modiloader | bcbd3859e5a7ee118149288749c7f210_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bcbd3859e5a7ee118149288749c7f210_NeikiAnalytics.exe
Size

420KB
MD5

bcbd3859e5a7ee118149288749c7f210
SHA1

5e06de320cf11169bf7ee2d8d3de99fffd9e3061
SHA256

0ce4411aba4ac218cfc3753489ff70d67ca0f5338d3aa6aed67b476c90c1ac6a
SHA512

156a6ea22997758f2dd713cededd9ee2ca37379c0a7efe0f500af1acbe0da4eb1fbc0b71512c37d3871900eab9d94ac8f76bcde9a17236881697392cbd202e1b
SSDEEP

6144:tBbwYFmuXawnert3ZncV5IfTUSY7ihnzKYbz+45KD6fjrV8w7IMO4ytYK/Ltfs+X:XYuqPt31czCwEKyKD6fd8w7AptRtr

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bcbd3859e5a7ee118149288749c7f210_NeikiAnalytics.exe

Files

bcbd3859e5a7ee118149288749c7f210_NeikiAnalytics.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 361KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ