Image credit: pixabay

Sakula DLL planting analysis

Abstract

This technical note discusses a version of Sakula uploaded to VirusTotal on the 25th April 2016. The sample initially looked interesting as it uses a signed Kaspersky binary to load itself, presumably to avoid UAC.

Publication
By NCC Group
Date