Behavioral task
behavioral1
Sample
2024-05-12_1a6f4d3a80c2616cc9615abee72be218_kovter.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2024-05-12_1a6f4d3a80c2616cc9615abee72be218_kovter.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-05-12_1a6f4d3a80c2616cc9615abee72be218_kovter
-
Size
426KB
-
MD5
1a6f4d3a80c2616cc9615abee72be218
-
SHA1
ffd758387d93c669556b3dbfefa88f58df2c4249
-
SHA256
d9a734a965a96922d744fb95233626da84b7fd1d2516f9fc2456db82c1416c45
-
SHA512
aa09f3ea041145354205d2582ab154fbc6127680c3b46b0b742e0d78499ba60bafb4a990e1f3d7cdff5c50ff666da88600f046e3df18a6920222a286c4706e18
-
SSDEEP
6144:Y7k2pjKk7y183vqi+Ugrdaq3yzOMBTjJ5KI0KBrE00INL05uEmg+vzjTq:YXpKk7yS3v9pa7yKM1d0I5yHINL1Rvq
Malware Config
Signatures
-
ModiLoader Second Stage 1 IoCs
Processes:
resource yara_rule sample modiloader_stage2 -
Modiloader family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2024-05-12_1a6f4d3a80c2616cc9615abee72be218_kovter
Files
-
2024-05-12_1a6f4d3a80c2616cc9615abee72be218_kovter.exe windows:1 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 366KB - Virtual size: 365KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 3KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ