modiloader | b9e7d005e74450fdb390a7991c036d26d05ab3419e1b4f9c4a12d537441bb223 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b9e7d005e74450fdb390a7991c036d26d05ab3419e1b4f9c4a12d537441bb223
Size

657KB
MD5

7de3757649ccf198bbe483b3cbfbe60a
SHA1

30222c9c6c0a50aafb90c5551961c24b558208a1
SHA256

b9e7d005e74450fdb390a7991c036d26d05ab3419e1b4f9c4a12d537441bb223
SHA512

45083958b3c7f826c1317760eee9c5ad824ce858673432fa9d12a5f87312c3bc8078a99fabc72d40e9fc0a65ea265e410f0ea6d1182e9325c9c8b6192fbef0ef
SSDEEP

6144:dlr7EUTDsBVmLz1zcP792oax7LF6hutWdHlrOn/AFY8aUhS6kSkrsBgGSf4v1q8S:wUPe4LzeCrtgEoTo6kkH9BXRBQ3fcTo

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9e7d005e74450fdb390a7991c036d26d05ab3419e1b4f9c4a12d537441bb223

Files

b9e7d005e74450fdb390a7991c036d26d05ab3419e1b4f9c4a12d537441bb223
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 562KB - Virtual size: 562KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ