Behavioral task
behavioral1
Sample
9a495f6dc375d601c8aa5015c8a14a17.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
9a495f6dc375d601c8aa5015c8a14a17.dll
Resource
win10v2004-20231222-en
General
-
Target
9a495f6dc375d601c8aa5015c8a14a17
-
Size
88KB
-
MD5
9a495f6dc375d601c8aa5015c8a14a17
-
SHA1
0f167fabe37b1a5a44a9cbb40e84abb4303230a6
-
SHA256
7470d7a49c6e61e406c0e1cfb17ad86221ea7af972abb3da166c1ba1e9a1a7ed
-
SHA512
c91dfd440112a7a5b839e3c73f57d704dea307c2f4e29727722e2a0118c9b4c96d38a8f539609233a1123153c3cfdbdcaf9b34602e12b81603dfb0e4f275725b
-
SSDEEP
1536:gglizGPIbm0Q61Bw85mzT8szQ5l3XqjS+aKQ8aPaoc3dFvDFU:1guj0Q61BwGY8szylnqjS+aKBaCo8dZS
Malware Config
Signatures
-
ModiLoader Second Stage 1 IoCs
resource yara_rule sample modiloader_stage2 -
Modiloader family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 9a495f6dc375d601c8aa5015c8a14a17
Files
-
9a495f6dc375d601c8aa5015c8a14a17.dll windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_UP_SYSTEM_ONLY
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 76KB - Virtual size: 75KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 2KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 203B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ