75aeb75f6db002e83c6046797aee5099_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

75aeb75f6db002e83c6046797aee5099_JaffaCakes118
Size

1.2MB
MD5

75aeb75f6db002e83c6046797aee5099
SHA1

bf69af75a12a3ba6ed616f012747ba3f7f721895
SHA256

1026adfbd7af602d1634999561eb6fd034763295f1b3bc11886234d908f486cf
SHA512

acb9825a0fdea1184566959f3139c746b9597ddd8cc2909266e8c2359ceb2721f2e43fc5957086774e0f3371ab186691975358cd76d256e74db767901eae25a8
SSDEEP

24576:2S0aNSUaAzidMTBEzYOs7io4SQs24Fyrt8/ZQlpPdu/MHg:aXA4MTBSs7IaHFyC/ZQNrg

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/EWTDll.dll	acprotect

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EWT.exe
unpack001/EWTDll.dll

Files

75aeb75f6db002e83c6046797aee5099_JaffaCakes118
.zip
EWT.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

LOL0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LOL1
Size: 648KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lewl
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EWTDll.dll
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

LOL0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LOL1
Size: 635KB - Virtual size: 636KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lewl
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE