129d7218a24c8ec03a7da64a81adb04d_JaffaCakes118 | Triage

Sharing

General

Target

129d7218a24c8ec03a7da64a81adb04d_JaffaCakes118
Size

62KB
MD5

129d7218a24c8ec03a7da64a81adb04d
SHA1

59f90738436b2e423a9d1966069d37a0907c62d7
SHA256

d948d0c2ea973fa0f10b804070191440c7b065ea3061213d54513b2852346a57
SHA512

4e2eecbab012cbeb6aca4a66dc42d8597698cb195cf34c9bf12dec9a0c1c02cbc89d2e136fdc635c5cc882c641070e7689cdeaea8b8f4cfad2abedc2817384d6
SSDEEP

1536:pd+CwIPglsvXej0NrBb58AVcGkX2FH/qvtPEOO:pw3IPrej0Nt5Bc/2FctPEOO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
129d7218a24c8ec03a7da64a81adb04d_JaffaCakes118

Files

129d7218a24c8ec03a7da64a81adb04d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

25dd1be1977a1f43dd949aae17e4f175

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\cm\build\public\ocp_osInfo_09-21-06_v1\csi\projects\foundation\services\osInfo\AOLIdleMon\Release\Cod\AOLIdleMon.pdb

Imports

msvcrt

free
_adjust_fdiv
malloc
_initterm

kernel32

GetProcAddress
InterlockedDecrement
GetTickCount
FreeLibrary
LoadLibraryA
InterlockedIncrement

user32

UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA

Exports

Exports

IdleMonGetLastInputTime
IdleMonInit
IdleMonTerm

Sections

.text
Size: 1024B - Virtual size: 730B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.AOLIdle
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE