modiloader | 44d42ece30e2d7afe9d31ef7947a2615d035070da1e01929121d354ed6607a8d_dump2_unpacked[.]exe | Triage

Sharing

General

Target

44d42ece30e2d7afe9d31ef7947a2615d035070da1e01929121d354ed6607a8d_dump2_unpacked.exe
Size

36KB
MD5

004dc4b3984b7f50337c056edb878dae
SHA1

9de109cd3ce5db214253c59ddef31cf62ee5f5a3
SHA256

d9d05fb8c86aefa003a4d1ed77b60ae0c077f04b7218d4672074f8cc1758481f
SHA512

1af3df59925e7aa625b1b6bb4b12ef622f83bf3b8bdd96b4a6170556253da114e440b4f79f1be1f0c346c2b82b1c834f28366bab2adee9377010a23b049bf451
SSDEEP

768:BycqOQ0bwMK2M3fQdS8Pfymg0M9EQfRg59xKPW:4cqOQbB3fQ48Pfymg0yxpg7xj

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44d42ece30e2d7afe9d31ef7947a2615d035070da1e01929121d354ed6607a8d_dump2_unpacked.exe

Files

44d42ece30e2d7afe9d31ef7947a2615d035070da1e01929121d354ed6607a8d_dump2_unpacked.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 7KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ