Extracted

• aa97d13d14002736cdfcf84995bef320_JaffaCakes118

  .exe windows:4 windows x86 arch:x86

  9550791500921a98b13181022258b6f4

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  WaitForSingleObject

  WinExec

  GetFileSize

  FreeLibrary

  LoadLibraryA

  HeapFree

  lstrcmpA

  lstrcpynA

  HeapAlloc

  GetProcessHeap

  GetLastError

  GetCurrentProcess

  TerminateProcess

  OpenProcess

  Process32Next

  lstrcmpiA

  Process32First

  CreateToolhelp32Snapshot

  SetEvent

  ResetEvent

  GetModuleFileNameA

  CreateThread

  CreateEventA

  OutputDebugStringW

  lstrcpyW

  GetCompressedFileSizeA

  GetSystemTime

  GetCommandLineA

  LeaveCriticalSection

  EnterCriticalSection

  DeleteCriticalSection

  InitializeCriticalSection

  MultiByteToWideChar

  CreateFileW

  TransactNamedPipe

  FindClose

  FindNextFileA

  FindFirstFileA

  GetDriveTypeA

  GetLogicalDriveStringsA

  GetStartupInfoA

  ExitProcess

  SetSystemTime

  OutputDebugStringA

  GetModuleHandleA

  GetProcAddress

  Sleep

  lstrcpyA

  DeleteFileA

  GetSystemDirectoryA

  lstrlenA

  lstrcatA

  CreateFileA

  CloseHandle

  DeviceIoControl

  ReadFile

  SetFilePointer

  OpenEventA

  WriteFile

  mpr

  WNetCancelConnection2A

  WNetAddConnection2A

  ws2_32

  accept

  WSAGetLastError

  recv

  closesocket

  send

  htons

  inet_addr

  WSAStartup

  WSACleanup

  gethostname

  gethostbyname

  inet_ntoa

  bind

  listen

  select

  __WSAFDIsSet

  connect

  socket

  iphlpapi

  SendARP

  rpcrt4

  UuidToStringA

  UuidFromStringA

  user32

  ShowWindow

  FindWindowA

  SendMessageA

  wsprintfA

  wvsprintfA

  IsCharAlphaNumericA

  advapi32

  CloseServiceHandle

  ControlService

  OpenServiceA

  OpenSCManagerA

  ChangeServiceConfigA

  StartServiceA

  DeleteService

  ChangeServiceConfig2A

  CreateServiceA

  AdjustTokenPrivileges

  LookupPrivilegeValueA

  OpenProcessToken

  RegCloseKey

  RegRestoreKeyA

  RegOpenKeyA

  QueryServiceStatus

  shell32

  ShellExecuteA

  Sections

  .text

  Size: 20KB - Virtual size: 16KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 8KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 44KB - Virtual size: 71KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE