modiloader | b0b3f1cf850721349fe7acfb553e44a864a8bd0214b342cc4cba25bb2091319e[.]exe | Triage

Sharing

General

Target

b0b3f1cf850721349fe7acfb553e44a864a8bd0214b342cc4cba25bb2091319e.exe
Size

767KB
MD5

579828371585f1c6cb5a8fb8a251bd65
SHA1

46c2175271baaedd4c8fd8b43d1959a19635d7a1
SHA256

b0b3f1cf850721349fe7acfb553e44a864a8bd0214b342cc4cba25bb2091319e
SHA512

4acff0519188170d01a42d6e0e156bfd77f6237ae3fc87ef2e3b6095979fcbba9e7191e601ad2bd25e8c256d3bcda704a11ecd14eb01b9755e71ddd48442c787
SSDEEP

12288:Fd5WEIwkfQHILFwYrrVTp+ElQca3jCm475XQ8C1c:Fd5WEI7xHrVTp+E+Am4ZBC1c

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
sample	autoit_exe

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0b3f1cf850721349fe7acfb553e44a864a8bd0214b342cc4cba25bb2091319e.exe

Files

b0b3f1cf850721349fe7acfb553e44a864a8bd0214b342cc4cba25bb2091319e.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 934B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ