Extracted

Extracted

• 168005d41fea2351f9a5402d3c9f86f7_JaffaCakes118

  .exe windows:4 windows x64 arch:x64

  ca85b6618b1e1cad2f59872f180b38c6

  
  

  Code Sign

  4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d

  Certificate

  Issuer

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  19/01/2010, 00:00

  Not After

  18/01/2038, 23:59

  Subject

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af

  Certificate

  Issuer

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  09/05/2013, 00:00

  Not After

  08/05/2028, 23:59

  Subject

  CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38

  Certificate

  Issuer

  CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  13/11/2018, 00:00

  Not After

  08/11/2021, 23:59

  Subject

  CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18/10/2012, 00:00

  Not After

  29/12/2020, 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21/12/2012, 00:00

  Not After

  30/12/2020, 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d

  Certificate

  Issuer

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  19/01/2010, 00:00

  Not After

  18/01/2038, 23:59

  Subject

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af

  Certificate

  Issuer

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  09/05/2013, 00:00

  Not After

  08/05/2028, 23:59

  Subject

  CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38

  Certificate

  Issuer

  CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  13/11/2018, 00:00

  Not After

  08/11/2021, 23:59

  Subject

  CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18/10/2012, 00:00

  Not After

  29/12/2020, 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21/12/2012, 00:00

  Not After

  30/12/2020, 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  29:71:f1:4e:37:c1:00:d0:fe:2d:4b:82:c9:4c:63:17:6a:c5:1e:1c:e9:0c:02:26:b7:fe:f4:5e:bd:56:38:f0

  Signer

  Actual PE Digest

  29:71:f1:4e:37:c1:00:d0:fe:2d:4b:82:c9:4c:63:17:6a:c5:1e:1c:e9:0c:02:26:b7:fe:f4:5e:bd:56:38:f0

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  eb:3d:43:2e:59:df:43:53:61:4f:c0:5f:55:bd:30:ef:48:14:55:d2

  Signer

  Actual PE Digest

  eb:3d:43:2e:59:df:43:53:61:4f:c0:5f:55:bd:30:ef:48:14:55:d2

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  DeleteCriticalSection

  EnterCriticalSection

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThreadId

  GetLastError

  GetStartupInfoA

  GetSystemTimeAsFileTime

  GetTickCount

  InitializeCriticalSection

  LeaveCriticalSection

  QueryPerformanceCounter

  RtlAddFunctionTable

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  SetUnhandledExceptionFilter

  Sleep

  TerminateProcess

  TlsGetValue

  UnhandledExceptionFilter

  VirtualAlloc

  VirtualProtect

  VirtualQuery

  msvcrt

  __C_specific_handler

  __dllonexit

  __getmainargs

  __initenv

  __iob_func

  __lconv_init

  __set_app_type

  __setusermatherr

  _acmdln

  _amsg_exit

  _cexit

  _fmode

  _initterm

  _lock

  _onexit

  _unlock

  abort

  calloc

  exit

  fprintf

  free

  fwrite

  malloc

  memcpy

  signal

  strlen

  strncmp

  vfprintf

  Sections

  .text

  Size: 7KB - Virtual size: 7KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 144B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .pdata

  Size: 1024B - Virtual size: 564B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .xdata

  Size: 512B - Virtual size: 508B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 2KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 104B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 104B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  /4

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /19

  Size: 48KB - Virtual size: 47KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /31

  Size: 7KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /45

  Size: 6KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /57

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /70

  Size: 1024B - Virtual size: 768B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /81

  Size: 11KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /92

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ