sakula | 1539130fe2b47bb32a249080486660410041ca5bdeedec9fb4eb7f8bbcd352d3 | Triage

Sharing

General

Target

1539130fe2b47bb32a249080486660410041ca5bdeedec9fb4eb7f8bbcd352d3
Size

101KB
MD5

f144973672b7ab5a353891f831f4fc90
SHA1

d7a211c65e8ab611cadbc5a1330188b29791959f
SHA256

1539130fe2b47bb32a249080486660410041ca5bdeedec9fb4eb7f8bbcd352d3
SHA512

1b8de4a4725619530af7c0ab04963b7fb4a205fbb20d827ee5bcb7296f0ae8e8d9c98035cacfacf66369b7e40041e053a417ccba72c3b0beae5c9e133380c552
SSDEEP

1536:Roaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrpx3:i0hpgz6xGhZamyF30BNx3

Score

10^/10

sakula

Malware Config

Signatures

Sakula Payload 1 IoCs

Processes:

resource yara_rule

sample family_sakula
Sakula family
sakula

Files

1539130fe2b47bb32a249080486660410041ca5bdeedec9fb4eb7f8bbcd352d3
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE