sakula | 5ef5e4d901f30cb14d678f1752248d29[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5ef5e4d901f30cb14d678f1752248d29.exe
Size

101KB
MD5

5ef5e4d901f30cb14d678f1752248d29
SHA1

531873027117b30749c6c5938e34bcb824eb8b8d
SHA256

7eec8e4d40400b096c4b41ec6634c6abe41643adfd59b65617d2b5604701cd39
SHA512

82e245b84179f67b49a4d9ef60d1d86279a7d9e6bb453263ed958e14025d74e8d13bf0e61041ca2847b94c446186bd7e43103634110cb3f65622561eda0f8c60
SSDEEP

1536:Roaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrfx4:i0hpgz6xGhZamyF30BDx4

Score

10^/10

sakula

Malware Config

Signatures

Sakula family
sakula

Sakula payload 1 IoCs

resource	yara_rule
sample	family_sakula

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ef5e4d901f30cb14d678f1752248d29.exe

Files

5ef5e4d901f30cb14d678f1752248d29.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE