modiloader | 2025-01-15_3137bab209db76863b31eaab5c33f496_kovter | Triage

Sharing

General

Target

2025-01-15_3137bab209db76863b31eaab5c33f496_kovter
Size

864KB
MD5

3137bab209db76863b31eaab5c33f496
SHA1

f75081a95a1a14ff2e682c71aae76817020936bf
SHA256

cb1be0fc78566c852881680fd1a2962b2a8b807f6a9db1aa7deffc5e343f9674
SHA512

50c6014724e190577c5df4763085915383e7605a606ac642bfb30afd2a6d5fcd6638f637c340a0ec2fd48752ade8a20146a498332c1ad5948444f75f3b7d0986
SSDEEP

6144:k2wPv4oiN1jIgAQjOThcVRB7Q+Yiq+BrlkaW3q4/ZdjqF1Tov7yuTlb5251VnHgx:ZcQVjQcVL7QgZlwaIre+bQ5jnNlw

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-01-15_3137bab209db76863b31eaab5c33f496_kovter

Files

2025-01-15_3137bab209db76863b31eaab5c33f496_kovter
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 343KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 18KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ