sakula | 0637b8e46e4b1d39e25d2996bb4bf937592ff26949bd04faed5460615d05e9ca | Triage

Sharing

General

Target

0637b8e46e4b1d39e25d2996bb4bf937592ff26949bd04faed5460615d05e9ca
Size

150KB
MD5

19f6e000b7419f6b6a1c654e2f04253e
SHA1

aee45a18041781fd34a1aef1217751a6e54add5c
SHA256

0637b8e46e4b1d39e25d2996bb4bf937592ff26949bd04faed5460615d05e9ca
SHA512

176ca6fcaa75b6a9a6f21965dc20322797b3e9f0091ee500a162c8ae978ab96e922be4760085a285ad5605820597a8a234bd945e28809a1622ba61cbf2636b4f
SSDEEP

3072:H29DkEGRQixVSjLLJ30BWPOt5dQw+hyuGDInw1:H29qRfVSnt30Bbt+IhDF1

Score

10^/10

sakula

Malware Config

Signatures

Sakula Payload 1 IoCs

Processes:

resource yara_rule

sample family_sakula
Sakula family
sakula

Files

0637b8e46e4b1d39e25d2996bb4bf937592ff26949bd04faed5460615d05e9ca
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.Upack
Size: 107KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE