modiloader | cc68b21562a7a7ff9c84feb1fbc5b03c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cc68b21562a7a7ff9c84feb1fbc5b03c
Size

475KB
MD5

cc68b21562a7a7ff9c84feb1fbc5b03c
SHA1

a1736a3f9313e835744a569fd95f57b8569ee20a
SHA256

8963334444e1640390f1df8b75c666dc91fa96326895cdc032a15954d6ba7269
SHA512

946eb97fa6ecffe08dd308d220b3c10f80321d851a5f2d8856e61727b2de0bab558654cfed88cc7fbcea8412999512d1b8c08be671473592bee7302074f2cdff
SSDEEP

6144:1CVKN/rhvUk2KQTzVDbk0zoaV7DEU20hpzdNQRzc0CinJvH+nQsvr3lX+0:DN/rhvd4TEFIzdNQRBJven9TlO

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc68b21562a7a7ff9c84feb1fbc5b03c

Files

cc68b21562a7a7ff9c84feb1fbc5b03c
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ServiceMain

Sections

CODE
Size: 418KB - Virtual size: 418KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ