sakula | d0f0ee8912292e03b7abd6e3aa5ea7ed_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d0f0ee8912292e03b7abd6e3aa5ea7ed_JaffaCakes118
Size

4.3MB
MD5

d0f0ee8912292e03b7abd6e3aa5ea7ed
SHA1

817ae73cb96e63f66d429a72fc5cacc0df0e8255
SHA256

0d0a14bc07ee6993837a6c790be3ed90751ca31b61656be4b07e67558dcb9d15
SHA512

0a28d20ceeeac4d79d7dd034bf8e58cf8e596453000407664c432c3c27b01b16a710322bc9b3f03ab23a55a783ac48e344a4ed0c3df76723a80e68d12aa2a068
SSDEEP

24576:cCe8yh3Qh3OXuaq4gTkZrnEu8CkBn5KvRFMDZa/ny5XfK5DB7:cZ8o6dZ4gTkZJ8JavRFMDZiny1fUZ

Score

10^/10

sakula

Malware Config

Signatures

Sakula family
sakula

Sakula payload 1 IoCs

resource	yara_rule
sample	family_sakula

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0f0ee8912292e03b7abd6e3aa5ea7ed_JaffaCakes118

Files

d0f0ee8912292e03b7abd6e3aa5ea7ed_JaffaCakes118
.exe windows:5 windows x86 arch:x86

539502771da573641ecc7f6497e39f8f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
VirtualFree
ExpandEnvironmentStringsA
WriteFile
OpenProcess
WideCharToMultiByte
GetVolumeInformationA
Sleep
SizeofResource
CreateProcessA
ReadFile
GetSystemDirectoryA
MultiByteToWideChar
SetThreadPriority
GetTickCount
GetStartupInfoA
FindFirstFileA
GetLastError
VirtualAlloc
FindClose
LockResource
CreatePipe
GetModuleFileNameA
GetVersionExA
WinExec
CloseHandle
GetCurrentProcessId
GetTempPathA
GetCurrentProcess
LoadResource
PeekNamedPipe
SetFilePointer
SetPriorityClass
FindResourceA
GetFileSize
CreateFileA
GetComputerNameA
CreateDirectoryA
ExitProcess
CreateFileW
GetProcessHeap
SetEndOfFile
HeapReAlloc
GetStringTypeW
LCMapStringW
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetProcAddress
GetModuleHandleW
DecodePointer
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetStdHandle
GetModuleFileNameW
HeapCreate
RtlUnwind
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
IsProcessorFeaturePresent

advapi32

RegOpenKeyA
GetUserNameA
FreeSid
AllocateAndInitializeSid
RegDeleteKeyA
EqualSid
RegSetValueExA
GetTokenInformation
OpenProcessToken
RegCloseKey

shell32

SHChangeNotify
ord680
ShellExecuteA

wininet

HttpOpenRequestA
InternetOpenUrlA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetReadFile

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

YgpvIURA
Size: 21KB - Virtual size: 20KB

kcqRlDLn
Size: 120KB - Virtual size: 120KB

WBICGcFU
Size: 10KB - Virtual size: 9KB

DEqjDlqV
Size: 97KB - Virtual size: 97KB

BLdDSeey
Size: 327KB - Virtual size: 326KB

MjatLQDB
Size: 282KB - Virtual size: 281KB

RHjbBKxe
Size: 39KB - Virtual size: 38KB

TVRNOUkc
Size: 3KB - Virtual size: 2KB

NzJTONme
Size: 18KB - Virtual size: 18KB

QbbOvBtD
Size: 61KB - Virtual size: 61KB

Khbdgyfj
Size: 20KB - Virtual size: 19KB

MGSHLcxX
Size: 1024B - Virtual size: 676B

USjjReDS
Size: 87KB - Virtual size: 87KB

aoBdgLsv
Size: 13KB - Virtual size: 12KB

ceSqemgl
Size: 402KB - Virtual size: 401KB

nKGDvWVb
Size: 28KB - Virtual size: 27KB

QwKmovSM
Size: 512B - Virtual size: 490B

LNPFfCWf
Size: 429KB - Virtual size: 429KB

LSWvTVtk
Size: 71KB - Virtual size: 71KB

UEvytREu
Size: 46KB - Virtual size: 45KB

JISVhuUb
Size: 42KB - Virtual size: 42KB

ZOlkNzlw
Size: 115KB - Virtual size: 114KB

JDNkNxKi
Size: 14KB - Virtual size: 13KB

oWHcPuLE
Size: 14KB - Virtual size: 13KB

kMBwEczo
Size: 61KB - Virtual size: 60KB

souWlAme
Size: 66KB - Virtual size: 66KB

aNfDrFiY
Size: 16KB - Virtual size: 15KB

NjjuZjTJ
Size: 7KB - Virtual size: 7KB

nEmspxzn
Size: 1KB - Virtual size: 1KB

hYoiFGhn
Size: 30KB - Virtual size: 29KB

DPeafOyH
Size: 35KB - Virtual size: 34KB

XouHWMHD
Size: 99KB - Virtual size: 99KB

ZZdqyXjw
Size: 14KB - Virtual size: 13KB

EsgdhsZz
Size: 35KB - Virtual size: 34KB

zwrtzArB
Size: 29KB - Virtual size: 29KB

RwREsvAF
Size: 60KB - Virtual size: 59KB

Akqgtlpx
Size: 23KB - Virtual size: 22KB

LcUEZoLK
Size: 92KB - Virtual size: 91KB

IjwlJKlZ
Size: 57KB - Virtual size: 57KB

kcPorzDt
Size: 151KB - Virtual size: 151KB

soWbMHQk
Size: 24KB - Virtual size: 23KB

OCGFgqBp
Size: 64KB - Virtual size: 63KB

XngmhqKL
Size: 64KB - Virtual size: 63KB

FgwkoHyd
Size: 33KB - Virtual size: 33KB

hJezvqwD
Size: 36KB - Virtual size: 35KB

ybrIAFfi
Size: 36KB - Virtual size: 36KB

MHxDJvav
Size: 8KB - Virtual size: 8KB

kDyOoBxl
Size: 39KB - Virtual size: 39KB

IPGIduqd
Size: 12KB - Virtual size: 11KB

ueNaNxzj
Size: 1024B - Virtual size: 625B

axYGvMJj
Size: 31KB - Virtual size: 30KB

HDNQnKFy
Size: 23KB - Virtual size: 23KB

bPbzKnMP
Size: 11KB - Virtual size: 11KB

RdAaDHQL
Size: 62KB - Virtual size: 61KB

pBKdMFln
Size: 20KB - Virtual size: 19KB

QqQHSbQX
Size: 4KB - Virtual size: 3KB

rMdcPBrw
Size: 2KB - Virtual size: 2KB

FCkZRchl
Size: 411KB - Virtual size: 411KB

KODGoToG
Size: 11KB - Virtual size: 10KB

ToYTLmzJ
Size: 4KB - Virtual size: 4KB

yckUoxZB
Size: 66KB - Virtual size: 65KB

jDyRwjXD
Size: 3KB - Virtual size: 2KB

pRZwZRzu
Size: 64KB - Virtual size: 63KB

TstyAgvg
Size: 39KB - Virtual size: 38KB

fcSQTzri
Size: 147KB - Virtual size: 146KB

yyDvhGBV
Size: 35KB - Virtual size: 34KB

FFAiwBff
Size: 9KB - Virtual size: 9KB

Sharing

General

Malware Config

Signatures

Files

539502771da573641ecc7f6497e39f8f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

wininet

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 4KB - Virtual size: 3KB

YgpvIURA Size: 21KB - Virtual size: 20KB

kcqRlDLn Size: 120KB - Virtual size: 120KB

WBICGcFU Size: 10KB - Virtual size: 9KB

DEqjDlqV Size: 97KB - Virtual size: 97KB

BLdDSeey Size: 327KB - Virtual size: 326KB

MjatLQDB Size: 282KB - Virtual size: 281KB

RHjbBKxe Size: 39KB - Virtual size: 38KB

TVRNOUkc Size: 3KB - Virtual size: 2KB

NzJTONme Size: 18KB - Virtual size: 18KB

QbbOvBtD Size: 61KB - Virtual size: 61KB

Khbdgyfj Size: 20KB - Virtual size: 19KB

MGSHLcxX Size: 1024B - Virtual size: 676B

USjjReDS Size: 87KB - Virtual size: 87KB

aoBdgLsv Size: 13KB - Virtual size: 12KB

ceSqemgl Size: 402KB - Virtual size: 401KB

nKGDvWVb Size: 28KB - Virtual size: 27KB

QwKmovSM Size: 512B - Virtual size: 490B

LNPFfCWf Size: 429KB - Virtual size: 429KB

LSWvTVtk Size: 71KB - Virtual size: 71KB

UEvytREu Size: 46KB - Virtual size: 45KB

JISVhuUb Size: 42KB - Virtual size: 42KB

ZOlkNzlw Size: 115KB - Virtual size: 114KB

JDNkNxKi Size: 14KB - Virtual size: 13KB

oWHcPuLE Size: 14KB - Virtual size: 13KB

kMBwEczo Size: 61KB - Virtual size: 60KB

souWlAme Size: 66KB - Virtual size: 66KB

aNfDrFiY Size: 16KB - Virtual size: 15KB

NjjuZjTJ Size: 7KB - Virtual size: 7KB

nEmspxzn Size: 1KB - Virtual size: 1KB

hYoiFGhn Size: 30KB - Virtual size: 29KB

DPeafOyH Size: 35KB - Virtual size: 34KB

XouHWMHD Size: 99KB - Virtual size: 99KB

ZZdqyXjw Size: 14KB - Virtual size: 13KB

EsgdhsZz Size: 35KB - Virtual size: 34KB

zwrtzArB Size: 29KB - Virtual size: 29KB

RwREsvAF Size: 60KB - Virtual size: 59KB

Akqgtlpx Size: 23KB - Virtual size: 22KB

LcUEZoLK Size: 92KB - Virtual size: 91KB

IjwlJKlZ Size: 57KB - Virtual size: 57KB

kcPorzDt Size: 151KB - Virtual size: 151KB

soWbMHQk Size: 24KB - Virtual size: 23KB

OCGFgqBp Size: 64KB - Virtual size: 63KB

XngmhqKL Size: 64KB - Virtual size: 63KB

FgwkoHyd Size: 33KB - Virtual size: 33KB

hJezvqwD Size: 36KB - Virtual size: 35KB

ybrIAFfi Size: 36KB - Virtual size: 36KB

MHxDJvav Size: 8KB - Virtual size: 8KB

kDyOoBxl Size: 39KB - Virtual size: 39KB

IPGIduqd Size: 12KB - Virtual size: 11KB

ueNaNxzj Size: 1024B - Virtual size: 625B

axYGvMJj Size: 31KB - Virtual size: 30KB

HDNQnKFy Size: 23KB - Virtual size: 23KB

bPbzKnMP Size: 11KB - Virtual size: 11KB

RdAaDHQL Size: 62KB - Virtual size: 61KB

pBKdMFln Size: 20KB - Virtual size: 19KB

QqQHSbQX Size: 4KB - Virtual size: 3KB

rMdcPBrw Size: 2KB - Virtual size: 2KB

FCkZRchl Size: 411KB - Virtual size: 411KB

KODGoToG Size: 11KB - Virtual size: 10KB

ToYTLmzJ Size: 4KB - Virtual size: 4KB

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 4KB - Virtual size: 3KB

YgpvIURA
Size: 21KB - Virtual size: 20KB

kcqRlDLn
Size: 120KB - Virtual size: 120KB

WBICGcFU
Size: 10KB - Virtual size: 9KB

DEqjDlqV
Size: 97KB - Virtual size: 97KB

BLdDSeey
Size: 327KB - Virtual size: 326KB

MjatLQDB
Size: 282KB - Virtual size: 281KB

RHjbBKxe
Size: 39KB - Virtual size: 38KB

TVRNOUkc
Size: 3KB - Virtual size: 2KB

NzJTONme
Size: 18KB - Virtual size: 18KB

QbbOvBtD
Size: 61KB - Virtual size: 61KB

Khbdgyfj
Size: 20KB - Virtual size: 19KB

MGSHLcxX
Size: 1024B - Virtual size: 676B

USjjReDS
Size: 87KB - Virtual size: 87KB

aoBdgLsv
Size: 13KB - Virtual size: 12KB

ceSqemgl
Size: 402KB - Virtual size: 401KB

nKGDvWVb
Size: 28KB - Virtual size: 27KB

QwKmovSM
Size: 512B - Virtual size: 490B

LNPFfCWf
Size: 429KB - Virtual size: 429KB

LSWvTVtk
Size: 71KB - Virtual size: 71KB

UEvytREu
Size: 46KB - Virtual size: 45KB

JISVhuUb
Size: 42KB - Virtual size: 42KB

ZOlkNzlw
Size: 115KB - Virtual size: 114KB

JDNkNxKi
Size: 14KB - Virtual size: 13KB

oWHcPuLE
Size: 14KB - Virtual size: 13KB

kMBwEczo
Size: 61KB - Virtual size: 60KB

souWlAme
Size: 66KB - Virtual size: 66KB

aNfDrFiY
Size: 16KB - Virtual size: 15KB

NjjuZjTJ
Size: 7KB - Virtual size: 7KB

nEmspxzn
Size: 1KB - Virtual size: 1KB

hYoiFGhn
Size: 30KB - Virtual size: 29KB

DPeafOyH
Size: 35KB - Virtual size: 34KB

XouHWMHD
Size: 99KB - Virtual size: 99KB

ZZdqyXjw
Size: 14KB - Virtual size: 13KB

EsgdhsZz
Size: 35KB - Virtual size: 34KB

zwrtzArB
Size: 29KB - Virtual size: 29KB

RwREsvAF
Size: 60KB - Virtual size: 59KB

Akqgtlpx
Size: 23KB - Virtual size: 22KB

LcUEZoLK
Size: 92KB - Virtual size: 91KB

IjwlJKlZ
Size: 57KB - Virtual size: 57KB

kcPorzDt
Size: 151KB - Virtual size: 151KB

soWbMHQk
Size: 24KB - Virtual size: 23KB

OCGFgqBp
Size: 64KB - Virtual size: 63KB

XngmhqKL
Size: 64KB - Virtual size: 63KB

FgwkoHyd
Size: 33KB - Virtual size: 33KB

hJezvqwD
Size: 36KB - Virtual size: 35KB

ybrIAFfi
Size: 36KB - Virtual size: 36KB

MHxDJvav
Size: 8KB - Virtual size: 8KB

kDyOoBxl
Size: 39KB - Virtual size: 39KB

IPGIduqd
Size: 12KB - Virtual size: 11KB

ueNaNxzj
Size: 1024B - Virtual size: 625B

axYGvMJj
Size: 31KB - Virtual size: 30KB

HDNQnKFy
Size: 23KB - Virtual size: 23KB

bPbzKnMP
Size: 11KB - Virtual size: 11KB

RdAaDHQL
Size: 62KB - Virtual size: 61KB

pBKdMFln
Size: 20KB - Virtual size: 19KB

QqQHSbQX
Size: 4KB - Virtual size: 3KB

rMdcPBrw
Size: 2KB - Virtual size: 2KB

FCkZRchl
Size: 411KB - Virtual size: 411KB

KODGoToG
Size: 11KB - Virtual size: 10KB

ToYTLmzJ
Size: 4KB - Virtual size: 4KB

yckUoxZB
Size: 66KB - Virtual size: 65KB

jDyRwjXD
Size: 3KB - Virtual size: 2KB

pRZwZRzu
Size: 64KB - Virtual size: 63KB

TstyAgvg
Size: 39KB - Virtual size: 38KB

fcSQTzri
Size: 147KB - Virtual size: 146KB

yyDvhGBV
Size: 35KB - Virtual size: 34KB

FFAiwBff
Size: 9KB - Virtual size: 9KB