modiloader | c22f92f8bb54295c092226e892461d18 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c22f92f8bb54295c092226e892461d18
Size

78KB
MD5

c22f92f8bb54295c092226e892461d18
SHA1

e2687c58409e025a53d5794048912a0f299f6135
SHA256

f91f36c91afd27f24cff1e64c23e4d644badca42c24aee9f74c5cc61d67a1207
SHA512

4b5ea8dddbda6a347940a54954eab489cf2d94f38fa1811ccd12295417e3cbbca3c57e2b5a5e2b795145345a8ae100185ef431bb6d6c4941340dfbe3a920f737
SSDEEP

1536:94q9wEJyovbmWXQS//DRkEv3N36emYV9SqDuG2Yc4pHxsAMm2:vwMTpz/193N3qVqDIH4pH7Mm2

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c22f92f8bb54295c092226e892461d18

Files

c22f92f8bb54295c092226e892461d18
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 12KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ