Extracted

• 894e49e3585cf11fc1220a57ee90cb92_JaffaCakes118

  .exe windows:5 windows x86 arch:x86

  3661111abf7ea2956b8d72d6f8ec66d1

  
  

  Code Sign

  2e:ab:11:dc:50:ff:5c:9d:cb:c0

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  22/08/2007, 22:31

  Not After

  25/08/2012, 07:00

  Subject

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:01:b2:9b:00:00:00:00:00:15

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  21/02/2011, 20:53

  Not After

  21/05/2012, 20:53

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  16/09/2006, 01:04

  Not After

  15/09/2019, 07:00

  Subject

  CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:05:a2:30:00:00:00:00:00:08

  Certificate

  Issuer

  CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  25/07/2008, 19:01

  Not After

  25/07/2013, 19:11

  Subject

  CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  92:36:25:13:c0:6a:af:6f:34:61:b2:ee:51:c8:b9:fb:ca:e0:39:f9

  Signer

  Actual PE Digest

  92:36:25:13:c0:6a:af:6f:34:61:b2:ee:51:c8:b9:fb:ca:e0:39:f9

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  c:\src\Misc\procdump\Release\procdump.pdb

  Imports

  kernel32

  WaitForSingleObject

  SetEvent

  OpenProcess

  Sleep

  SizeofResource

  FormatMessageW

  GetExitCodeProcess

  GetTimeFormatW

  GetFileAttributesW

  TerminateProcess

  GetModuleFileNameW

  CreateFileW

  InterlockedExchange

  GetLastError

  GetCurrentDirectoryW

  Process32FirstW

  OpenThread

  GetProcessId

  SetConsoleCtrlHandler

  LockResource

  CreateEventW

  GetSystemInfo

  WaitForMultipleObjects

  Process32NextW

  GetCurrentProcess

  CreateToolhelp32Snapshot

  WaitForDebugEvent

  CloseHandle

  DeleteFileW

  GetSystemTime

  ExpandEnvironmentStringsW

  VirtualQueryEx

  ReadProcessMemory

  CreateFileA

  ReadFile

  GetProcessHeap

  SetEndOfFile

  FlushFileBuffers

  SetStdHandle

  WriteConsoleW

  GetConsoleOutputCP

  WriteConsoleA

  LoadLibraryA

  SystemTimeToTzSpecificLocalTime

  CreateProcessW

  LoadResource

  FindResourceW

  DebugActiveProcessStop

  GetDateFormatW

  GetThreadContext

  GetFullPathNameW

  DebugActiveProcess

  lstrcpyW

  LocalFree

  LocalAlloc

  GetProcAddress

  LoadLibraryW

  GetModuleHandleW

  GetCommandLineW

  IsBadStringPtrW

  lstrlenW

  ContinueDebugEvent

  SetFilePointer

  InitializeCriticalSectionAndSpinCount

  HeapFree

  HeapAlloc

  ExitThread

  ResumeThread

  CreateThread

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  GetCPInfo

  InterlockedIncrement

  InterlockedDecrement

  GetACP

  GetOEMCP

  IsValidCodePage

  TlsGetValue

  TlsAlloc

  TlsSetValue

  TlsFree

  SetLastError

  GetCurrentThreadId

  RaiseException

  HeapCreate

  VirtualFree

  DeleteCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  VirtualAlloc

  HeapReAlloc

  ExitProcess

  WriteFile

  GetStdHandle

  GetModuleFileNameA

  LCMapStringW

  RtlUnwind

  HeapSize

  WideCharToMultiByte

  GetConsoleCP

  GetConsoleMode

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  SetHandleCount

  GetFileType

  GetStartupInfoA

  QueryPerformanceCounter

  GetTickCount

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  LCMapStringA

  MultiByteToWideChar

  GetStringTypeA

  GetStringTypeW

  GetLocaleInfoA

  GetModuleHandleA

  user32

  SetWindowTextW

  SendMessageW

  GetSysColorBrush

  EndDialog

  IsHungAppWindow

  EnumWindows

  IsWindowVisible

  GetWindowThreadProcessId

  wsprintfW

  SetCursor

  DialogBoxIndirectParamW

  LoadCursorW

  InflateRect

  GetDlgItem

  gdi32

  StartPage

  GetDeviceCaps

  SetMapMode

  StartDocW

  EndDoc

  EndPage

  comdlg32

  PrintDlgW

  advapi32

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  RegOpenKeyW

  OpenProcessToken

  RegSetValueExW

  RegCreateKeyW

  RegCloseKey

  RegOpenKeyExW

  RegQueryValueExW

  pdh

  PdhOpenQueryW

  PdhAddCounterW

  PdhCollectQueryData

  PdhGetFormattedCounterValue

  Sections

  .text

  Size: 102KB - Virtual size: 102KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 38KB - Virtual size: 38KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 5KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 185KB - Virtual size: 184KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 9KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ