modiloader | f00e2fddaa320e0a37f6b817cea9189bce85acd96c4c20dbd11c2c795ef8011f

Sharing

Copy URL

Twitter E-mail

General

Target

f00e2fddaa320e0a37f6b817cea9189bce85acd96c4c20dbd11c2c795ef8011f
Size

683KB
MD5

e22ee7151c2cebbeb5f0b48097ab49bd
SHA1

5a3ea5db572b965729d7ea62576369b314bd4e98
SHA256

f00e2fddaa320e0a37f6b817cea9189bce85acd96c4c20dbd11c2c795ef8011f
SHA512

32e2f1d4d0b601e328d461c5f28df2a273b7988af8aff484fe93c4381fd91cf44fb984f2737de10b610ff431371d1e814d79aacf52077f0fdc74a067c305e04a
SSDEEP

12288:tsWdVgX1MwKcjZ+fEEIjEOyk/AXqUhKfa4fQfcW39o+esvT+:Nzg6wKcV+sECkXuD4HVesvT

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

f00e2fddaa320e0a37f6b817cea9189bce85acd96c4c20dbd11c2c795ef8011f
.exe windows:4 windows x86 arch:x86

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25-04-2007 00:00

Not After

09-07-2019 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:69:0c:9e:b1:7e:24:a7:a2:35:76:a8:7e:24:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

24-07-2009 00:00

Not After

24-07-2011 23:59

Subject

CN=广东雨林木风计算机科技有限公司,OU=WoSign Class 3 Code Signing,O=广东雨林木风计算机科技有限公司,L=东莞市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6e:01:97:9d:19:e1:99:be:1c:8c:20:ed:1d:48:c7:fe:fd:98:d4:34
Signer

Actual PE Digest

6e:01:97:9d:19:e1:99:be:1c:8c:20:ed:1d:48:c7:fe:fd:98:d4:34

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 613KB - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 22KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

5d:69:0c:9e:b1:7e:24:a7:a2:35:76:a8:7e:24:db:81Certificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

6e:01:97:9d:19:e1:99:be:1c:8c:20:ed:1d:48:c7:fe:fd:98:d4:34Signer

Headers

File Characteristics

Sections

CODE Size: 613KB - Virtual size: 612KB

DATA Size: 22KB - Virtual size: 22KB

BSS Size: - Virtual size: 22KB

.idata Size: 12KB - Virtual size: 11KB

.tls Size: - Virtual size: 20B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 38KB

.rsrc Size: 30KB - Virtual size: 29KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

5d:69:0c:9e:b1:7e:24:a7:a2:35:76:a8:7e:24:db:81
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

6e:01:97:9d:19:e1:99:be:1c:8c:20:ed:1d:48:c7:fe:fd:98:d4:34
Signer

CODE
Size: 613KB - Virtual size: 612KB

DATA
Size: 22KB - Virtual size: 22KB

BSS
Size: - Virtual size: 22KB

.idata
Size: 12KB - Virtual size: 11KB

.tls
Size: - Virtual size: 20B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 38KB

.rsrc
Size: 30KB - Virtual size: 29KB