sakula | 02f68925669ee7937e4d40c45522a647cad0d84bf82de94682fa1957785e66f7

Sharing

Copy URL

Twitter E-mail

General

Target

02f68925669ee7937e4d40c45522a647cad0d84bf82de94682fa1957785e66f7
Size

5.2MB
MD5

82a801529478f463148878aecba8f75b
SHA1

dc31ca34d15ecf84a1d3d16560089d382237cfbe
SHA256

02f68925669ee7937e4d40c45522a647cad0d84bf82de94682fa1957785e66f7
SHA512

e3bfcaa4f51704999e8bdad911babbff141f89f1ab15abb0ae6d06612527df630c821d68e87c652db76d6b62d365edda61d3f1a9ef7589905013d8b877a7e3c1
SSDEEP

6144:H29qRfVSnt30Bbt+IhDFAT/HAkJtkJxkJ5kJekJXkJuJ6kJuJZkJuJvkJuJmkJuG:TRfQnA+2m18i

Score

10^/10

sakula

Malware Config

Extracted

Family

sakula

www.polarroute.com

Signatures

Sakula family
sakula

Sakula payload 1 IoCs

resource	yara_rule
sample	family_sakula

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02f68925669ee7937e4d40c45522a647cad0d84bf82de94682fa1957785e66f7

Files

02f68925669ee7937e4d40c45522a647cad0d84bf82de94682fa1957785e66f7
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.Upack
Size: 107KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.Upack Size: 107KB - Virtual size: 108KB

.rsrc Size: 36KB - Virtual size: 68KB

.imports Size: 2KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 4KB

new_imp Size: 7KB - Virtual size: 7KB

new_imp Size: 12KB - Virtual size: 12KB

new_imp Size: 12KB - Virtual size: 12KB

new_imp Size: 13KB - Virtual size: 13KB

new_imp Size: 16KB - Virtual size: 16KB

new_imp Size: 17KB - Virtual size: 17KB

new_imp Size: 22KB - Virtual size: 22KB

new_imp Size: 22KB - Virtual size: 22KB

new_imp Size: 24KB - Virtual size: 24KB

new_imp Size: 28KB - Virtual size: 28KB

new_imp Size: 31KB - Virtual size: 31KB

new_imp Size: 31KB - Virtual size: 31KB

new_imp Size: 32KB - Virtual size: 32KB

new_imp Size: 33KB - Virtual size: 33KB

new_imp Size: 38KB - Virtual size: 38KB

new_imp Size: 39KB - Virtual size: 39KB

new_imp Size: 39KB - Virtual size: 39KB

new_imp Size: 39KB - Virtual size: 39KB

new_imp Size: 40KB - Virtual size: 40KB

new_imp Size: 41KB - Virtual size: 41KB

new_imp Size: 44KB - Virtual size: 44KB

new_imp Size: 44KB - Virtual size: 44KB

new_imp Size: 45KB - Virtual size: 45KB

new_imp Size: 48KB - Virtual size: 48KB

new_imp Size: 52KB - Virtual size: 52KB

new_imp Size: 52KB - Virtual size: 52KB

new_imp Size: 52KB - Virtual size: 52KB

new_imp Size: 53KB - Virtual size: 53KB

new_imp Size: 53KB - Virtual size: 53KB

new_imp Size: 54KB - Virtual size: 54KB

new_imp Size: 54KB - Virtual size: 54KB

new_imp Size: 57KB - Virtual size: 57KB

new_imp Size: 58KB - Virtual size: 58KB

new_imp Size: 60KB - Virtual size: 60KB

new_imp Size: 61KB - Virtual size: 61KB

new_imp Size: 62KB - Virtual size: 62KB

new_imp Size: 62KB - Virtual size: 62KB

new_imp Size: 63KB - Virtual size: 63KB

new_imp Size: 63KB - Virtual size: 63KB

new_imp Size: 64KB - Virtual size: 64KB

new_imp Size: 65KB - Virtual size: 65KB

new_imp Size: 65KB - Virtual size: 65KB

new_imp Size: 67KB - Virtual size: 67KB

new_imp Size: 67KB - Virtual size: 67KB

new_imp Size: 69KB - Virtual size: 69KB

new_imp Size: 73KB - Virtual size: 73KB

new_imp Size: 73KB - Virtual size: 73KB

new_imp Size: 75KB - Virtual size: 75KB

new_imp Size: 76KB - Virtual size: 76KB

new_imp Size: 77KB - Virtual size: 77KB

new_imp Size: 77KB - Virtual size: 77KB

new_imp Size: 78KB - Virtual size: 78KB

new_imp Size: 79KB - Virtual size: 79KB

new_imp Size: 79KB - Virtual size: 79KB

new_imp Size: 80KB - Virtual size: 80KB

new_imp Size: 81KB - Virtual size: 81KB

new_imp Size: 81KB - Virtual size: 81KB

new_imp Size: 82KB - Virtual size: 82KB

new_imp Size: 85KB - Virtual size: 85KB

new_imp Size: 85KB - Virtual size: 85KB

new_imp Size: 86KB - Virtual size: 86KB

new_imp Size: 89KB - Virtual size: 89KB

new_imp Size: 89KB - Virtual size: 89KB

new_imp Size: 90KB - Virtual size: 90KB

new_imp Size: 91KB - Virtual size: 91KB

new_imp Size: 92KB - Virtual size: 92KB

.Upack
Size: 107KB - Virtual size: 108KB

.rsrc
Size: 36KB - Virtual size: 68KB

.imports
Size: 2KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 4KB

new_imp
Size: 7KB - Virtual size: 7KB

new_imp
Size: 12KB - Virtual size: 12KB

new_imp
Size: 12KB - Virtual size: 12KB

new_imp
Size: 13KB - Virtual size: 13KB

new_imp
Size: 16KB - Virtual size: 16KB

new_imp
Size: 17KB - Virtual size: 17KB

new_imp
Size: 22KB - Virtual size: 22KB

new_imp
Size: 22KB - Virtual size: 22KB

new_imp
Size: 24KB - Virtual size: 24KB

new_imp
Size: 28KB - Virtual size: 28KB

new_imp
Size: 31KB - Virtual size: 31KB

new_imp
Size: 31KB - Virtual size: 31KB

new_imp
Size: 32KB - Virtual size: 32KB

new_imp
Size: 33KB - Virtual size: 33KB

new_imp
Size: 38KB - Virtual size: 38KB

new_imp
Size: 39KB - Virtual size: 39KB

new_imp
Size: 39KB - Virtual size: 39KB

new_imp
Size: 39KB - Virtual size: 39KB

new_imp
Size: 40KB - Virtual size: 40KB

new_imp
Size: 41KB - Virtual size: 41KB

new_imp
Size: 44KB - Virtual size: 44KB

new_imp
Size: 44KB - Virtual size: 44KB

new_imp
Size: 45KB - Virtual size: 45KB

new_imp
Size: 48KB - Virtual size: 48KB

new_imp
Size: 52KB - Virtual size: 52KB

new_imp
Size: 52KB - Virtual size: 52KB

new_imp
Size: 52KB - Virtual size: 52KB

new_imp
Size: 53KB - Virtual size: 53KB

new_imp
Size: 53KB - Virtual size: 53KB

new_imp
Size: 54KB - Virtual size: 54KB

new_imp
Size: 54KB - Virtual size: 54KB

new_imp
Size: 57KB - Virtual size: 57KB

new_imp
Size: 58KB - Virtual size: 58KB

new_imp
Size: 60KB - Virtual size: 60KB

new_imp
Size: 61KB - Virtual size: 61KB

new_imp
Size: 62KB - Virtual size: 62KB

new_imp
Size: 62KB - Virtual size: 62KB

new_imp
Size: 63KB - Virtual size: 63KB

new_imp
Size: 63KB - Virtual size: 63KB

new_imp
Size: 64KB - Virtual size: 64KB

new_imp
Size: 65KB - Virtual size: 65KB

new_imp
Size: 65KB - Virtual size: 65KB

new_imp
Size: 67KB - Virtual size: 67KB

new_imp
Size: 67KB - Virtual size: 67KB

new_imp
Size: 69KB - Virtual size: 69KB

new_imp
Size: 73KB - Virtual size: 73KB

new_imp
Size: 73KB - Virtual size: 73KB

new_imp
Size: 75KB - Virtual size: 75KB

new_imp
Size: 76KB - Virtual size: 76KB

new_imp
Size: 77KB - Virtual size: 77KB

new_imp
Size: 77KB - Virtual size: 77KB

new_imp
Size: 78KB - Virtual size: 78KB

new_imp
Size: 79KB - Virtual size: 79KB

new_imp
Size: 79KB - Virtual size: 79KB

new_imp
Size: 80KB - Virtual size: 80KB

new_imp
Size: 81KB - Virtual size: 81KB

new_imp
Size: 81KB - Virtual size: 81KB

new_imp
Size: 82KB - Virtual size: 82KB

new_imp
Size: 85KB - Virtual size: 85KB

new_imp
Size: 85KB - Virtual size: 85KB

new_imp
Size: 86KB - Virtual size: 86KB

new_imp
Size: 89KB - Virtual size: 89KB

new_imp
Size: 89KB - Virtual size: 89KB

new_imp
Size: 90KB - Virtual size: 90KB

new_imp
Size: 91KB - Virtual size: 91KB

new_imp
Size: 92KB - Virtual size: 92KB

new_imp
Size: 97KB - Virtual size: 97KB

new_imp
Size: 101KB - Virtual size: 101KB

new_imp
Size: 106KB - Virtual size: 106KB

new_imp
Size: 108KB - Virtual size: 108KB

new_imp
Size: 109KB - Virtual size: 109KB

new_imp
Size: 112KB - Virtual size: 112KB

new_imp
Size: 116KB - Virtual size: 116KB

new_imp
Size: 117KB - Virtual size: 117KB

new_imp
Size: 117KB - Virtual size: 117KB

new_imp
Size: 119KB - Virtual size: 119KB