Extracted

Extracted

• c2465660bfd72a4872e25a131d0ff6ae_JaffaCakes118

  .exe windows:5 windows x86 arch:x86

  9e5da0daacd01168e9e71474a1a6e556

  
  

  Code Sign

  2e:ab:11:dc:50:ff:5c:9d:cb:c0

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  22/08/2007, 22:31

  Not After

  25/08/2012, 07:00

  Subject

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:01:cf:3e:00:00:00:00:00:0f

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  07/12/2009, 22:40

  Not After

  07/03/2011, 22:40

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  16/09/2006, 01:04

  Not After

  15/09/2019, 07:00

  Subject

  CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:06:94:2d:00:00:00:00:00:09

  Certificate

  Issuer

  CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  25/07/2008, 19:02

  Not After

  25/07/2013, 19:12

  Subject

  CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  29:ff:9e:3a:c4:cd:e0:3a:8d:18:4f:25:12:49:03:c5:02:ff:4e:16

  Signer

  Actual PE Digest

  29:ff:9e:3a:c4:cd:e0:3a:8d:18:4f:25:12:49:03:c5:02:ff:4e:16

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  c:\src\Tcpview\Release\Tcpview.pdb

  Imports

  version

  GetFileVersionInfoA

  GetFileVersionInfoSizeA

  VerQueryValueA

  ws2_32

  gethostbyname

  WSAGetLastError

  socket

  connect

  send

  recv

  closesocket

  WSAStartup

  getservbyport

  gethostname

  gethostbyaddr

  htons

  htonl

  ntohl

  ntohs

  iphlpapi

  SetTcpEntry

  GetTcpTable

  GetUdpTable

  comctl32

  ImageList_Create

  ord6

  ord17

  CreateToolbarEx

  ImageList_ReplaceIcon

  psapi

  GetModuleFileNameExA

  kernel32

  ReadProcessMemory

  CreateEventA

  DeviceIoControl

  GetCurrentProcessId

  DuplicateHandle

  GetCurrentProcess

  CreateFileA

  GetModuleFileNameA

  GetLastError

  GetNumberFormatA

  GetLocaleInfoA

  FormatMessageA

  GetTickCount

  TerminateProcess

  GlobalReAlloc

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  MulDiv

  GetUserDefaultLangID

  LeaveCriticalSection

  EnterCriticalSection

  HeapFree

  GetProcessHeap

  GetVersion

  InitializeCriticalSection

  ExpandEnvironmentStringsA

  GetConsoleCP

  SetFilePointer

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetEnvironmentStrings

  FreeEnvironmentStringsA

  CloseHandle

  SetHandleCount

  HeapSize

  GetStdHandle

  WriteFile

  ExitProcess

  Sleep

  HeapDestroy

  HeapCreate

  VirtualAlloc

  VirtualFree

  FatalAppExitA

  DeleteCriticalSection

  OpenProcess

  LCMapStringA

  GetCurrentThread

  SetLastError

  TlsFree

  TlsSetValue

  TlsAlloc

  TlsGetValue

  GetModuleHandleW

  IsValidCodePage

  GetOEMCP

  GetACP

  GetCPInfo

  GetStartupInfoA

  GetCommandLineA

  HeapReAlloc

  ResumeThread

  CreateThread

  GetCurrentThreadId

  ExitThread

  HeapAlloc

  RtlUnwind

  RaiseException

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  lstrlenW

  WideCharToMultiByte

  lstrlenA

  MultiByteToWideChar

  ResetEvent

  GetVersionExA

  GetSystemTimeAsFileTime

  QueryPerformanceCounter

  QueryPerformanceFrequency

  GetProcAddress

  GetCommandLineW

  LocalAlloc

  LoadLibraryA

  LocalFree

  GetModuleHandleA

  InterlockedDecrement

  InterlockedIncrement

  GetConsoleMode

  GetStringTypeA

  LoadLibraryW

  SetEvent

  GetTimeFormatA

  GetDateFormatA

  GetUserDefaultLCID

  EnumSystemLocalesA

  LCMapStringW

  WaitForSingleObject

  IsValidLocale

  InitializeCriticalSectionAndSpinCount

  SetConsoleCtrlHandler

  FreeLibrary

  InterlockedExchange

  SetStdHandle

  FlushFileBuffers

  WriteConsoleA

  GetConsoleOutputCP

  WriteConsoleW

  GetTimeZoneInformation

  GetLocaleInfoW

  SetEndOfFile

  ReadFile

  CompareStringA

  CompareStringW

  SetEnvironmentVariableA

  GetFileType

  GetStringTypeW

  user32

  GetMessageA

  TranslateAcceleratorA

  TranslateMessage

  DispatchMessageA

  RegisterClassA

  LoadMenuA

  InsertMenuA

  CreateMenu

  GetSubMenu

  SetMenuItemInfoA

  DrawMenuBar

  PostQuitMessage

  LoadStringA

  DialogBoxParamA

  TrackPopupMenu

  UpdateWindow

  DestroyIcon

  SetDlgItemTextA

  GetParent

  ChildWindowFromPoint

  InvalidateRect

  SetCapture

  ReleaseCapture

  SetWindowLongA

  GetWindowLongA

  GetCursorPos

  GetClientRect

  CreateWindowExA

  SetFocus

  CallWindowProcA

  GetSysColor

  LoadAcceleratorsA

  LoadIconA

  DrawIconEx

  InvalidateRgn

  SetWindowPos

  GetMenu

  CheckMenuItem

  SetTimer

  KillTimer

  GetWindowRect

  IsIconic

  IsZoomed

  OpenClipboard

  EmptyClipboard

  SetClipboardData

  CloseClipboard

  GetFocus

  GetDC

  DrawTextA

  ReleaseDC

  GetSystemMetrics

  MoveWindow

  ShowWindow

  ClientToScreen

  ScreenToClient

  PostMessageA

  DestroyWindow

  DefWindowProcA

  MessageBoxA

  DialogBoxIndirectParamA

  GetDlgItem

  GetSysColorBrush

  EndDialog

  SetWindowTextA

  LoadCursorA

  SetCursor

  InflateRect

  SendMessageA

  FillRect

  EnableMenuItem

  gdi32

  SetBkMode

  GetDeviceCaps

  SetMapMode

  EndDoc

  StartDocA

  EndPage

  StartPage

  SetTextColor

  SelectObject

  CreateFontIndirectA

  DeleteDC

  CreateCompatibleDC

  GetObjectA

  GetStockObject

  DeleteObject

  CreateSolidBrush

  GetBkColor

  GetTextMetricsA

  SetBkColor

  comdlg32

  PrintDlgA

  ChooseFontA

  GetSaveFileNameA

  advapi32

  RegOpenKeyA

  AllocateAndInitializeSid

  GetTokenInformation

  FreeSid

  OpenProcessToken

  LookupPrivilegeValueA

  AdjustTokenPrivileges

  ConvertSidToStringSidA

  FlushTraceA

  RegCreateKeyA

  RegQueryValueExA

  RegSetValueExA

  RegCloseKey

  EqualSid

  RegOpenKeyExA

  shell32

  ShellExecuteA

  SHGetFileInfoA

  CommandLineToArgvW

  ShellExecuteExA

  ole32

  CoCreateInstance

  CoInitialize

  CoSetProxyBlanket

  oleaut32

  SysStringLen

  SysFreeString

  VariantClear

  VariantInit

  VariantChangeType

  SafeArrayGetElement

  SafeArrayDestroy

  SafeArrayUnaccessData

  SafeArrayAccessData

  CreateErrorInfo

  SafeArrayGetUBound

  SafeArrayGetLBound

  SysAllocStringByteLen

  SysStringByteLen

  SysAllocStringLen

  GetErrorInfo

  SetErrorInfo

  SysAllocString

  Sections

  .text

  Size: 232KB - Virtual size: 231KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 38KB - Virtual size: 37KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 6KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 9KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ