Extracted

• 2c156f2fd5c0a5550cafb7b1fa55faeb_JaffaCakes118

  .exe .js windows:4 windows x86 arch:x86 polyglot

  2407c6fa7f76df84eb6f2c0a47baa4fb

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  msvcrt

  exit

  _vsnprintf

  fseek

  ftell

  _stricmp

  fwrite

  free

  strncpy

  ??2@YAPAXI@Z

  ??3@YAXPAX@Z

  fprintf

  sscanf

  strtoul

  fopen

  fread

  fclose

  srand

  strtok

  atoi

  strstr

  rand

  _snprintf

  strncmp

  malloc

  sprintf

  kernel32

  CopyFileA

  Sleep

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  CreateThread

  GetTickCount

  GetModuleFileNameA

  GetModuleHandleA

  CloseHandle

  ReadFile

  lstrlenA

  GetFileSize

  CreateFileA

  lstrcpyA

  GetProcAddress

  LoadLibraryA

  lstrcpynA

  lstrcmpA

  GetLocaleInfoA

  GetVersionExA

  ExitProcess

  CreateProcessA

  GetSystemDirectoryA

  WinExec

  WriteFile

  FindClose

  FindNextFileA

  SetCurrentDirectoryA

  FindFirstFileA

  GetDriveTypeA

  GetEnvironmentVariableA

  lstrcatA

  SetFileAttributesA

  MoveFileExA

  GetShortPathNameA

  SetFileTime

  GetFileTime

  SearchPathA

  GetWindowsDirectoryA

  Process32Next

  TerminateProcess

  Process32First

  CreateToolhelp32Snapshot

  OpenProcess

  TerminateThread

  GetLastError

  WaitForSingleObject

  lstrcmpiA

  ExitThread

  LocalFree

  LocalAlloc

  GetCurrentProcessId

  CreateMutexA

  user32

  keybd_event

  SetFocus

  SetForegroundWindow

  BringWindowToTop

  VkKeyScanA

  GetClassNameA

  GetWindowTextA

  EnumWindows

  ShowWindow

  wsprintfA

  CloseClipboard

  EmptyClipboard

  OpenClipboard

  PostMessageA

  SetWindowPos

  MessageBoxA

  FindWindowA

  GetForegroundWindow

  GetAsyncKeyState

  GetKeyState

  CharLowerA

  SetClipboardData

  ws2_32

  socket

  send

  recv

  inet_addr

  htons

  connect

  select

  closesocket

  getpeername

  getsockname

  WSASocketA

  WSAConnect

  WSACleanup

  gethostname

  ntohs

  inet_ntoa

  __WSAFDIsSet

  WSAStartup

  setsockopt

  bind

  listen

  accept

  gethostbyname

  ioctlsocket

  advapi32

  GetUserNameA

  DeleteService

  OpenServiceA

  OpenSCManagerA

  RegCloseKey

  RegSetValueExA

  RegOpenKeyExA

  CloseServiceHandle

  EnumServicesStatusA

  SetServiceStatus

  RegisterServiceCtrlHandlerA

  ImpersonateLoggedOnUser

  OpenProcessToken

  CreateServiceA

  StartServiceA

  UnlockServiceDatabase

  ChangeServiceConfig2A

  QueryServiceLockStatusA

  LockServiceDatabase

  StartServiceCtrlDispatcherA

  shell32

  ShellExecuteA

  psapi

  GetModuleBaseNameA

  EnumProcessModules

  EnumProcesses

  wininet

  InternetConnectA

  HttpOpenRequestA

  HttpSendRequestA

  InternetOpenA

  InternetOpenUrlA

  InternetReadFile

  InternetCloseHandle

  InternetCrackUrlA

  msvcp60

  ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z

  ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

  ?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ

  ?_Xran@std@@YAXXZ

  ?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z

  ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

  odbc32

  ord31

  ord41

  ord75

  ord24

  ord11

  crypt32

  CryptUnprotectData

  Sections

  .text

  Size: 36KB - Virtual size: 33KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 8KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 20KB - Virtual size: 23KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE