abc854cd3220c35a16eee00dcd24b552_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

abc854cd3220c35a16eee00dcd24b552_JaffaCakes118
Size

4.2MB
MD5

abc854cd3220c35a16eee00dcd24b552
SHA1

8a6d2b49653aa2262814fb83d06d59591a6cc5de
SHA256

6d3bbb92f3abe7e360434f51e89585b2e9b8d43f829879ff7d9da3e9cb841ea3
SHA512

7bc2931518fbb8fe8c04fb2deceff9ef48041e647c8cb2dfbb23b725004c77790cef60d5a469c1a85383fb00da598364e24f414c599cca1463cc3d496cebed85
SSDEEP

98304:uAlNl4m64sKylDS8ecWFZ3LXE4A8kcfo6moKIKAOj2oYYoR8Rp:uaNl4t4omTn3LXscfowKIKzrboSRp

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/EWTDll.dll	acprotect

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EWT-643.exe
unpack001/EWT333.exe_
unpack001/EWTDll-64.dll
unpack001/EWTDll.dll
unpack001/chrome.exe

Files

abc854cd3220c35a16eee00dcd24b552_JaffaCakes118
.rar
1.json.json
EWT-643.exe
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

text
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

data
Size: 926KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EWT333.exe_
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

text
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

data
Size: 773KB - Virtual size: 776KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EWTDll-64.dll
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

AddFrameCallback
AddLuaLoaderCallback
AddLuaString
ExecuteLua
GetOffset
GetState
IsInGame
RegisterFunction
RemoveFrameCallback
RemoveLuaLoaderCallback
luaL_error
lua_createtable
lua_getfield
lua_gettop
lua_pcall
lua_pushboolean
lua_pushnil
lua_pushnumber
lua_pushstring
lua_setfield
lua_settable
lua_settop
lua_toboolean
lua_tonumber
lua_tostring
lua_type

Sections

text
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

data
Size: 902KB - Virtual size: 904KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EWTDll.dll
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AddFrameCallback
AddLuaLoaderCallback
AddLuaString
ExecuteLua
GetOffset
GetState
IsInGame
RegisterFunction
RemoveFrameCallback
RemoveLuaLoaderCallback
luaL_error
lua_createtable
lua_getfield
lua_gettop
lua_pcall
lua_pushboolean
lua_pushnil
lua_pushnumber
lua_pushstring
lua_setfield
lua_settable
lua_settop
lua_toboolean
lua_tonumber
lua_tostring
lua_type

Sections

text
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

data
Size: 873KB - Virtual size: 876KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Farm rudi.json
Ore.json
PYRITEfarming.json
README.txt
RENAME EWT FILES FOR PRIVATE SERVERS.txt
chrome.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

text
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

data
Size: 876KB - Virtual size: 876KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ewtcache.dat
ewtconfig.json
ewtlog.txt

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

text Size: - Virtual size: 2.5MB

data Size: 926KB - Virtual size: 928KB

.rsrc Size: 101KB - Virtual size: 104KB

Headers

DLL Characteristics

File Characteristics

Sections

text Size: - Virtual size: 1.7MB

data Size: 773KB - Virtual size: 776KB

.rsrc Size: 101KB - Virtual size: 104KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

text Size: - Virtual size: 2.2MB

data Size: 902KB - Virtual size: 904KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

text Size: - Virtual size: 1.9MB

data Size: 873KB - Virtual size: 876KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

text Size: - Virtual size: 2.0MB

data Size: 876KB - Virtual size: 876KB

.rsrc Size: 101KB - Virtual size: 104KB

text
Size: - Virtual size: 2.5MB

data
Size: 926KB - Virtual size: 928KB

.rsrc
Size: 101KB - Virtual size: 104KB

text
Size: - Virtual size: 1.7MB

data
Size: 773KB - Virtual size: 776KB

.rsrc
Size: 101KB - Virtual size: 104KB

text
Size: - Virtual size: 2.2MB

data
Size: 902KB - Virtual size: 904KB

.rsrc
Size: 2KB - Virtual size: 4KB

text
Size: - Virtual size: 1.9MB

data
Size: 873KB - Virtual size: 876KB

.rsrc
Size: 2KB - Virtual size: 4KB

text
Size: - Virtual size: 2.0MB

data
Size: 876KB - Virtual size: 876KB

.rsrc
Size: 101KB - Virtual size: 104KB