sakula | 1527bff07bff053669e60629577807db84aa1c7e029f56f3a2ba50952fd54ce8 | Triage

Sharing

General

Target

1527bff07bff053669e60629577807db84aa1c7e029f56f3a2ba50952fd54ce8
Size

100KB
MD5

44130c9141ab4240c90a6409ef3bc6f6
SHA1

9b226c997b72a653e5258b50ae1d42c521b59587
SHA256

1527bff07bff053669e60629577807db84aa1c7e029f56f3a2ba50952fd54ce8
SHA512

c93de25ff9a5ebb97f9e6e546f7a04a2be257a1b63ad9c3e8d13636c570231fec3e939ffbc46d2fdb8387923af0afc3297fe3449f7bb535aa3b97fbc07b9430f
SSDEEP

1536:Zoaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrJxz:K0hpgz6xGhZamyF30BNxz

Score

10^/10

sakula

Malware Config

Signatures

Sakula Payload 1 IoCs

Processes:

resource yara_rule

sample family_sakula
Sakula family
sakula

Files

1527bff07bff053669e60629577807db84aa1c7e029f56f3a2ba50952fd54ce8
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE