3eea80c
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 612KB - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 22KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ