modiloader | df035e43231b16ec82a2248837680323 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df035e43231b16ec82a2248837680323
Size

103KB
MD5

df035e43231b16ec82a2248837680323
SHA1

5375c6ef5a1fe203b7ea8d4c429314f80b021572
SHA256

18226a84025186dd8fa81ad1d7b556a4042d9afdcd7b83d86d846c6bc7bc7155
SHA512

f57d994e6dc5a36bc2e077dc84b97bf02b084e22431649139d8efa5b8aeb0d74bf34ac1ac2358b70a1a663cde1b48d364cac86c8c5307d1b50a44320ba85d179
SSDEEP

1536:aeIgoSP70nS/QAEEK6wgyLsaqOTB7YDUP3sKXsyD2DCoh:aPQTyStpKvukTB7eUF8yDGz

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df035e43231b16ec82a2248837680323

Files

df035e43231b16ec82a2248837680323
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ