sakula | 0af2249207403647a8635058cc7340379257e94a1a111fbdaed17a7bb547e2c9 | Triage

Sharing

General

Target

0af2249207403647a8635058cc7340379257e94a1a111fbdaed17a7bb547e2c9
Size

101KB
MD5

be36dab106c8d5da527d12cdf1868192
SHA1

ef5be3b0d1327662e186b0f847ccd23ccee5728b
SHA256

0af2249207403647a8635058cc7340379257e94a1a111fbdaed17a7bb547e2c9
SHA512

1d0ba0365518c373c9f2a969e4ada04c8870e79a651cf7efea21bb6830bec74bc0308e5a56df72c55e7f4bc5f1f32dd5689ec3b0023a3753d88a9dbb8e929569
SSDEEP

1536:Roaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrPxG:i0hpgz6xGhZamyF30B7xG

Score

10^/10

sakula

Malware Config

Signatures

Sakula Payload 1 IoCs

Processes:

resource yara_rule

sample family_sakula
Sakula family
sakula

Files

0af2249207403647a8635058cc7340379257e94a1a111fbdaed17a7bb547e2c9
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE