modiloader | de9db329b22c52090c30f9807e2b4eb9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

de9db329b22c52090c30f9807e2b4eb9
Size

1.0MB
MD5

de9db329b22c52090c30f9807e2b4eb9
SHA1

51e9609e2e26c8eb392cc14435dcfdf8b0ee40d9
SHA256

6aec49c1be6e7920c03008bd324f832d46b8f51c17b4322cd8e76bef9a222c0f
SHA512

c7363ed4dd6362ee6df1dbb5a6c5d8e180bc21f6c132b062c0b67fc2b6b51af9b3c873faae1a14f4276543b24d342e9c71f56766e9c993ed3b7bab4a746d4ed3
SSDEEP

12288:tERVq31AQHW3W4KlqckjwfIVLUL7f2wx/hCzJjiLKTFp+33TW3Immr8wYbF0wp38:W3qeG4KUchcW2P0apQ3TKrox

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de9db329b22c52090c30f9807e2b4eb9

Files

de9db329b22c52090c30f9807e2b4eb9
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 610KB - Virtual size: 610KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 23KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ