modiloader | d167b30a9b3973d998f9b9f027993934570c826e73872516f492c5e920359198 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d167b30a9b3973d998f9b9f027993934570c826e73872516f492c5e920359198
Size

371KB
MD5

b3ce46a9148be0985617d9109e1d6266
SHA1

4882d70bee502c2b5224bdcdafc00a7d115a8e4a
SHA256

d167b30a9b3973d998f9b9f027993934570c826e73872516f492c5e920359198
SHA512

f8e21d79a88641b53adab6fd83ee1749cd63dbb2c3b47f704ef5c3e977710b8f7dd20da53dedcbf2d51bed3e0bd4c6114c5020ea1c16321db0057526156e489a
SSDEEP

6144:2A3dWC+V1q9b5zcd4w0Ea0FJmdleE0IoDe7Q0oJwf75szq1Yeb3yVlW9j1t7LouQ:2ANXUq9xk4ZeJmDeECDDwf7vLyWj5Cd

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader First Stage 1 IoCs

resource	yara_rule
static1/unpack001/View.exe	modiloader_stage1

ModiLoader Second Stage 1 IoCs

resource	yara_rule
static1/unpack001/View.exe	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/View.exe

Files

d167b30a9b3973d998f9b9f027993934570c826e73872516f492c5e920359198
.rar
License.txt
View.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 549KB - Virtual size: 549KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
readme.txt
skin.skn
下载说明.htm
.html .js polyglot