Extracted

• a3e521c7aedb6ab5819d8681166c783e_JaffaCakes118

  .exe windows:5 windows x86 arch:x86

  c1e59519b5e5d84af07afa6f5a8625f1

  
  

  Code Sign

  33:00:00:00:98:04:58:cb:7f:23:09:b0:9e:00:00:00:00:00:98

  Certificate

  Issuer

  CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  30/03/2016, 19:21

  Not After

  30/06/2017, 19:21

  Subject

  CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7AFA-E41C-E142,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  04/06/2015, 17:42

  Not After

  04/09/2016, 17:42

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:33:26:1a:00:00:00:00:00:31

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

  Not Before

  31/08/2010, 22:19

  Not After

  31/08/2020, 22:29

  Subject

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:16:68:34:00:00:00:00:00:1c

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

  Not Before

  03/04/2007, 12:53

  Not After

  03/04/2021, 13:03

  Subject

  CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  28/10/2015, 20:31

  Not After

  28/01/2017, 20:31

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08/07/2011, 20:59

  Not After

  08/07/2026, 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  cb:b3:9a:5c:99:ec:6a:e5:c2:23:d6:e6:6a:5a:9a:5a:3c:92:ac:52:ec:33:a3:92:4d:e8:44:7f:8f:43:0a:b4

  Signer

  Actual PE Digest

  cb:b3:9a:5c:99:ec:6a:e5:c2:23:d6:e6:6a:5a:9a:5a:3c:92:ac:52:ec:33:a3:92:4d:e8:44:7f:8f:43:0a:b4

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  da:b8:2a:e7:42:b7:05:c0:e7:34:0e:55:39:6a:87:a9:ef:b8:99:f6

  Signer

  Actual PE Digest

  da:b8:2a:e7:42:b7:05:c0:e7:34:0e:55:39:6a:87:a9:ef:b8:99:f6

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  version

  GetFileVersionInfoSizeW

  GetFileVersionInfoW

  VerQueryValueW

  netapi32

  NetServerEnum

  NetApiBufferFree

  ws2_32

  gethostname

  WSAStartup

  inet_ntoa

  gethostbyname

  mpr

  WNetCancelConnection2W

  WNetAddConnection2W

  kernel32

  GetExitCodeProcess

  ResumeThread

  WaitForMultipleObjects

  GetFileTime

  DuplicateHandle

  DisconnectNamedPipe

  SetNamedPipeHandleState

  TransactNamedPipe

  CreateEventW

  GetCurrentProcessId

  GetFullPathNameW

  SetFileAttributesW

  GetFileAttributesW

  CopyFileW

  WaitNamedPipeW

  SetConsoleCtrlHandler

  SetConsoleTitleW

  ReadConsoleW

  GetVersion

  SetProcessAffinityMask

  ReadFile

  GetConsoleScreenBufferInfo

  MultiByteToWideChar

  GetComputerNameW

  DeleteFileW

  CreateFileW

  GetSystemDirectoryW

  FindResourceW

  LoadLibraryExW

  FormatMessageA

  GetTickCount

  CloseHandle

  WriteFile

  SizeofResource

  LoadResource

  Sleep

  WaitForSingleObject

  SetEndOfFile

  SetEvent

  SetLastError

  GetLastError

  GetCurrentProcess

  FreeLibrary

  LockResource

  SetPriorityClass

  GetModuleFileNameW

  GetCommandLineW

  GetModuleHandleW

  LoadLibraryW

  GetStdHandle

  GetFileType

  LocalFree

  LocalAlloc

  GetProcAddress

  FreeEnvironmentStringsW

  LCMapStringW

  OutputDebugStringW

  HeapSize

  HeapReAlloc

  SetFilePointerEx

  WriteConsoleW

  GetEnvironmentVariableW

  RaiseException

  LoadLibraryExA

  EncodePointer

  DecodePointer

  ExitProcess

  GetModuleHandleExW

  WideCharToMultiByte

  HeapFree

  HeapAlloc

  GetConsoleMode

  ReadConsoleInputA

  SetConsoleMode

  EnterCriticalSection

  LeaveCriticalSection

  SetStdHandle

  CreateThread

  GetCurrentThreadId

  ExitThread

  IsDebuggerPresent

  IsProcessorFeaturePresent

  GetStringTypeW

  IsValidCodePage

  GetACP

  GetOEMCP

  GetCPInfo

  DeleteCriticalSection

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  InitializeCriticalSectionAndSpinCount

  TerminateProcess

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetStartupInfoW

  GetProcessHeap

  FlushFileBuffers

  GetConsoleCP

  RtlUnwind

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  GetEnvironmentStringsW

  comdlg32

  PrintDlgW

  advapi32

  LsaClose

  CreateProcessAsUserW

  CryptHashData

  CryptCreateHash

  CryptDecrypt

  CryptEncrypt

  CryptImportKey

  CryptExportKey

  CryptDestroyKey

  CryptDeriveKey

  CryptGenKey

  CryptReleaseContext

  CryptAcquireContextW

  StartServiceW

  QueryServiceStatus

  OpenServiceW

  OpenSCManagerW

  DeleteService

  CreateServiceW

  ControlService

  CloseServiceHandle

  OpenProcessToken

  LsaEnumerateAccountRights

  LsaOpenPolicy

  LsaFreeMemory

  SetSecurityInfo

  GetSecurityInfo

  LookupPrivilegeValueW

  AddAccessAllowedAce

  GetAce

  AddAce

  InitializeAcl

  GetLengthSid

  FreeSid

  AllocateAndInitializeSid

  SetTokenInformation

  GetTokenInformation

  RegSetValueExW

  RegQueryValueExW

  RegOpenKeyExW

  RegOpenKeyW

  RegCreateKeyW

  RegCloseKey

  Sections

  .text

  Size: 97KB - Virtual size: 97KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 58KB - Virtual size: 57KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 9KB - Virtual size: 183KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 144KB - Virtual size: 143KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 6KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ