modiloader | d0431768a6009910518c52fbbe55f700_NeikiAnalytics[.]exe | Triage

Sharing

General

Target

d0431768a6009910518c52fbbe55f700_NeikiAnalytics.exe
Size

1.4MB
MD5

d0431768a6009910518c52fbbe55f700
SHA1

d9f1b8dce4d2bb6b8bd83066e3d2c1969b849c14
SHA256

29c56103760206c97c0396ebdf8b6e759d7b4df8251601111f49e44574159273
SHA512

cd3d420880e81fc0980bc8bdb19786d9713c5cbcb82287af9b1ee107a4626d08ecd8d2229971fcf96b000be6cbb6a21a4d0542cd3abb75009bd5a1922e61031f
SSDEEP

12288:P3AzsgsK0MURR/FypkEOKE0Ezax+KyEzgTF/PrEKZpM8dtjywAkIJrOmrzsKZq0E:vAzQd57ypX+W8h/pQ8lAkIlOm/e66v

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader First Stage 1 IoCs

Processes:

resource yara_rule

sample modiloader_stage1
Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
d0431768a6009910518c52fbbe55f700_NeikiAnalytics.exe

Files

d0431768a6009910518c52fbbe55f700_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 243KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ