modiloader | a0aa5fe882e672e3d6b7104cb1e3bc7b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a0aa5fe882e672e3d6b7104cb1e3bc7b
Size

856KB
MD5

a0aa5fe882e672e3d6b7104cb1e3bc7b
SHA1

39c02acc0667628ee69c77f2b74079d1dd325c4c
SHA256

e25b13cb25716744a07232bdc5187e427d936e7437a268f757058f22bcc32f97
SHA512

5f9e21a9ead1489694111405c93d5c001f72b6e88f55f5a441787c2dd9b2afad6fc49b9f3499726ef7ed702d772fe98fb1658328132b3d6bbf0c3b4804f064de
SSDEEP

12288:cJjCWhgzbBf8PtV9m2YkA4UrCuMtfQBSo7n4fUT2a6A2QeTF0XhMdUyGtd:cJmmgPGPikA43xsr4Y2a6A2nChuUr

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0aa5fe882e672e3d6b7104cb1e3bc7b

Files

a0aa5fe882e672e3d6b7104cb1e3bc7b
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ