sakula | JaffaCakes118_3c38edf800f47a975989b56e6f11a9dc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

JaffaCakes118_3c38edf800f47a975989b56e6f11a9dc
Size

100KB
MD5

3c38edf800f47a975989b56e6f11a9dc
SHA1

f5fe5bb719823c94831fecd892f999f5d6e2202e
SHA256

6fa4e472c548a152f029291bed5959e0794d8205588a271eb810e8cc3bf69f42
SHA512

e81cd605786683baadf17c86a48f6b5f8c94bf246bcc69df3554f5ce60cd1a8cd2c045bd1c3ee4236cf0e5cd52d0645dbdcc2f9afa7683b20dcd8958635c519f
SSDEEP

1536:Zoaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrnx:K0hpgz6xGhZamyF30Bbx

Score

10^/10

sakula

Malware Config

Signatures

Sakula family
sakula

Sakula payload 1 IoCs

resource	yara_rule
sample	family_sakula

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_3c38edf800f47a975989b56e6f11a9dc

Files

JaffaCakes118_3c38edf800f47a975989b56e6f11a9dc
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE