modiloader | abe7301bf2f32f652c0317068168387a2828f27d1c755e2fda2336c0208c7477N | Triage

Sharing

General

Target

abe7301bf2f32f652c0317068168387a2828f27d1c755e2fda2336c0208c7477N
Size

1.3MB
MD5

0d0e5d826209927eb07f4e393eff6f90
SHA1

0cc3c1a211c87f4b13aea8a53b043dcdc0a375d9
SHA256

abe7301bf2f32f652c0317068168387a2828f27d1c755e2fda2336c0208c7477
SHA512

7750dfff7fe5138c8850e2141cd1e7b7c44b95a7693c82056bdf9372bea7033ce93b4ec558533afdefb63d99885822f2c9dda4e18cfc7fa3ee266c9663fdd0f3
SSDEEP

24576:L8EX1B+OLhKrDdPGrevewoRpaK8ui+8qG7Edy3+0:9Brm685j3+0

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abe7301bf2f32f652c0317068168387a2828f27d1c755e2fda2336c0208c7477N

Files

abe7301bf2f32f652c0317068168387a2828f27d1c755e2fda2336c0208c7477N
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ