modiloader | 5dea4529bb0e6fe060a6f730b1933c79[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5dea4529bb0e6fe060a6f730b1933c79.bin
Size

207KB
MD5

30f696cad837fc7e2946edc99eff2cb1
SHA1

194b68c7da4c3db7f04b120c549c8e9d5084bbe8
SHA256

bc77774d437a164440588c81e0692e8b64970e448a83d8ed49cc2b85b02bc896
SHA512

cc1cc94b202ba0a8a4f060694b8cbf5092eefea7589b9e172f73792a39df4af61b532f1fc14a1cb9d4fd6d8a38a612c5ab3d1d968a37042ac55f4897dee54392
SSDEEP

6144:dCAontzJptyDJoGOqRrSuy9xziWlYTCP5RJ4tK7:ZYtzJptyFvrg7iWlYQRJJ7

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
static1/unpack001/53f4e080c306971a2dba4ac56e0623f8487185493af58800915b3dfed1d25a09.dll	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/53f4e080c306971a2dba4ac56e0623f8487185493af58800915b3dfed1d25a09.dll

Files

5dea4529bb0e6fe060a6f730b1933c79.bin
.zip

Password: infected
53f4e080c306971a2dba4ac56e0623f8487185493af58800915b3dfed1d25a09.dll
.dll windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

Sections

.
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ