sakula | f78b023808b833dfabfc657d1c29ed45exeexeexe_JC[.]exe | Triage

Sharing

General

Target

f78b023808b833dfabfc657d1c29ed45exeexeexe_JC.exe
Size

100KB
MD5

f78b023808b833dfabfc657d1c29ed45
SHA1

8dbf05d74aa1c73b60eb0b35f84cb0ace069ac3b
SHA256

b0b8d65f306db533a0ac6b5fac2c112cd39d86740f23708e97c2ad29c561f688
SHA512

d02bf6843175b556fea886e3125be6177cdebe9190bad1ba67cf9226a63a9de65bc66d718d9dd0dc9c97b35ba40e9cbbbf38229cbfc3b3176d94779e535fd8b2
SSDEEP

1536:Loaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrsxB:c0hpgz6xGhZamyF30BoxB

Score

10^/10

sakula

Malware Config

Signatures

Sakula family
sakula
Sakula payload 1 IoCs

Processes:

resource yara_rule

sample family_sakula

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
f78b023808b833dfabfc657d1c29ed45exeexeexe_JC.exe

Files

f78b023808b833dfabfc657d1c29ed45exeexeexe_JC.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE