sakula | 3c38edf800f47a975989b56e6f11a9dc[.]zip | Triage

Sharing

General

Target

3c38edf800f47a975989b56e6f11a9dc.zip
Size

38KB
MD5

19cfe66d2b94e3b72b1c6b26452fd59c
SHA1

70e545a8c1d28d48f33f66a0abeac216b868a68b
SHA256

6831f1cfe762bde27b251e73f95c2923f2a810595c1bfa5bf391a234b828a519
SHA512

e2b213dd933631b21db4aed0fbbe243387961691583c8de2163484f7cc93ebcccb32651933ce8e26b2586f4782f5e1f0163570e3f7cee38f0244dbd8be0da900
SSDEEP

768:B7O94X/iEwFk8TQL+J6Z5f0vj3HXp5QVxxv/u2bUa0KH3ROaog/gvca2V/mjl:B7we7wXTI5f0T38n5/u2bUaF8aoca2Vu

Score

10^/10

sakula

Malware Config

Signatures

Sakula family
sakula

Sakula payload 1 IoCs

resource	yara_rule
static1/unpack001/6fa4e472c548a152f029291bed5959e0794d8205588a271eb810e8cc3bf69f42	family_sakula

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6fa4e472c548a152f029291bed5959e0794d8205588a271eb810e8cc3bf69f42

Files

3c38edf800f47a975989b56e6f11a9dc.zip
.zip

Password: infected
6fa4e472c548a152f029291bed5959e0794d8205588a271eb810e8cc3bf69f42
.exe windows:5 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE