modiloader | b97aba157979ee3f50a1abaa528da352 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b97aba157979ee3f50a1abaa528da352
Size

13KB
MD5

b97aba157979ee3f50a1abaa528da352
SHA1

f75b89bb46fb6a2ba1a800d2fcf69850d3dc5a95
SHA256

b04aa937c0e10bbeadfd91835de82be7eb283ee6f1693fd615726abe0cc3d374
SHA512

ec658f4da4a011c4cd7726c9834316c01a24e23a3596263dc48e78f205033f51a16479a228733fe0eb569b85ce4295715f0c183cbc0261d5c49e43a803a812f8
SSDEEP

192:nTi0ePyz0Lp1U8zzacRvCoGAzRq/yMEhwQs3jJesQowKjRw8uaT4dKW5:TeP9p16VS8ua0d55

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b97aba157979ee3f50a1abaa528da352

Files

b97aba157979ee3f50a1abaa528da352
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 578B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ