sakula | 3b5f35e183dac56f55ea86f21dcb9b4d1cf68e4b957756bfb76da8baa9550184

Sharing

Copy URL Twitter E-mail

General

Target

3b5f35e183dac56f55ea86f21dcb9b4d1cf68e4b957756bfb76da8baa9550184
Size

202KB
MD5

ad207a4015a80d2c57da65242d4b371f
SHA1

157538cb6102aa8faf731d222c2d6fadfce2354b
SHA256

3b5f35e183dac56f55ea86f21dcb9b4d1cf68e4b957756bfb76da8baa9550184
SHA512

a4248fe242861ad1d74406520d88b3f86c43dfc8997986b98540e7fdc55cc9ea01ad168e1f599d7f8e2f833d7af83fc3958d9421f808dbbcf5762856b986ce7f
SSDEEP

6144:J29qRfVSndj30BkgbWiDOJIOJEJDOJEJhOJEJAOJEJEOJEJD:hRfQns

Score

10^/10

sakula

Malware Config

Extracted

Family

sakula

www.polarroute.com

Signatures

Sakula family
sakula

Sakula payload 1 IoCs

resource	yara_rule
sample	family_sakula

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b5f35e183dac56f55ea86f21dcb9b4d1cf68e4b957756bfb76da8baa9550184

Files

3b5f35e183dac56f55ea86f21dcb9b4d1cf68e4b957756bfb76da8baa9550184
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

new_imp
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 5KB - Virtual size: 25KB

new_imp Size: 3KB - Virtual size: 4KB

new_imp Size: 4KB - Virtual size: 4KB

new_imp Size: 9KB - Virtual size: 9KB

new_imp Size: 11KB - Virtual size: 11KB

new_imp Size: 12KB - Virtual size: 12KB

new_imp Size: 13KB - Virtual size: 13KB

new_imp Size: 14KB - Virtual size: 14KB

new_imp Size: 14KB - Virtual size: 14KB

new_imp Size: 15KB - Virtual size: 15KB

new_imp Size: 16KB - Virtual size: 16KB

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 5KB - Virtual size: 25KB

new_imp
Size: 3KB - Virtual size: 4KB

new_imp
Size: 4KB - Virtual size: 4KB

new_imp
Size: 9KB - Virtual size: 9KB

new_imp
Size: 11KB - Virtual size: 11KB

new_imp
Size: 12KB - Virtual size: 12KB

new_imp
Size: 13KB - Virtual size: 13KB

new_imp
Size: 14KB - Virtual size: 14KB

new_imp
Size: 14KB - Virtual size: 14KB

new_imp
Size: 15KB - Virtual size: 15KB

new_imp
Size: 16KB - Virtual size: 16KB