sakula | 2db67f0f93300be187b2efd34afc82b1

Sharing

Copy URL

Twitter E-mail

General

Target

2db67f0f93300be187b2efd34afc82b1
Size

3.6MB
MD5

2db67f0f93300be187b2efd34afc82b1
SHA1

7be57d066dc49677951de40a198c7a6355cdb8bd
SHA256

9f2cc213108a119a3fcd93915f48661ba83444906111b7b2af4450973e9cf04c
SHA512

b3924098b874a2f537164ae474da9a9052852436d45149909b4516fd6aec63c7b6a5f70d4823ed2b2d1ddc8ed921d33434637111752a62c6b4d11d7e3d0784b2
SSDEEP

49152:o852ZjeUNZZH46HsnHVT5ZA+acdD6xXTI1:oU6eUNZZJHsHj

Score

10^/10

sakula

Malware Config

Extracted

Family

sakula

www.polarroute.com

Signatures

Sakula family
sakula
Sakula payload 1 IoCs

Processes:

resource yara_rule

sample family_sakula
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

2db67f0f93300be187b2efd34afc82b1

resource	yara_rule
sample	family_sakula

resource
2db67f0f93300be187b2efd34afc82b1

Files

2db67f0f93300be187b2efd34afc82b1
.exe windows:5 windows x86 arch:x86

4511896d043677e4ab4578dc5bcab5a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
VirtualFree
ExpandEnvironmentStringsA
WriteFile
OpenProcess
WideCharToMultiByte
GetVolumeInformationA
Sleep
SizeofResource
CreateProcessA
TerminateProcess
ReadFile
GetSystemDirectoryA
MultiByteToWideChar
GetTickCount
CreateDirectoryA
GetStartupInfoA
FindFirstFileA
GetLastError
VirtualAlloc
FindClose
LockResource
CreatePipe
GetModuleFileNameA
GetVersionExA
WinExec
CloseHandle
GetCurrentProcessId
GetTempPathA
GetCurrentProcess
LoadResource
PeekNamedPipe
SetFilePointer
SetPriorityClass
FindResourceA
GetFileSize
CreateFileA
GetComputerNameA
SetThreadPriority
ExitProcess
GetProcessHeap
SetEndOfFile
GetStringTypeW
GetStringTypeA
GetModuleHandleW
GetProcAddress
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapCreate
HeapReAlloc
RtlUnwind
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
LCMapStringA
LCMapStringW

advapi32

RegOpenKeyA
GetUserNameA
FreeSid
AllocateAndInitializeSid
RegDeleteKeyA
EqualSid
RegSetValueExA
GetTokenInformation
OpenProcessToken
RegCloseKey

shell32

SHChangeNotify
ord680
ShellExecuteA

wininet

HttpOpenRequestA
InternetOpenUrlA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetReadFile

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

rqqSnjff
Size: 28KB - Virtual size: 27KB

ZuYDnQus
Size: 63KB - Virtual size: 63KB

abHfUQdm
Size: 11KB - Virtual size: 11KB

aFYOmKuK
Size: 916KB - Virtual size: 916KB

WMfUQWYO
Size: 15KB - Virtual size: 15KB

LxpHtypF
Size: 54KB - Virtual size: 53KB

LdmyUECW
Size: 10KB - Virtual size: 9KB

kdaerigj
Size: 5KB - Virtual size: 5KB

xTRBCPWY
Size: 512B - Virtual size: 91B

fftIrTla
Size: 305KB - Virtual size: 305KB

NizCKrUC
Size: 11KB - Virtual size: 10KB

IprxNhVf
Size: 6KB - Virtual size: 6KB

JKZYzPll
Size: 12KB - Virtual size: 12KB

HIXqrxkJ
Size: 23KB - Virtual size: 22KB

RDtOwzVL
Size: 3KB - Virtual size: 2KB

YDsjwdEx
Size: 63KB - Virtual size: 63KB

hQZOjuog
Size: 512B - Virtual size: 133B

OtXJFDvu
Size: 38KB - Virtual size: 38KB

FznUrUCN
Size: 135KB - Virtual size: 134KB

JfFuCXrf
Size: 29KB - Virtual size: 29KB

HGcIWQRy
Size: 30KB - Virtual size: 30KB

AJmsKGbw
Size: 35KB - Virtual size: 35KB

EFzaxNcL
Size: 61KB - Virtual size: 60KB

CGJXvUhi
Size: 17KB - Virtual size: 16KB

ukrzpJoB
Size: 28KB - Virtual size: 27KB

GuPICjot
Size: 57KB - Virtual size: 57KB

ZcmEeNKj
Size: 45KB - Virtual size: 44KB

imAvGnBY
Size: 2KB - Virtual size: 1KB

ycsaxIVa
Size: 1KB - Virtual size: 1KB

PAtCkyGF
Size: 20KB - Virtual size: 19KB

PQzBnzRm
Size: 42KB - Virtual size: 42KB

lvELgNaP
Size: 128KB - Virtual size: 128KB

YRhvjzWp
Size: 46KB - Virtual size: 45KB

qmtpBCdl
Size: 43KB - Virtual size: 43KB

DvAjtUkn
Size: 13KB - Virtual size: 12KB

wGLsFIMc
Size: 58KB - Virtual size: 58KB

bazcjlrZ
Size: 37KB - Virtual size: 37KB

GjdHXVji
Size: 55KB - Virtual size: 55KB

SODgnvVW
Size: 75KB - Virtual size: 74KB

EgEgCKgc
Size: 111KB - Virtual size: 110KB

gLwyhHCo
Size: 47KB - Virtual size: 47KB

upvZjeBx
Size: 129KB - Virtual size: 128KB

hzWJOiXi
Size: 28KB - Virtual size: 28KB

NznCbZJJ
Size: 512B - Virtual size: 71B

HTBhicBt
Size: 63KB - Virtual size: 62KB

odFgHOqZ
Size: 30KB - Virtual size: 30KB

dXRHzUFF
Size: 31KB - Virtual size: 30KB

BXekBvqa
Size: 30KB - Virtual size: 29KB

yeQXQtrW
Size: 93KB - Virtual size: 93KB

jhRClita
Size: 2KB - Virtual size: 2KB

MzQXqyEH
Size: 18KB - Virtual size: 17KB

QJuVQkwd
Size: 50KB - Virtual size: 50KB

IYEdEzSB
Size: 62KB - Virtual size: 62KB

EHUAflDA
Size: 14KB - Virtual size: 13KB

VecDFUyp
Size: 56KB - Virtual size: 55KB

ZKFzpjAn
Size: 512B - Virtual size: 283B

ngiSdeBw
Size: 10KB - Virtual size: 9KB

cxZzyaIH
Size: 115KB - Virtual size: 114KB

JYUTVgVX
Size: 40KB - Virtual size: 40KB

yRUlPwte
Size: 1KB - Virtual size: 1KB

TpfbyGoH
Size: 27KB - Virtual size: 27KB

KSTWMpTK
Size: 512B - Virtual size: 14B

xvVXLepS
Size: 31KB - Virtual size: 30KB

gcQawThu
Size: 32KB - Virtual size: 31KB

KmmRvNyK
Size: 27KB - Virtual size: 27KB

gLNFJDcW
Size: 5KB - Virtual size: 5KB

DRuhsAid
Size: 2KB - Virtual size: 2KB

Sharing

General

Malware Config

Extracted

Signatures

Files

4511896d043677e4ab4578dc5bcab5a0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

wininet

Sections

.text Size: 55KB - Virtual size: 54KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 5KB - Virtual size: 4KB

rqqSnjff Size: 28KB - Virtual size: 27KB

ZuYDnQus Size: 63KB - Virtual size: 63KB

abHfUQdm Size: 11KB - Virtual size: 11KB

aFYOmKuK Size: 916KB - Virtual size: 916KB

WMfUQWYO Size: 15KB - Virtual size: 15KB

LxpHtypF Size: 54KB - Virtual size: 53KB

LdmyUECW Size: 10KB - Virtual size: 9KB

kdaerigj Size: 5KB - Virtual size: 5KB

xTRBCPWY Size: 512B - Virtual size: 91B

fftIrTla Size: 305KB - Virtual size: 305KB

NizCKrUC Size: 11KB - Virtual size: 10KB

IprxNhVf Size: 6KB - Virtual size: 6KB

JKZYzPll Size: 12KB - Virtual size: 12KB

HIXqrxkJ Size: 23KB - Virtual size: 22KB

RDtOwzVL Size: 3KB - Virtual size: 2KB

YDsjwdEx Size: 63KB - Virtual size: 63KB

hQZOjuog Size: 512B - Virtual size: 133B

OtXJFDvu Size: 38KB - Virtual size: 38KB

FznUrUCN Size: 135KB - Virtual size: 134KB

JfFuCXrf Size: 29KB - Virtual size: 29KB

HGcIWQRy Size: 30KB - Virtual size: 30KB

AJmsKGbw Size: 35KB - Virtual size: 35KB

EFzaxNcL Size: 61KB - Virtual size: 60KB

CGJXvUhi Size: 17KB - Virtual size: 16KB

ukrzpJoB Size: 28KB - Virtual size: 27KB

GuPICjot Size: 57KB - Virtual size: 57KB

ZcmEeNKj Size: 45KB - Virtual size: 44KB

imAvGnBY Size: 2KB - Virtual size: 1KB

ycsaxIVa Size: 1KB - Virtual size: 1KB

PAtCkyGF Size: 20KB - Virtual size: 19KB

PQzBnzRm Size: 42KB - Virtual size: 42KB

lvELgNaP Size: 128KB - Virtual size: 128KB

YRhvjzWp Size: 46KB - Virtual size: 45KB

qmtpBCdl Size: 43KB - Virtual size: 43KB

DvAjtUkn Size: 13KB - Virtual size: 12KB

wGLsFIMc Size: 58KB - Virtual size: 58KB

bazcjlrZ Size: 37KB - Virtual size: 37KB

GjdHXVji Size: 55KB - Virtual size: 55KB

SODgnvVW Size: 75KB - Virtual size: 74KB

EgEgCKgc Size: 111KB - Virtual size: 110KB

gLwyhHCo Size: 47KB - Virtual size: 47KB

upvZjeBx Size: 129KB - Virtual size: 128KB

hzWJOiXi Size: 28KB - Virtual size: 28KB

NznCbZJJ Size: 512B - Virtual size: 71B

HTBhicBt Size: 63KB - Virtual size: 62KB

odFgHOqZ Size: 30KB - Virtual size: 30KB

dXRHzUFF Size: 31KB - Virtual size: 30KB

BXekBvqa Size: 30KB - Virtual size: 29KB

yeQXQtrW Size: 93KB - Virtual size: 93KB

jhRClita Size: 2KB - Virtual size: 2KB

MzQXqyEH Size: 18KB - Virtual size: 17KB

QJuVQkwd Size: 50KB - Virtual size: 50KB

IYEdEzSB Size: 62KB - Virtual size: 62KB

EHUAflDA Size: 14KB - Virtual size: 13KB

VecDFUyp Size: 56KB - Virtual size: 55KB

ZKFzpjAn Size: 512B - Virtual size: 283B

ngiSdeBw Size: 10KB - Virtual size: 9KB

cxZzyaIH Size: 115KB - Virtual size: 114KB

JYUTVgVX Size: 40KB - Virtual size: 40KB

.text
Size: 55KB - Virtual size: 54KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 5KB - Virtual size: 4KB

rqqSnjff
Size: 28KB - Virtual size: 27KB

ZuYDnQus
Size: 63KB - Virtual size: 63KB

abHfUQdm
Size: 11KB - Virtual size: 11KB

aFYOmKuK
Size: 916KB - Virtual size: 916KB

WMfUQWYO
Size: 15KB - Virtual size: 15KB

LxpHtypF
Size: 54KB - Virtual size: 53KB

LdmyUECW
Size: 10KB - Virtual size: 9KB

kdaerigj
Size: 5KB - Virtual size: 5KB

xTRBCPWY
Size: 512B - Virtual size: 91B

fftIrTla
Size: 305KB - Virtual size: 305KB

NizCKrUC
Size: 11KB - Virtual size: 10KB

IprxNhVf
Size: 6KB - Virtual size: 6KB

JKZYzPll
Size: 12KB - Virtual size: 12KB

HIXqrxkJ
Size: 23KB - Virtual size: 22KB

RDtOwzVL
Size: 3KB - Virtual size: 2KB

YDsjwdEx
Size: 63KB - Virtual size: 63KB

hQZOjuog
Size: 512B - Virtual size: 133B

OtXJFDvu
Size: 38KB - Virtual size: 38KB

FznUrUCN
Size: 135KB - Virtual size: 134KB

JfFuCXrf
Size: 29KB - Virtual size: 29KB

HGcIWQRy
Size: 30KB - Virtual size: 30KB

AJmsKGbw
Size: 35KB - Virtual size: 35KB

EFzaxNcL
Size: 61KB - Virtual size: 60KB

CGJXvUhi
Size: 17KB - Virtual size: 16KB

ukrzpJoB
Size: 28KB - Virtual size: 27KB

GuPICjot
Size: 57KB - Virtual size: 57KB

ZcmEeNKj
Size: 45KB - Virtual size: 44KB

imAvGnBY
Size: 2KB - Virtual size: 1KB

ycsaxIVa
Size: 1KB - Virtual size: 1KB

PAtCkyGF
Size: 20KB - Virtual size: 19KB

PQzBnzRm
Size: 42KB - Virtual size: 42KB

lvELgNaP
Size: 128KB - Virtual size: 128KB

YRhvjzWp
Size: 46KB - Virtual size: 45KB

qmtpBCdl
Size: 43KB - Virtual size: 43KB

DvAjtUkn
Size: 13KB - Virtual size: 12KB

wGLsFIMc
Size: 58KB - Virtual size: 58KB

bazcjlrZ
Size: 37KB - Virtual size: 37KB

GjdHXVji
Size: 55KB - Virtual size: 55KB

SODgnvVW
Size: 75KB - Virtual size: 74KB

EgEgCKgc
Size: 111KB - Virtual size: 110KB

gLwyhHCo
Size: 47KB - Virtual size: 47KB

upvZjeBx
Size: 129KB - Virtual size: 128KB

hzWJOiXi
Size: 28KB - Virtual size: 28KB

NznCbZJJ
Size: 512B - Virtual size: 71B

HTBhicBt
Size: 63KB - Virtual size: 62KB

odFgHOqZ
Size: 30KB - Virtual size: 30KB

dXRHzUFF
Size: 31KB - Virtual size: 30KB

BXekBvqa
Size: 30KB - Virtual size: 29KB

yeQXQtrW
Size: 93KB - Virtual size: 93KB

jhRClita
Size: 2KB - Virtual size: 2KB

MzQXqyEH
Size: 18KB - Virtual size: 17KB

QJuVQkwd
Size: 50KB - Virtual size: 50KB

IYEdEzSB
Size: 62KB - Virtual size: 62KB

EHUAflDA
Size: 14KB - Virtual size: 13KB

VecDFUyp
Size: 56KB - Virtual size: 55KB

ZKFzpjAn
Size: 512B - Virtual size: 283B

ngiSdeBw
Size: 10KB - Virtual size: 9KB

cxZzyaIH
Size: 115KB - Virtual size: 114KB

JYUTVgVX
Size: 40KB - Virtual size: 40KB

yRUlPwte
Size: 1KB - Virtual size: 1KB

TpfbyGoH
Size: 27KB - Virtual size: 27KB

KSTWMpTK
Size: 512B - Virtual size: 14B

xvVXLepS
Size: 31KB - Virtual size: 30KB

gcQawThu
Size: 32KB - Virtual size: 31KB

KmmRvNyK
Size: 27KB - Virtual size: 27KB

gLNFJDcW
Size: 5KB - Virtual size: 5KB

DRuhsAid
Size: 2KB - Virtual size: 2KB