JaffaCakes118_79d5b933e0af947e1cfd7f5dd9463ee4 | Triage

Sharing

General

Target

JaffaCakes118_79d5b933e0af947e1cfd7f5dd9463ee4
Size

62KB
MD5

79d5b933e0af947e1cfd7f5dd9463ee4
SHA1

23d5147f996d98c6a3d34b7342916a72deb15f02
SHA256

1df63a5c727f193b6c30c082d8c6c9316386d542fb4851e5eb0db765a415f4c0
SHA512

fcbfa5fdf0b6a141531ad3da2ec98105c9e4ced23ae514001b75e6bbfae0e903ba041cb33614a4edd0ce6dfd0a98294574e6322563e8cb8af0f13e232fff0756
SSDEEP

1536:pd+CO4H3e9Tc3mFbDKuWeKC7IfSfF3zNczkL+9+50lrIIqPJni/a:pwv4Xb3mF6ucC7IfWK5E5KI/Vii

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_79d5b933e0af947e1cfd7f5dd9463ee4

Files

JaffaCakes118_79d5b933e0af947e1cfd7f5dd9463ee4
.dll windows:4 windows x86 arch:x86

25dd1be1977a1f43dd949aae17e4f175

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\cm\build\public\ocp_osInfo_09-21-06_v1\csi\projects\foundation\services\osInfo\AOLIdleMon\Release\Cod\AOLIdleMon.pdb

Imports

msvcrt

free
_adjust_fdiv
malloc
_initterm

kernel32

GetProcAddress
InterlockedDecrement
GetTickCount
FreeLibrary
LoadLibraryA
InterlockedIncrement

user32

UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA

Exports

Exports

IdleMonGetLastInputTime
IdleMonInit
IdleMonTerm

Sections

.text
Size: 1024B - Virtual size: 730B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.AOLIdle
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE