5f5b0a315e3b8d9d54999dcbaf1bd172_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5f5b0a315e3b8d9d54999dcbaf1bd172_JaffaCakes118
Size

6KB
MD5

5f5b0a315e3b8d9d54999dcbaf1bd172
SHA1

929d4d4dba615a640b0f1ea129cc7c24d28b3f7e
SHA256

13583f9c6c19a3fc2dd30ce302da1c58ecefb4bf94fe7501a118fa90f55458fe
SHA512

26fda218af38d9ab93819ce5dcecda0a34559414045c12631bc0781b9f63e35a8dda99e2a44edafe2bcf49328085b420bd516cbb42d75d629be874e1984bc00b
SSDEEP

192:WBLCe/MxNzj6jqfNOmx1fD3ZAH9q2CyQ/NuYlHlh91XJ+KMg:4LXMH3IqFx1fDk1CyQDt915+O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/totalsimslpwd.exe

Files

5f5b0a315e3b8d9d54999dcbaf1bd172_JaffaCakes118
.zip
show_dump.h
totalsims_xtea.h
totalsimslpwd.c
totalsimslpwd.exe
.exe windows:4 windows x86 arch:x86

91cb4c4ad257bf789e4314a2d567e3b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess
SetUnhandledExceptionFilter

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
atexit
exit
fclose
fopen
fread
fwrite
memset
perror
printf
setbuf
signal
tolower

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 208B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE