Sakula DLL planting analysis


This technical note discusses a version of Sakula uploaded to VirusTotal on the 25th April 2016. The sample initially looked interesting as it uses a signed Kaspersky binary to load itself, presumably to avoid UAC.

By NCC Group
David Cannings
Cyber Security Geek

My interests include computer security, digital electronics and writing tools to help analysis of cyber attacks.