sakula | 3d094d0568f3f0ba2015e67054c8b88b

Sharing

Copy URL

Twitter E-mail

General

Target

3d094d0568f3f0ba2015e67054c8b88b
Size

3.9MB
MD5

3d094d0568f3f0ba2015e67054c8b88b
SHA1

5499e0bd407ebb1c4be9c66d47d220e13cac96be
SHA256

f8676adb311a64a8a21b0215820aea8408b809addd5982e1f821ea805914e069
SHA512

2a4baa6dad6b83fd571ef3a6b9a8f913d7a243049f79b8e0df42bf36daf571a070190b1e5bf4912b1547cba5c9241b0bd985bb9b0888480c4415876ae18002f1
SSDEEP

24576:j0Xx/6oTNa1h3Qh3O+ZrIb1Eu8CTPq30pYZMmjjTjuSE5DBMYo:j+5TY76HZ68kQ0paMmjjTjzeaYo

Score

10^/10

sakula

Malware Config

Signatures

Sakula family
sakula
Sakula payload 1 IoCs

Processes:

resource yara_rule

sample family_sakula
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

3d094d0568f3f0ba2015e67054c8b88b

resource	yara_rule
sample	family_sakula

resource
3d094d0568f3f0ba2015e67054c8b88b

Files

3d094d0568f3f0ba2015e67054c8b88b
.exe windows:5 windows x86 arch:x86

539502771da573641ecc7f6497e39f8f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
VirtualFree
ExpandEnvironmentStringsA
WriteFile
OpenProcess
WideCharToMultiByte
GetVolumeInformationA
Sleep
SizeofResource
CreateProcessA
ReadFile
GetSystemDirectoryA
MultiByteToWideChar
SetThreadPriority
GetTickCount
GetStartupInfoA
FindFirstFileA
GetLastError
VirtualAlloc
FindClose
LockResource
CreatePipe
GetModuleFileNameA
GetVersionExA
WinExec
CloseHandle
GetCurrentProcessId
GetTempPathA
GetCurrentProcess
LoadResource
PeekNamedPipe
SetFilePointer
SetPriorityClass
FindResourceA
GetFileSize
CreateFileA
GetComputerNameA
CreateDirectoryA
ExitProcess
CreateFileW
GetProcessHeap
SetEndOfFile
HeapReAlloc
GetStringTypeW
LCMapStringW
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetProcAddress
GetModuleHandleW
DecodePointer
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetStdHandle
GetModuleFileNameW
HeapCreate
RtlUnwind
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
IsProcessorFeaturePresent

advapi32

RegOpenKeyA
GetUserNameA
FreeSid
AllocateAndInitializeSid
RegDeleteKeyA
EqualSid
RegSetValueExA
GetTokenInformation
OpenProcessToken
RegCloseKey

shell32

SHChangeNotify
ord680
ShellExecuteA

wininet

HttpOpenRequestA
InternetOpenUrlA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetReadFile

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

YthjTtdK
Size: 36KB - Virtual size: 35KB

nZthxIkr
Size: 104KB - Virtual size: 103KB

TYERhsVL
Size: 18KB - Virtual size: 18KB

LTyKWdmL
Size: 122KB - Virtual size: 121KB

cXApKzpX
Size: 166KB - Virtual size: 165KB

OHXDivfp
Size: 5KB - Virtual size: 4KB

EADUrKCs
Size: 73KB - Virtual size: 73KB

WMzkEhJt
Size: 38KB - Virtual size: 37KB

FMeVVyMJ
Size: 3KB - Virtual size: 2KB

cDLjAPnl
Size: 252KB - Virtual size: 252KB

UAqkVkPt
Size: 33KB - Virtual size: 32KB

AAICZdzy
Size: 5KB - Virtual size: 4KB

IdHtIPFh
Size: 82KB - Virtual size: 81KB

rswxrnpN
Size: 23KB - Virtual size: 23KB

kKsQAkMH
Size: 139KB - Virtual size: 139KB

lYdLAJgH
Size: 75KB - Virtual size: 74KB

boLdeWKF
Size: 512B - Virtual size: 110B

vxvHJARj
Size: 270KB - Virtual size: 270KB

OKeqeIFb
Size: 108KB - Virtual size: 107KB

sWdCNdXo
Size: 195KB - Virtual size: 194KB

aOOumIfm
Size: 44KB - Virtual size: 43KB

ViSMaIKq
Size: 124KB - Virtual size: 124KB

wQKMzjRy
Size: 21KB - Virtual size: 20KB

KeERJrpF
Size: 7KB - Virtual size: 6KB

oJbZsuWv
Size: 41KB - Virtual size: 40KB

EeWNNVBr
Size: 64KB - Virtual size: 64KB

yCpVDjJP
Size: 29KB - Virtual size: 28KB

RBKWARaf
Size: 15KB - Virtual size: 15KB

wdRRxhZJ
Size: 2KB - Virtual size: 2KB

XOCDHLcp
Size: 17KB - Virtual size: 17KB

SSFqjgSJ
Size: 39KB - Virtual size: 39KB

EizEvGcw
Size: 44KB - Virtual size: 44KB

JdlTsRVw
Size: 57KB - Virtual size: 56KB

QrAFSlSk
Size: 9KB - Virtual size: 9KB

DrsmHyjm
Size: 35KB - Virtual size: 34KB

FMbNDdhh
Size: 31KB - Virtual size: 30KB

IhmPwwpL
Size: 31KB - Virtual size: 31KB

QCHuBcxm
Size: 66KB - Virtual size: 66KB

WhAczAlJ
Size: 100KB - Virtual size: 100KB

ZHaRwohD
Size: 170KB - Virtual size: 170KB

fWccgoMv
Size: 85KB - Virtual size: 85KB

ckHnXUHS
Size: 78KB - Virtual size: 78KB

LbZHwhqZ
Size: 32KB - Virtual size: 31KB

rwPJSCYH
Size: 30KB - Virtual size: 30KB

fDnwZvCk
Size: 103KB - Virtual size: 102KB

xquJTdei
Size: 51KB - Virtual size: 50KB

SGFRyOQs
Size: 42KB - Virtual size: 41KB

xlthyUeF
Size: 44KB - Virtual size: 44KB

cHZEsKrm
Size: 47KB - Virtual size: 47KB

bIlcqAsd
Size: 4KB - Virtual size: 4KB

vbknPSpF
Size: 47KB - Virtual size: 47KB

VWjgrFOL
Size: 37KB - Virtual size: 37KB

XAohaPuI
Size: 6KB - Virtual size: 5KB

clxNtTNS
Size: 2KB - Virtual size: 2KB

rMOCXTLm
Size: 31KB - Virtual size: 31KB

BSypJQwJ
Size: 36KB - Virtual size: 35KB

zmWALxuL
Size: 54KB - Virtual size: 53KB

ybTSPvph
Size: 13KB - Virtual size: 13KB

EnprsHUt
Size: 4KB - Virtual size: 3KB

HRFKniXC
Size: 2KB - Virtual size: 2KB

ZJUDkCPj
Size: 73KB - Virtual size: 72KB

SAIMbSjK
Size: 512B - Virtual size: 135B

BSZTKEZX
Size: 10KB - Virtual size: 10KB

KloVOCqn
Size: 8KB - Virtual size: 7KB

FFeqKPWg
Size: 363KB - Virtual size: 362KB

EkThKCAz
Size: 16KB - Virtual size: 16KB

RgNdonhV
Size: 6KB - Virtual size: 6KB

Sharing

General

Malware Config

Signatures

Files

539502771da573641ecc7f6497e39f8f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

wininet

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 4KB - Virtual size: 3KB

YthjTtdK Size: 36KB - Virtual size: 35KB

nZthxIkr Size: 104KB - Virtual size: 103KB

TYERhsVL Size: 18KB - Virtual size: 18KB

LTyKWdmL Size: 122KB - Virtual size: 121KB

cXApKzpX Size: 166KB - Virtual size: 165KB

OHXDivfp Size: 5KB - Virtual size: 4KB

EADUrKCs Size: 73KB - Virtual size: 73KB

WMzkEhJt Size: 38KB - Virtual size: 37KB

FMeVVyMJ Size: 3KB - Virtual size: 2KB

cDLjAPnl Size: 252KB - Virtual size: 252KB

UAqkVkPt Size: 33KB - Virtual size: 32KB

AAICZdzy Size: 5KB - Virtual size: 4KB

IdHtIPFh Size: 82KB - Virtual size: 81KB

rswxrnpN Size: 23KB - Virtual size: 23KB

kKsQAkMH Size: 139KB - Virtual size: 139KB

lYdLAJgH Size: 75KB - Virtual size: 74KB

boLdeWKF Size: 512B - Virtual size: 110B

vxvHJARj Size: 270KB - Virtual size: 270KB

OKeqeIFb Size: 108KB - Virtual size: 107KB

sWdCNdXo Size: 195KB - Virtual size: 194KB

aOOumIfm Size: 44KB - Virtual size: 43KB

ViSMaIKq Size: 124KB - Virtual size: 124KB

wQKMzjRy Size: 21KB - Virtual size: 20KB

KeERJrpF Size: 7KB - Virtual size: 6KB

oJbZsuWv Size: 41KB - Virtual size: 40KB

EeWNNVBr Size: 64KB - Virtual size: 64KB

yCpVDjJP Size: 29KB - Virtual size: 28KB

RBKWARaf Size: 15KB - Virtual size: 15KB

wdRRxhZJ Size: 2KB - Virtual size: 2KB

XOCDHLcp Size: 17KB - Virtual size: 17KB

SSFqjgSJ Size: 39KB - Virtual size: 39KB

EizEvGcw Size: 44KB - Virtual size: 44KB

JdlTsRVw Size: 57KB - Virtual size: 56KB

QrAFSlSk Size: 9KB - Virtual size: 9KB

DrsmHyjm Size: 35KB - Virtual size: 34KB

FMbNDdhh Size: 31KB - Virtual size: 30KB

IhmPwwpL Size: 31KB - Virtual size: 31KB

QCHuBcxm Size: 66KB - Virtual size: 66KB

WhAczAlJ Size: 100KB - Virtual size: 100KB

ZHaRwohD Size: 170KB - Virtual size: 170KB

fWccgoMv Size: 85KB - Virtual size: 85KB

ckHnXUHS Size: 78KB - Virtual size: 78KB

LbZHwhqZ Size: 32KB - Virtual size: 31KB

rwPJSCYH Size: 30KB - Virtual size: 30KB

fDnwZvCk Size: 103KB - Virtual size: 102KB

xquJTdei Size: 51KB - Virtual size: 50KB

SGFRyOQs Size: 42KB - Virtual size: 41KB

xlthyUeF Size: 44KB - Virtual size: 44KB

cHZEsKrm Size: 47KB - Virtual size: 47KB

bIlcqAsd Size: 4KB - Virtual size: 4KB

vbknPSpF Size: 47KB - Virtual size: 47KB

VWjgrFOL Size: 37KB - Virtual size: 37KB

XAohaPuI Size: 6KB - Virtual size: 5KB

clxNtTNS Size: 2KB - Virtual size: 2KB

rMOCXTLm Size: 31KB - Virtual size: 31KB

BSypJQwJ Size: 36KB - Virtual size: 35KB

zmWALxuL Size: 54KB - Virtual size: 53KB

ybTSPvph Size: 13KB - Virtual size: 13KB

EnprsHUt Size: 4KB - Virtual size: 3KB

HRFKniXC Size: 2KB - Virtual size: 2KB

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 4KB - Virtual size: 3KB

YthjTtdK
Size: 36KB - Virtual size: 35KB

nZthxIkr
Size: 104KB - Virtual size: 103KB

TYERhsVL
Size: 18KB - Virtual size: 18KB

LTyKWdmL
Size: 122KB - Virtual size: 121KB

cXApKzpX
Size: 166KB - Virtual size: 165KB

OHXDivfp
Size: 5KB - Virtual size: 4KB

EADUrKCs
Size: 73KB - Virtual size: 73KB

WMzkEhJt
Size: 38KB - Virtual size: 37KB

FMeVVyMJ
Size: 3KB - Virtual size: 2KB

cDLjAPnl
Size: 252KB - Virtual size: 252KB

UAqkVkPt
Size: 33KB - Virtual size: 32KB

AAICZdzy
Size: 5KB - Virtual size: 4KB

IdHtIPFh
Size: 82KB - Virtual size: 81KB

rswxrnpN
Size: 23KB - Virtual size: 23KB

kKsQAkMH
Size: 139KB - Virtual size: 139KB

lYdLAJgH
Size: 75KB - Virtual size: 74KB

boLdeWKF
Size: 512B - Virtual size: 110B

vxvHJARj
Size: 270KB - Virtual size: 270KB

OKeqeIFb
Size: 108KB - Virtual size: 107KB

sWdCNdXo
Size: 195KB - Virtual size: 194KB

aOOumIfm
Size: 44KB - Virtual size: 43KB

ViSMaIKq
Size: 124KB - Virtual size: 124KB

wQKMzjRy
Size: 21KB - Virtual size: 20KB

KeERJrpF
Size: 7KB - Virtual size: 6KB

oJbZsuWv
Size: 41KB - Virtual size: 40KB

EeWNNVBr
Size: 64KB - Virtual size: 64KB

yCpVDjJP
Size: 29KB - Virtual size: 28KB

RBKWARaf
Size: 15KB - Virtual size: 15KB

wdRRxhZJ
Size: 2KB - Virtual size: 2KB

XOCDHLcp
Size: 17KB - Virtual size: 17KB

SSFqjgSJ
Size: 39KB - Virtual size: 39KB

EizEvGcw
Size: 44KB - Virtual size: 44KB

JdlTsRVw
Size: 57KB - Virtual size: 56KB

QrAFSlSk
Size: 9KB - Virtual size: 9KB

DrsmHyjm
Size: 35KB - Virtual size: 34KB

FMbNDdhh
Size: 31KB - Virtual size: 30KB

IhmPwwpL
Size: 31KB - Virtual size: 31KB

QCHuBcxm
Size: 66KB - Virtual size: 66KB

WhAczAlJ
Size: 100KB - Virtual size: 100KB

ZHaRwohD
Size: 170KB - Virtual size: 170KB

fWccgoMv
Size: 85KB - Virtual size: 85KB

ckHnXUHS
Size: 78KB - Virtual size: 78KB

LbZHwhqZ
Size: 32KB - Virtual size: 31KB

rwPJSCYH
Size: 30KB - Virtual size: 30KB

fDnwZvCk
Size: 103KB - Virtual size: 102KB

xquJTdei
Size: 51KB - Virtual size: 50KB

SGFRyOQs
Size: 42KB - Virtual size: 41KB

xlthyUeF
Size: 44KB - Virtual size: 44KB

cHZEsKrm
Size: 47KB - Virtual size: 47KB

bIlcqAsd
Size: 4KB - Virtual size: 4KB

vbknPSpF
Size: 47KB - Virtual size: 47KB

VWjgrFOL
Size: 37KB - Virtual size: 37KB

XAohaPuI
Size: 6KB - Virtual size: 5KB

clxNtTNS
Size: 2KB - Virtual size: 2KB

rMOCXTLm
Size: 31KB - Virtual size: 31KB

BSypJQwJ
Size: 36KB - Virtual size: 35KB

zmWALxuL
Size: 54KB - Virtual size: 53KB

ybTSPvph
Size: 13KB - Virtual size: 13KB

EnprsHUt
Size: 4KB - Virtual size: 3KB

HRFKniXC
Size: 2KB - Virtual size: 2KB

ZJUDkCPj
Size: 73KB - Virtual size: 72KB

SAIMbSjK
Size: 512B - Virtual size: 135B

BSZTKEZX
Size: 10KB - Virtual size: 10KB

KloVOCqn
Size: 8KB - Virtual size: 7KB

FFeqKPWg
Size: 363KB - Virtual size: 362KB

EkThKCAz
Size: 16KB - Virtual size: 16KB

RgNdonhV
Size: 6KB - Virtual size: 6KB