sakula | 0ed9e601a569cfda688bc21cc52caab63e973f834a96742475112daa563db88d | Triage

Sharing

General

Target

0ed9e601a569cfda688bc21cc52caab63e973f834a96742475112daa563db88d
Size

101KB
MD5

fbc459bd5dac532c6117e838dc8ca894
SHA1

f724e9de3af6681500e38168346e0629e03672ec
SHA256

0ed9e601a569cfda688bc21cc52caab63e973f834a96742475112daa563db88d
SHA512

f282804628eb0cd961c906bbd4be0e4e75ce42e687cb0e5e92c332f2c9d86e1e8eb6e730282bd674c12596c487e9f5c5f4ad4970e52c77843ec42aaf9179b555
SSDEEP

1536:Roaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrGxm:i0hpgz6xGhZamyF30B6xm

Score

10^/10

sakula

Malware Config

Signatures

Sakula Payload 1 IoCs

Processes:

resource yara_rule

sample family_sakula
Sakula family
sakula

Files

0ed9e601a569cfda688bc21cc52caab63e973f834a96742475112daa563db88d
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE