modiloader | ba73e0d2a2b6dd3ca08c9aa3d4284baa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ba73e0d2a2b6dd3ca08c9aa3d4284baa
Size

685KB
MD5

ba73e0d2a2b6dd3ca08c9aa3d4284baa
SHA1

08a47105a465d03bf7fa0080766903f4bcb207c0
SHA256

cab1d132f26dd4c8759288dddf4c2e5d3807cc3841852af6e5fe34ed27db28f4
SHA512

3f4ad581df2c7cadae2372ce9434f4a746a6aaea3e8e9b6575cc2608d7e9f3cd74ddbdd9a23a4ccecc7201125a6f0970874db4a1a75071bad9a8639ef61a6591
SSDEEP

12288:KERVq31AQHW3W4KlqckjwfIVLUh7f2wx/hCzJji6KTZ6+33TMHZVm:r3qeG4KUchco2PRm6Q3TM5Vm

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba73e0d2a2b6dd3ca08c9aa3d4284baa

Files

ba73e0d2a2b6dd3ca08c9aa3d4284baa
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 610KB - Virtual size: 610KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 23KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ