Extracted

• b1203983f8c428cc85a815fb175eacce_JaffaCakes118

  .zip
• ReF4784752863741938.lnk

  .lnk
• dll32_dec.dll

  .dll windows:4 windows x86 arch:x86

  de069aca9775f8aacc06b1646a9c5985

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DEBUG_STRIPPED

  IMAGE_FILE_DLL

  Imports

  kernel32

  DeleteCriticalSection

  DisableThreadLibraryCalls

  EnterCriticalSection

  FreeLibrary

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThreadId

  GetLastError

  GetModuleHandleA

  GetNativeSystemInfo

  GetProcAddress

  GetProcessHeap

  GetSystemTimeAsFileTime

  GetThreadLocale

  GetTickCount

  HeapAlloc

  HeapFree

  InitializeCriticalSection

  IsBadReadPtr

  LeaveCriticalSection

  LoadLibraryA

  QueryPerformanceCounter

  SetLastError

  SetUnhandledExceptionFilter

  Sleep

  TerminateProcess

  TlsGetValue

  UnhandledExceptionFilter

  VirtualAlloc

  VirtualFree

  VirtualProtect

  VirtualQuery

  lstrlenA

  msvcrt

  __dllonexit

  _amsg_exit

  _initterm

  _iob

  _lock

  _onexit

  _stricmp

  _unlock

  _wcsnicmp

  abort

  calloc

  free

  fwrite

  malloc

  mbstowcs

  realloc

  strlen

  strncmp

  strtol

  vfprintf

  wcstombs

  Exports

  Exports

  DllMain@12

  VoidFunc

  Sections

  .text

  Size: 9KB - Virtual size: 8KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 740KB - Virtual size: 739KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 1024B - Virtual size: 516B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .eh_fram

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 952B

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .edata

  Size: 512B - Virtual size: 93B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .idata

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 44B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 32B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 1024B - Virtual size: 612B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• dll64_dec.dll

  .dll windows:4 windows x64 arch:x64

  45435b4b8add0c16efb468ee7641c5a8

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DEBUG_STRIPPED

  IMAGE_FILE_DLL

  Imports

  kernel32

  DeleteCriticalSection

  DisableThreadLibraryCalls

  EnterCriticalSection

  FreeLibrary

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThreadId

  GetLastError

  GetNativeSystemInfo

  GetProcAddress

  GetProcessHeap

  GetSystemTimeAsFileTime

  GetThreadLocale

  GetTickCount

  HeapAlloc

  HeapFree

  InitializeCriticalSection

  IsBadReadPtr

  LeaveCriticalSection

  LoadLibraryA

  QueryPerformanceCounter

  RtlAddFunctionTable

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  SetLastError

  SetUnhandledExceptionFilter

  Sleep

  TerminateProcess

  TlsGetValue

  UnhandledExceptionFilter

  VirtualAlloc

  VirtualFree

  VirtualProtect

  VirtualQuery

  lstrlenA

  msvcrt

  __dllonexit

  __iob_func

  _amsg_exit

  _initterm

  _lock

  _onexit

  _stricmp

  _unlock

  _wcsnicmp

  abort

  calloc

  free

  fwrite

  malloc

  mbstowcs

  memcpy

  realloc

  signal

  strlen

  strncmp

  strtol

  vfprintf

  wcstombs

  Exports

  Exports

  DllMain

  VoidFunc

  Sections

  .text

  Size: 10KB - Virtual size: 10KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 695KB - Virtual size: 695KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 1024B - Virtual size: 752B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .pdata

  Size: 1024B - Virtual size: 732B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .xdata

  Size: 1024B - Virtual size: 592B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 2KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .edata

  Size: 512B - Virtual size: 90B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .idata

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 88B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 104B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 512B - Virtual size: 104B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• dllb.dll

  .dll regsvr32 windows:6 windows x86 arch:x86

  8e9dbf2e3e261fcd98d54e135dbc8b30

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  PDB Paths

  cryptui.pdb

  Imports

  msvcrt

  malloc

  kernel32

  GetVersion

  GetVersionExW

  GetVersionExA

  LoadLibraryA

  LocalAlloc

  GetCurrentProcess

  GetCurrentThread

  LocalFree

  GetModuleFileNameW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  Sleep

  ExitProcess

  GetLastError

  FreeLibrary

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  advapi32

  A_SHAFinal

  RegQueryValueExA

  OpenSCManagerW

  EnumServicesStatusExW

  OpenServiceW

  QueryServiceConfigW

  CloseServiceHandle

  wintrust

  WinVerifyTrustEx

  crypt32

  CryptMsgVerifyCountersignatureEncoded

  user32

  SetRect

  CharUpperBuffW

  oleaut32

  SysAllocString

  gdi32

  GetDeviceCaps

  rpcrt4

  UuidToStringA

  netapi32

  NetGetDCName

  wldap32

  ord16

  version

  VerQueryValueW

  shlwapi

  PathUndecorateW

  msimg32

  AlphaBlend

  wtsapi32

  WTSSendMessageW

  Exports

  Exports

  ACUIProviderInvokeUI

  CryptUIDlgCertMgr

  CryptUIDlgFreeCAContext

  CryptUIDlgSelectCA

  CryptUIDlgSelectCertificateA

  CryptUIDlgSelectCertificateFromStore

  CryptUIDlgSelectCertificateW

  CryptUIDlgSelectStoreA

  CryptUIDlgSelectStoreW

  CryptUIDlgViewCRLA

  CryptUIDlgViewCRLW

  CryptUIDlgViewCTLA

  CryptUIDlgViewCTLW

  CryptUIDlgViewCertificateA

  CryptUIDlgViewCertificatePropertiesA

  CryptUIDlgViewCertificatePropertiesW

  CryptUIDlgViewCertificateW

  CryptUIDlgViewContext

  CryptUIDlgViewSignerInfoA

  CryptUIDlgViewSignerInfoW

  CryptUIFreeCertificatePropertiesPagesA

  CryptUIFreeCertificatePropertiesPagesW

  CryptUIFreeViewSignaturesPagesA

  CryptUIFreeViewSignaturesPagesW

  CryptUIGetCertificatePropertiesPagesA

  CryptUIGetCertificatePropertiesPagesW

  CryptUIGetViewSignaturesPagesA

  CryptUIGetViewSignaturesPagesW

  CryptUIStartCertMgr

  CryptUIViewExpiringCerts

  CryptUIWizBuildCTL

  CryptUIWizCertRequest

  CryptUIWizCreateCertRequestNoDS

  CryptUIWizDigitalSign

  CryptUIWizExport

  CryptUIWizFreeCertRequestNoDS

  CryptUIWizFreeDigitalSignContext

  CryptUIWizImport

  CryptUIWizQueryCertRequestNoDS

  CryptUIWizSubmitCertRequestNoDS

  DllRegisterServer

  DllUnregisterServer

  EnrollmentCOMObjectFactory_getInstance

  I_CryptUIProtect

  I_CryptUIProtectFailure

  LocalEnroll

  LocalEnrollNoDS

  RetrievePKCS7FromCA

  WizardFree

  `�O��M$��6�s���)�\�;��EE���� �M�������>��h_j����!��կ������m߰�����gĄ�B�|�H��7 �� �K���� "Ns���5��Ѯ�k� ��8M7���5�-�୺�'�%��d�O���,A/���"%��X�ɐ��γ�,�_�n=$&"L�w
  ΐN1j������\�Ku ��MԷ��bx�(��jS���cJjz_���k4�1v���̱a Kz�ep��������"=�O-�11�<<�?����W�O��&��j��%{���b����[l�3;>���d%*t�#-F?,��@
  ����spo�D v</�gޏj�k��×!,=>l+A��r��d%}���:�s��� ��������x��(aBW$��>l`��o�A�KTi�0�W�=Ø���N)�j8ڱ��e��!#DE8P��>�!�4��Pn~x1����Ps����Y�W�%����xC�o�Hz/O��&W�|�x"n�@����]����{[0v�G���i�m���{�g�0��N���[:lm_(� ��ӽI����3d���[���b.;�#��wk*\�n;]�Mw�lV���L6��z���!eq*���n�U���+�F<����E��aŨ�Z&RȼG뉲�<��-�B�|�����L��el)�xUe(ck/5�ϷY��&Jq������x�ac��;�c�~��u|��B��/�Ŧ��zr�;ѫ�Tּ_b�(Ffw���xTq]m*���H� ~Ϸ���h�+-ְ�������\�o{����ǔX�)P$���3�c�>"3O�m�@�`�;q�x���Ɉ� , ����2"e�47�ឹA���KGB&�yc*��'�؊ɭ�B��1 ��F��n_��ء ��`���j�H�p�Gݶ�J�s>�ʔ�D\�; qs@^�����'9��M�#v�����V�h�xbz8���G��u�(؆�&�����r b!`�Ͳ�m}��� �&�m��p����6_�[��r�X�� t�Q%��'����V���&�e�i̪�iBScW1HwA�b0/}bjp��kc�6� nBP�9��֋�k�F��01i��(�[?��%0��ܲH �O&l��r��GV��aKj/�&Ql+` �r��T�V���ƛ�<��F�k|0�#��C�Sk�o��=��1��{�������r��w���E׉�]8s��Г�;�E���)��W5�*�{qz�� ���"o;�i�z�����v)������j�Y���<�TN8X�#��Vc�v܀��V��\�
  �lq)2H��OX��d��<jK�v&*���Ui�~q���, eL��sT�%- �92���������36����f�hW���ըeN?��� ��: ��xS��|):��k9>}w�7��ɣ��i�.��{�.�g�Z�X��ڄ��B�0%?J���νS��b��"w�dѵ)ʰ<�|1�מW�_��kE������oA����\�g�N�SP�_,�<3���qE�^Ӵ��;n�8�mڦ����e����Hk�J�pKֵ�%���$[ΑC���%��
  �tH��/ B ���+L�9<K��Z�dMC�b[,]l�r��-@��(���Ƃě���-8�n?��#q��T��}��J�+!��V����v�����'1%�,��U�%�:y���+���k!i>�&˺�Z���DH�% �l�v�����k�f�o�݇9�7"@=��z[V[9��
  "C4����O��بV˰+��%�D�]�S�V���s�k"���<V�Q���ه�������� �:x�����d݆��OO�C@��ioz���'`�Y��!��x���CK�c���&��K^ϟ���ԅc)~�b�����i>?]�
  ؀"S1j�[��J��;ţ�(j�_ЗhY*:��;����~��D �z)VT�E����@mÖ^�|U< fb��<>:r�Dݣ���p�6�z.^+2�����%K�^S�ty����g�#����(&C�L���� 4M_�et��{���'ڳn�x/����8�D���m�u��Q|7*'����_¯͆�&9uY/�(f"��?�0��?E5X�;��]ވdYە����Mu�T[`Z��7A*��FX<d�G4��!�UU���)yd���?jh;B;�˔��Z��6ʞ�'O� ����+H�y�zj��G� 'D����u$~L�� �7y�
  x�ުu���D!�C�����
  ��>�d1����p��$��1b.���>]����e0-�@�N��+@�v�l)[W
  k�)�/��/ы����-8�s�?�����YX�O���3%1ف�FVE���^�S�����H��8cG��;,"0$J|H�����ad׬��
  ����{p| �qn�E.B�k��N�uͪ��ŗ ��B�
  ��5nc�.�_':�ωv4�/8�E.�"�� ���a6�lhA3��+݅��DẺ4H��p�l�����"���tY��d�bܤ��@���:0����Zh���-ݮ�
  �0��[�����y �`��[=1��Q����t5�?�s�l��Z�(Ql[�'���m�
  �0���0�Ǒ�c�-Ç�@B���� J�b������Y�4�_�|,��T��N5�S�"w�;�P�:��a�`�HM��tz ��kQ��4��:��L`[t[eSʷ�����¯K?�Eci q_Ʈ]�c��Ph�wE3��q�]:B�_Ec���<L��� 둰��<v��9��]�'�&���+=D��B�_�͔��$�}N�JB<�워ꂉ"���ۼ�n�ڡjiJQ�Hᰋ�'��K�Ѓs�q�S������u�w]Rrz@���y]Aa_���
  ��CAW3��zJݽ�F�v~u��Q6kȭs?�]r��>��m�'��b����22�¯a��r��5���In��][!��T�'5?�7��{�h��� 0F�/�vf��i���]�\�蠃YSW~���N+әFI����� n�}�T���Xe ��V����a-��s�JG e:��ꜚwj����*��

  Sections

  .text

  Size: 261KB - Virtual size: 260KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 2KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gas0

  Size: 4.2MB - Virtual size: 4.2MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .gas1

  Size: 343KB - Virtual size: 342KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 17KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 228KB - Virtual size: 227KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• script

  .ps1