sakula | 56146eaf36e94f63c3aa267da50b966c977e697219df6e6bbab96591c0531a8d

Sharing

Copy URL Twitter E-mail

General

Target

56146eaf36e94f63c3aa267da50b966c977e697219df6e6bbab96591c0531a8d
Size

4.2MB
MD5

6bb5ca02a0d6ddaf5466da634523d810
SHA1

60cf5acfc85682d9c9c923de48a969b4bbe74b71
SHA256

56146eaf36e94f63c3aa267da50b966c977e697219df6e6bbab96591c0531a8d
SHA512

711f4a776f7906ded65b4a51f0378c5bb20b7cabf8dd0275b6595ed306904d761d3361a297184b826c4257f20effee398416fce669ebe7bb6ae68f013b8c14ab
SSDEEP

6144:N29qRfVSndj30Bk+7D2q49FZvV7RWJJWJQWJnWJfWJIWJAJN1WJAJcWJAJxWJAJM:FRfQntCX9

Score

10^/10

sakula

Malware Config

Extracted

Family

sakula

www.polarroute.com

Signatures

Sakula family
sakula

Sakula payload 1 IoCs

resource	yara_rule
sample	family_sakula

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56146eaf36e94f63c3aa267da50b966c977e697219df6e6bbab96591c0531a8d

Files

56146eaf36e94f63c3aa267da50b966c977e697219df6e6bbab96591c0531a8d
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 5KB - Virtual size: 25KB

new_imp Size: 3KB - Virtual size: 4KB

new_imp Size: 4KB - Virtual size: 4KB

new_imp Size: 4KB - Virtual size: 4KB

new_imp Size: 5KB - Virtual size: 5KB

new_imp Size: 5KB - Virtual size: 5KB

new_imp Size: 6KB - Virtual size: 6KB

new_imp Size: 11KB - Virtual size: 11KB

new_imp Size: 13KB - Virtual size: 13KB

new_imp Size: 14KB - Virtual size: 14KB

new_imp Size: 15KB - Virtual size: 15KB

new_imp Size: 15KB - Virtual size: 15KB

new_imp Size: 16KB - Virtual size: 16KB

new_imp Size: 19KB - Virtual size: 19KB

new_imp Size: 20KB - Virtual size: 20KB

new_imp Size: 21KB - Virtual size: 21KB

new_imp Size: 21KB - Virtual size: 21KB

new_imp Size: 22KB - Virtual size: 22KB

new_imp Size: 27KB - Virtual size: 27KB

new_imp Size: 28KB - Virtual size: 28KB

new_imp Size: 28KB - Virtual size: 28KB

new_imp Size: 29KB - Virtual size: 29KB

new_imp Size: 30KB - Virtual size: 30KB

new_imp Size: 32KB - Virtual size: 32KB

new_imp Size: 32KB - Virtual size: 32KB

new_imp Size: 35KB - Virtual size: 35KB

new_imp Size: 36KB - Virtual size: 36KB

new_imp Size: 36KB - Virtual size: 36KB

new_imp Size: 37KB - Virtual size: 37KB

new_imp Size: 38KB - Virtual size: 38KB

new_imp Size: 38KB - Virtual size: 38KB

new_imp Size: 41KB - Virtual size: 41KB

new_imp Size: 41KB - Virtual size: 41KB

new_imp Size: 42KB - Virtual size: 42KB

new_imp Size: 42KB - Virtual size: 42KB

new_imp Size: 44KB - Virtual size: 44KB

new_imp Size: 45KB - Virtual size: 45KB

new_imp Size: 46KB - Virtual size: 46KB

new_imp Size: 46KB - Virtual size: 46KB

new_imp Size: 48KB - Virtual size: 48KB

new_imp Size: 51KB - Virtual size: 51KB

new_imp Size: 51KB - Virtual size: 51KB

new_imp Size: 54KB - Virtual size: 54KB

new_imp Size: 54KB - Virtual size: 54KB

new_imp Size: 55KB - Virtual size: 55KB

new_imp Size: 55KB - Virtual size: 55KB

new_imp Size: 56KB - Virtual size: 56KB

new_imp Size: 61KB - Virtual size: 61KB

new_imp Size: 63KB - Virtual size: 63KB

new_imp Size: 66KB - Virtual size: 66KB

new_imp Size: 66KB - Virtual size: 66KB

new_imp Size: 66KB - Virtual size: 66KB

new_imp Size: 67KB - Virtual size: 67KB

new_imp Size: 70KB - Virtual size: 70KB

new_imp Size: 70KB - Virtual size: 70KB

new_imp Size: 70KB - Virtual size: 70KB

new_imp Size: 72KB - Virtual size: 72KB

new_imp Size: 74KB - Virtual size: 74KB

new_imp Size: 75KB - Virtual size: 75KB

new_imp Size: 78KB - Virtual size: 78KB

new_imp Size: 78KB - Virtual size: 78KB

new_imp Size: 79KB - Virtual size: 79KB

new_imp Size: 84KB - Virtual size: 84KB

new_imp Size: 85KB - Virtual size: 85KB

new_imp Size: 86KB - Virtual size: 86KB

new_imp Size: 87KB - Virtual size: 87KB

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 5KB - Virtual size: 25KB

new_imp
Size: 3KB - Virtual size: 4KB

new_imp
Size: 4KB - Virtual size: 4KB

new_imp
Size: 4KB - Virtual size: 4KB

new_imp
Size: 5KB - Virtual size: 5KB

new_imp
Size: 5KB - Virtual size: 5KB

new_imp
Size: 6KB - Virtual size: 6KB

new_imp
Size: 11KB - Virtual size: 11KB

new_imp
Size: 13KB - Virtual size: 13KB

new_imp
Size: 14KB - Virtual size: 14KB

new_imp
Size: 15KB - Virtual size: 15KB

new_imp
Size: 15KB - Virtual size: 15KB

new_imp
Size: 16KB - Virtual size: 16KB

new_imp
Size: 19KB - Virtual size: 19KB

new_imp
Size: 20KB - Virtual size: 20KB

new_imp
Size: 21KB - Virtual size: 21KB

new_imp
Size: 21KB - Virtual size: 21KB

new_imp
Size: 22KB - Virtual size: 22KB

new_imp
Size: 27KB - Virtual size: 27KB

new_imp
Size: 28KB - Virtual size: 28KB

new_imp
Size: 28KB - Virtual size: 28KB

new_imp
Size: 29KB - Virtual size: 29KB

new_imp
Size: 30KB - Virtual size: 30KB

new_imp
Size: 32KB - Virtual size: 32KB

new_imp
Size: 32KB - Virtual size: 32KB

new_imp
Size: 35KB - Virtual size: 35KB

new_imp
Size: 36KB - Virtual size: 36KB

new_imp
Size: 36KB - Virtual size: 36KB

new_imp
Size: 37KB - Virtual size: 37KB

new_imp
Size: 38KB - Virtual size: 38KB

new_imp
Size: 38KB - Virtual size: 38KB

new_imp
Size: 41KB - Virtual size: 41KB

new_imp
Size: 41KB - Virtual size: 41KB

new_imp
Size: 42KB - Virtual size: 42KB

new_imp
Size: 42KB - Virtual size: 42KB

new_imp
Size: 44KB - Virtual size: 44KB

new_imp
Size: 45KB - Virtual size: 45KB

new_imp
Size: 46KB - Virtual size: 46KB

new_imp
Size: 46KB - Virtual size: 46KB

new_imp
Size: 48KB - Virtual size: 48KB

new_imp
Size: 51KB - Virtual size: 51KB

new_imp
Size: 51KB - Virtual size: 51KB

new_imp
Size: 54KB - Virtual size: 54KB

new_imp
Size: 54KB - Virtual size: 54KB

new_imp
Size: 55KB - Virtual size: 55KB

new_imp
Size: 55KB - Virtual size: 55KB

new_imp
Size: 56KB - Virtual size: 56KB

new_imp
Size: 61KB - Virtual size: 61KB

new_imp
Size: 63KB - Virtual size: 63KB

new_imp
Size: 66KB - Virtual size: 66KB

new_imp
Size: 66KB - Virtual size: 66KB

new_imp
Size: 66KB - Virtual size: 66KB

new_imp
Size: 67KB - Virtual size: 67KB

new_imp
Size: 70KB - Virtual size: 70KB

new_imp
Size: 70KB - Virtual size: 70KB

new_imp
Size: 70KB - Virtual size: 70KB

new_imp
Size: 72KB - Virtual size: 72KB

new_imp
Size: 74KB - Virtual size: 74KB

new_imp
Size: 75KB - Virtual size: 75KB

new_imp
Size: 78KB - Virtual size: 78KB

new_imp
Size: 78KB - Virtual size: 78KB

new_imp
Size: 79KB - Virtual size: 79KB

new_imp
Size: 84KB - Virtual size: 84KB

new_imp
Size: 85KB - Virtual size: 85KB

new_imp
Size: 86KB - Virtual size: 86KB

new_imp
Size: 87KB - Virtual size: 87KB

new_imp
Size: 88KB - Virtual size: 88KB

new_imp
Size: 88KB - Virtual size: 88KB

new_imp
Size: 89KB - Virtual size: 89KB

new_imp
Size: 89KB - Virtual size: 89KB

new_imp
Size: 92KB - Virtual size: 92KB

new_imp
Size: 93KB - Virtual size: 93KB

new_imp
Size: 93KB - Virtual size: 93KB

new_imp
Size: 98KB - Virtual size: 98KB

new_imp
Size: 99KB - Virtual size: 99KB

new_imp
Size: 99KB - Virtual size: 99KB