Extracted

• a1cffd8371b3813d93957b19437007ec_JaffaCakes118

  .exe windows:5 windows x86 arch:x86

  6b9c2520d35e798873812dd555e5333f

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  C:\Users\Arek\Desktop\norman_sandbox\events_exe\events_exe\Release\events_exe.pdb

  Imports

  kernel32

  DebugBreak

  WriteProcessMemory

  CreateThread

  CreateFileA

  FormatMessageA

  WriteFile

  ReadFile

  CloseHandle

  GetTempPathA

  LocalFree

  DeleteFileA

  lstrlenA

  WinExec

  CreateMutexA

  GetModuleHandleA

  LoadLibraryA

  VirtualAllocEx

  GetLastError

  TerminateProcess

  CreateProcessA

  ReadProcessMemory

  Sleep

  OpenProcess

  CreateRemoteThread

  GetCurrentProcess

  GetTempFileNameA

  FreeLibrary

  CreateFileW

  HeapSize

  WriteConsoleW

  GetProcessHeap

  SetEndOfFile

  IsProcessorFeaturePresent

  GetStringTypeW

  LCMapStringW

  MultiByteToWideChar

  LoadLibraryW

  FlushFileBuffers

  GetConsoleMode

  GetConsoleCP

  SetStdHandle

  IsValidCodePage

  GetOEMCP

  GetACP

  HeapFree

  HeapAlloc

  HeapReAlloc

  GetCommandLineA

  HeapSetInformation

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  EnterCriticalSection

  LeaveCriticalSection

  DecodePointer

  EncodePointer

  InitializeCriticalSectionAndSpinCount

  RtlUnwind

  SetFilePointer

  HeapCreate

  GetProcAddress

  GetModuleHandleW

  ExitProcess

  GetStdHandle

  GetModuleFileNameW

  GetModuleFileNameA

  FreeEnvironmentStringsW

  WideCharToMultiByte

  GetEnvironmentStringsW

  SetHandleCount

  GetFileType

  GetStartupInfoW

  DeleteCriticalSection

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  InterlockedIncrement

  SetLastError

  GetCurrentThreadId

  InterlockedDecrement

  QueryPerformanceCounter

  GetTickCount

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  GetCPInfo

  user32

  FindWindowA

  GetWindowThreadProcessId

  advapi32

  RegOpenKeyExA

  RegEnumKeyExA

  RegDeleteKeyA

  RegSetValueExA

  AdjustTokenPrivileges

  ControlService

  OpenSCManagerA

  LookupPrivilegeValueA

  CreateServiceA

  DeleteService

  OpenProcessToken

  CloseServiceHandle

  OpenServiceA

  RegCloseKey

  ws2_32

  WSAGetLastError

  inet_addr

  shutdown

  WSACleanup

  recv

  bind

  socket

  closesocket

  send

  WSAStartup

  connect

  htons

  wininet

  HttpSendRequestA

  InternetConnectA

  InternetOpenA

  InternetCloseHandle

  InternetReadFile

  HttpOpenRequestA

  Sections

  .text

  Size: 44KB - Virtual size: 43KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 12KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 9KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 436B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ