sakula | 0d5866e603b35f9f3b35dc4204625b21b9d1f07bc7d0c55b30213d7fe8227c51 | Triage

Sharing

General

Target

0d5866e603b35f9f3b35dc4204625b21b9d1f07bc7d0c55b30213d7fe8227c51
Size

101KB
MD5

48afccb55937423536ece071c56afe41
SHA1

85bf8a67a8010081c3e22b394fc2781a67abd007
SHA256

0d5866e603b35f9f3b35dc4204625b21b9d1f07bc7d0c55b30213d7fe8227c51
SHA512

dcf37b21ed3ad2312fa4cb9a8862be903523da8165689ecdf1cf2072013aed28ce3ba3e8c4909ff5b54ce9420bf6b3e0f0c4df2368bf146bc86be3189d65029e
SSDEEP

1536:Roaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrpxm:i0hpgz6xGhZamyF30BNxm

Score

10^/10

sakula

Malware Config

Signatures

Sakula Payload 1 IoCs

Processes:

resource yara_rule

sample family_sakula
Sakula family
sakula

Files

0d5866e603b35f9f3b35dc4204625b21b9d1f07bc7d0c55b30213d7fe8227c51
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE