sakula | 131034ac291d31b6688a35a570fa9a8d0a20df8ab1c8e0a16553e12cab035ab0 | Triage

Sharing

General

Target

131034ac291d31b6688a35a570fa9a8d0a20df8ab1c8e0a16553e12cab035ab0
Size

99KB
MD5

ff043d850aa99146aea13c1eacddd9c7
SHA1

5a4aff36c661ecb93cb602171b44c83fa052a0ad
SHA256

131034ac291d31b6688a35a570fa9a8d0a20df8ab1c8e0a16553e12cab035ab0
SHA512

cec25aabcbe86f50a6c69ebd39280496daf471d2b6f12780cc1932bd3c6eb98a112243856b55e71054e24b6006a5b3e4529a512522cd4055bc440599a913c55c
SSDEEP

1536:Roaj1hJL1S9t0MIeboal8bCKxo7h0RPSaml0Nz30rtrd8b:i0hpgz6xGhpamyF30B58b

Score

10^/10

sakula

Malware Config

Signatures

Sakula Payload 1 IoCs

Processes:

resource yara_rule

sample family_sakula
Sakula family
sakula

Files

131034ac291d31b6688a35a570fa9a8d0a20df8ab1c8e0a16553e12cab035ab0
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE