15c2d23e458e29d7fb7c259a6f4a8412_JaffaCakes118

General

Target

15c2d23e458e29d7fb7c259a6f4a8412_JaffaCakes118
Size

119KB
MD5

15c2d23e458e29d7fb7c259a6f4a8412
SHA1

2d2ab9f50e9fa034847cd5c90d5c2327bcefecd1
SHA256

77340968d73e5569a5b9012cb7781c5b0d46ad3f86c6377523d12eb95c6bff26
SHA512

41d840aa18a8b9094a058a9ddd18f2608318c70294f7d487eda2a5a09ac4cd027d1d7317a73532cabc5ab8ca694ac4c58ffb4ef42b15676c8bd3f7500bb56cac
SSDEEP

3072:C4YFiEez/a69bnOaClaWFhoWzmdr0POxjvjnMOc:BYw7bnOaIaWjoWzYAOxjpc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15c2d23e458e29d7fb7c259a6f4a8412_JaffaCakes118

Files

15c2d23e458e29d7fb7c259a6f4a8412_JaffaCakes118
.dll windows:4 windows x86 arch:x86

150c36445ad02f99e3342af00a9c8e54

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\thailand\890a\cprd32\AOL\misc\coreclient\idleproc\idleproc.pdb

Imports

msvcr71

free
malloc

user32

CreateWindowExA
RegisterClassA
DefWindowProcA
DestroyWindow
SetWindowsHookExA
UnhookWindowsHookEx
KillTimer
SetTimer
CallNextHookEx
PostMessageA
UnregisterClassA

kernel32

GetTickCount
GetCurrentThreadId
DisableThreadLibraryCalls
GetProcAddress

Exports

Exports

IdleCancelAlarm
IdleCreate
IdleDestroy
IdleKeybdHook
IdleKeybdHookMe
IdleMouseHook
IdleMouseHookMe
IdleSetActiveAlarm
IdleSetEvent
IdleSetIdleAlarm
IdleShutdownFunc
IdleStartupFunc
IdleTimeSinceLastInput
IdleTimeSinceNextToLastInput

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aolshar
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 113KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

150c36445ad02f99e3342af00a9c8e54

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr71

user32

kernel32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.aolshar Size: 512B - Virtual size: 60B

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 512B - Virtual size: 284B

.text Size: 113KB - Virtual size: 116KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.aolshar
Size: 512B - Virtual size: 60B

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 512B - Virtual size: 284B

.text
Size: 113KB - Virtual size: 116KB