sakula | 0b3e128c6e2142567c49a4765a827f310aef830fee9efcfa50fb7b590d2d7cf2 | Triage

Sharing

General

Target

0b3e128c6e2142567c49a4765a827f310aef830fee9efcfa50fb7b590d2d7cf2
Size

101KB
MD5

5c73f381c5b0c60fae0f5133c3e6cbc8
SHA1

16919faedfed2ca29334e3560d5927193bfcc6e3
SHA256

0b3e128c6e2142567c49a4765a827f310aef830fee9efcfa50fb7b590d2d7cf2
SHA512

c83512447d1d92abb86890a1515cbe7919dd9ec45c0ec3dbb18991a003ea9b739c49a4702b04295209e069edfb0d8a387b52fc3dc2a59edaf3841f234c7835bd
SSDEEP

1536:Roaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtr2xM:i0hpgz6xGhZamyF30BKxM

Score

10^/10

sakula

Malware Config

Signatures

Sakula Payload 1 IoCs

Processes:

resource yara_rule

sample family_sakula
Sakula family
sakula

Files

0b3e128c6e2142567c49a4765a827f310aef830fee9efcfa50fb7b590d2d7cf2
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE