5e823a6c6449311ac9614a95aa5690b4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e823a6c6449311ac9614a95aa5690b4_JaffaCakes118
Size

717KB
MD5

5e823a6c6449311ac9614a95aa5690b4
SHA1

218e82fd87dc6cc91d40107e173b99a96fc06ef9
SHA256

194dfdff26c63846be4b12cb29864ac46630474588ad6502b006b1e7e7ca7b41
SHA512

11770b4485141e8baa4dbd1097f34b485deab6ed315dcbc7c7b009d99076ca95d1c6dde5845ec8832de1ed33b8cc9bf5f5e539c311480043abf2013889943f3e
SSDEEP

12288:544+vhcoP0U0C8mUux7c7l7D6V1HH2TpCTB7F9g8SYNmdIkK64sK/fVba:a4+vhlN0Xc7A7uHGkTC8/kK6431ba

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e823a6c6449311ac9614a95aa5690b4_JaffaCakes118

Files

5e823a6c6449311ac9614a95aa5690b4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fdbfec85672f73d2a4d49635454936d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess

user32

MessageBoxA

Exports

Exports

RunDllHostCallBack
��CALL
��д��
�Զ��

Sections

.text
Size: 300KB - Virtual size: 721KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 224KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.perplex
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE