kutaki | pola | Triage

Sharing

General

Target

pola
Size

1.7MB
MD5

86a4537b1cc643afee6d0916ca6516a2
SHA1

aabdd09756d67da66aef310ae922a585d203f434
SHA256

18e70f312521ef5fd680b5c40bf833a4fe9ce7ad42c561bfb0751a85a34d175c
SHA512

c950682e475ba67d6b65cfb1a3f996a69edb05978653ab2598baae5a8974180c5dee3c31cfa15d99c07763ecacaac32f91daa058f948a1911f4c6701bc3f6871
SSDEEP

24576:5bmMjlxu1t+S0kLaSW/u/a+DzovnwNnxV/gb7e2AsvwbR281z7fmP/UDMS08CknU:5nlAR0kL1t8nO/CAsn81z7fmP/SA8NU

Score

10^/10

kutaki

Malware Config

Signatures

Kutaki Executable 1 IoCs

resource	yara_rule
sample	family_kutaki

Kutaki family
kutaki

Files

pola
.exe windows x86

7ea6739a929ad151581b4646f2f96730

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord660
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord610
ord612
ord613
ord616
ord617
ord618
ord619
ord546
ord581

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ