sakula | 0bbd67e1b7d8f2bafcf1f2e0d1b519ede36d4b5ace22c762a9c52a262f609a32N | Triage

Sharing

General

Target

0bbd67e1b7d8f2bafcf1f2e0d1b519ede36d4b5ace22c762a9c52a262f609a32N
Size

99KB
MD5

49e8a5b631b6f78da7aabcf7d84ef2d0
SHA1

65c349a0a9f157811874abd92712dfb8e8a28847
SHA256

0bbd67e1b7d8f2bafcf1f2e0d1b519ede36d4b5ace22c762a9c52a262f609a32
SHA512

8c2249c3b04273d4b6c64e6b853711514c7eb5a3a7906e4ca1a5c8f69bd3f8db51e20ac2773bcbf29217d975fe99526aa89bf94d562ab0380cf1dfe561fa6ed5
SSDEEP

1536:Eoaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrRx5:/0hpgz6xGhZamyF30BNx5

Score

10^/10

sakula

Malware Config

Signatures

Sakula family
sakula
Sakula payload 1 IoCs

Processes:

resource yara_rule

sample family_sakula

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
0bbd67e1b7d8f2bafcf1f2e0d1b519ede36d4b5ace22c762a9c52a262f609a32N

Files

0bbd67e1b7d8f2bafcf1f2e0d1b519ede36d4b5ace22c762a9c52a262f609a32N
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE