sakula | e6196677c28d239bd9eea66338506577 | Triage

Sharing

General

Target

e6196677c28d239bd9eea66338506577
Size

108KB
MD5

e6196677c28d239bd9eea66338506577
SHA1

5f2b01bf46a23712f2a46b5d2bed7438928c8af5
SHA256

a5f110157d2b982a9efc913fdfc3d1ccae4e04555d03fc517026dd5a9258c6f9
SHA512

7b10b4126548daf4a7fc8cc959889503125059e1b104d6ce8987271e0ce79a46cb26ad0541d2c1fb5a0305699602deaef7754ccd2bab84fabbfc246861a31e71
SSDEEP

1536:Coaj1hJL1S9t0MIeboal8bCKxo7h0RPNqINz30rtr6W:N0hpgz6xGh2qIF30BGW

Score

10^/10

sakula

Malware Config

Signatures

Sakula family
sakula

Sakula payload 1 IoCs

Processes:

resource	yara_rule
sample	family_sakula

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
e6196677c28d239bd9eea66338506577

Files

e6196677c28d239bd9eea66338506577
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE