sakula | 16fd3ddf1bb9f256a8bfbd366c11b0850b82034901e355db18b828a2d8ac0524 | Triage

Sharing

General

Target

16fd3ddf1bb9f256a8bfbd366c11b0850b82034901e355db18b828a2d8ac0524
Size

99KB
MD5

ec08c115d208bc8c52eb2bab322e3cee
SHA1

5f86be200dbb43e368ee4eef6a8190e677acf321
SHA256

16fd3ddf1bb9f256a8bfbd366c11b0850b82034901e355db18b828a2d8ac0524
SHA512

a0b28cc854c23a94330ef3add2d8a24b93ac3060a6d12681a43ea689734bcfe2a43790ece9b8d672f4e20f06245d1d04f13aa91342d81e5980363f07db9db6a4
SSDEEP

1536:Roaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrzxz:i0hpgz6xGhZamyF30Bnxz

Score

10^/10

sakula

Malware Config

Signatures

Sakula Payload 1 IoCs

Processes:

resource yara_rule

sample family_sakula
Sakula family
sakula

Files

16fd3ddf1bb9f256a8bfbd366c11b0850b82034901e355db18b828a2d8ac0524
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE