Extracted

• eecc12048d1de87180ade47fa3153364_JaffaCakes118

  .exe windows:5 windows x86 arch:x86

  6f5f404a0f036f081074d4220baf3a50

  
  

  Code Sign

  2e:ab:11:dc:50:ff:5c:9d:cb:c0

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  22/08/2007, 22:31

  Not After

  25/08/2012, 07:00

  Subject

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:01:cf:3e:00:00:00:00:00:0f

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  07/12/2009, 22:40

  Not After

  07/03/2011, 22:40

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  16/09/2006, 01:04

  Not After

  15/09/2019, 07:00

  Subject

  CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:05:a2:30:00:00:00:00:00:08

  Certificate

  Issuer

  CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  25/07/2008, 19:01

  Not After

  25/07/2013, 19:11

  Subject

  CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  5f:4b:30:c2:13:91:bf:bc:a5:54:9b:80:d3:3a:b1:79:a8:89:b7:69

  Signer

  Actual PE Digest

  5f:4b:30:c2:13:91:bf:bc:a5:54:9b:80:d3:3a:b1:79:a8:89:b7:69

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  c:\src\Pstools\pslist\Release\pslist.pdb

  Imports

  mpr

  WNetAddConnection2A

  WNetCancelConnection2A

  version

  VerQueryValueA

  GetFileVersionInfoSizeA

  GetFileVersionInfoA

  netapi32

  NetApiBufferFree

  NetServerEnum

  ws2_32

  inet_ntoa

  gethostbyname

  WSAStartup

  gethostname

  kernel32

  FileTimeToSystemTime

  FileTimeToLocalFileTime

  GetSystemTimeAsFileTime

  SetConsoleCursorPosition

  SetConsoleCtrlHandler

  SetPriorityClass

  GetCurrentProcess

  GetComputerNameA

  GetLastError

  SetLastError

  GetTickCount

  CloseHandle

  CreateFileA

  FreeLibrary

  WriteFile

  FormatMessageA

  LoadLibraryExA

  LockResource

  SizeofResource

  LoadResource

  GetDateFormatA

  DeleteFileA

  GetSystemDirectoryA

  WaitForSingleObject

  WideCharToMultiByte

  GetVersion

  GetModuleFileNameA

  SetEvent

  ConnectNamedPipe

  EnumSystemLocalesA

  GetLocaleInfoA

  GetUserDefaultLCID

  GetCurrentProcessId

  QueryPerformanceCounter

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetEnvironmentStrings

  FreeEnvironmentStringsA

  GetStartupInfoA

  GetFileType

  GetTimeFormatA

  Sleep

  GetStdHandle

  GetConsoleScreenBufferInfo

  FillConsoleOutputCharacterA

  GetProcAddress

  lstrcpynA

  LocalAlloc

  GetCommandLineW

  LoadLibraryA

  LocalFree

  GetModuleHandleA

  IsBadStringPtrA

  lstrlenA

  IsValidLocale

  HeapSize

  SetFilePointer

  SetEnvironmentVariableA

  GetLocaleInfoW

  WriteConsoleA

  GetConsoleOutputCP

  WriteConsoleW

  SetStdHandle

  ReadFile

  GetTimeZoneInformation

  SetEndOfFile

  GetProcessHeap

  CompareStringA

  CompareStringW

  FindResourceA

  HeapAlloc

  HeapFree

  RtlUnwind

  GetModuleHandleW

  ExitProcess

  ReadConsoleInputA

  SetConsoleMode

  GetConsoleMode

  PeekConsoleInputA

  GetNumberOfConsoleInputEvents

  ExitThread

  ResumeThread

  CreateThread

  EnterCriticalSection

  LeaveCriticalSection

  GetCurrentThreadId

  GetCommandLineA

  GetCPInfo

  InterlockedIncrement

  InterlockedDecrement

  GetACP

  GetOEMCP

  IsValidCodePage

  TlsGetValue

  TlsAlloc

  TlsSetValue

  TlsFree

  GetCurrentThread

  LCMapStringA

  MultiByteToWideChar

  LCMapStringW

  TerminateProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  RaiseException

  DeleteCriticalSection

  FatalAppExitA

  VirtualFree

  VirtualAlloc

  HeapReAlloc

  HeapCreate

  HeapDestroy

  GetStringTypeA

  GetStringTypeW

  InterlockedExchange

  InitializeCriticalSectionAndSpinCount

  GetConsoleCP

  FlushFileBuffers

  SetHandleCount

  user32

  SetWindowTextA

  LoadCursorA

  EndDialog

  InflateRect

  SendMessageA

  GetSysColorBrush

  GetDlgItem

  DialogBoxIndirectParamA

  wsprintfA

  SetCursor

  gdi32

  SetMapMode

  StartDocA

  StartPage

  EndPage

  EndDoc

  GetDeviceCaps

  comdlg32

  PrintDlgA

  advapi32

  StartServiceA

  OpenProcessToken

  LookupPrivilegeValueA

  AdjustTokenPrivileges

  LogonUserA

  ImpersonateLoggedOnUser

  RegConnectRegistryA

  RevertToSelf

  DeleteService

  ControlService

  OpenSCManagerA

  OpenServiceA

  QueryServiceStatus

  CreateServiceA

  CloseServiceHandle

  RegCreateKeyA

  RegSetValueExA

  RegOpenKeyExA

  RegQueryValueExA

  RegCloseKey

  Sections

  .text

  Size: 176KB - Virtual size: 175KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 33KB - Virtual size: 33KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 8KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ