Extracted

• 537b65309e47ab37a86576365cdf2b07_JaffaCakes118

  .exe windows:4 windows x86 arch:x86

  62c28516ebfae45fbe7403fd12451c72

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetProcAddress

  LoadLibraryA

  FreeLibrary

  LocalFree

  MapViewOfFile

  CloseHandle

  UnmapViewOfFile

  GetCurrentProcess

  GetVersionExA

  TerminateThread

  TransactNamedPipe

  CreateFileA

  DeleteFileA

  CopyFileA

  SetFileAttributesA

  GetFileAttributesA

  GetModuleHandleA

  WideCharToMultiByte

  WriteFile

  WaitForSingleObject

  CreateEventA

  ReadFile

  lstrlenA

  CreateDirectoryA

  lstrcatA

  GetDriveTypeA

  GetLogicalDriveStringsA

  GetComputerNameA

  Module32Next

  Module32First

  CreateToolhelp32Snapshot

  GetCurrentProcessId

  IsDebuggerPresent

  lstrcpyA

  GetTempPathA

  SetFilePointer

  GetFileSize

  MoveFileA

  CreateFileMappingA

  EnterCriticalSection

  QueryPerformanceCounter

  ExitProcess

  CreateProcessA

  ReleaseMutex

  CreateMutexA

  GetDiskFreeSpaceExA

  GlobalMemoryStatusEx

  GetTimeFormatA

  GetDateFormatA

  GetSystemDirectoryA

  GetLocaleInfoA

  lstrcmpA

  GetExitCodeProcess

  PeekNamedPipe

  DuplicateHandle

  CreatePipe

  ReadProcessMemory

  OpenProcess

  TerminateProcess

  Process32Next

  Process32First

  GetCurrentThread

  LocalAlloc

  lstrcpynA

  SetFileTime

  GetFileTime

  GetWindowsDirectoryA

  GetLocalTime

  FindClose

  FindNextFileA

  FindFirstFileA

  RemoveDirectoryA

  TlsAlloc

  GetCurrentThreadId

  InitializeCriticalSection

  IsBadWritePtr

  HeapReAlloc

  LeaveCriticalSection

  DeleteCriticalSection

  InitializeCriticalSectionAndSpinCount

  GetLastError

  ExitThread

  lstrcmpiA

  GetModuleFileNameA

  CreateThread

  MultiByteToWideChar

  Sleep

  QueryPerformanceFrequency

  GetTickCount

  VirtualAlloc

  VirtualFree

  SetEnvironmentVariableA

  CompareStringW

  CompareStringA

  SetEndOfFile

  FlushFileBuffers

  GetStringTypeW

  GetStringTypeA

  IsBadCodePtr

  IsBadReadPtr

  GetEnvironmentStringsW

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  FreeEnvironmentStringsA

  GetOEMCP

  GetACP

  GetCPInfo

  SetStdHandle

  SetUnhandledExceptionFilter

  LCMapStringW

  LCMapStringA

  UnhandledExceptionFilter

  GetFileType

  GetStdHandle

  HeapCreate

  HeapDestroy

  SetHandleCount

  HeapSize

  TlsGetValue

  SetLastError

  HeapAlloc

  HeapFree

  RtlUnwind

  GetTimeZoneInformation

  GetSystemTime

  InterlockedDecrement

  InterlockedIncrement

  ResumeThread

  TlsSetValue

  RaiseException

  GetStartupInfoA

  GetCommandLineA

  GetVersion

  GetEnvironmentVariableA

  user32

  IsCharAlphaNumericA

  CharLowerA

  GetClassNameA

  SendMessageA

  wsprintfA

  advapi32

  RegCloseKey

  RegOpenKeyExA

  RegSetValueExA

  GetUserNameA

  OpenProcessToken

  LookupPrivilegeValueA

  AdjustTokenPrivileges

  GetSecurityInfo

  SetEntriesInAclA

  SetSecurityInfo

  RegQueryValueExA

  shell32

  ShellExecuteA

  SHGetSpecialFolderPathA

  ws2_32

  shutdown

  setsockopt

  ioctlsocket

  sendto

  bind

  getsockname

  listen

  gethostbyname

  ntohs

  WSACleanup

  select

  accept

  WSAStartup

  inet_addr

  htons

  WSASocketA

  connect

  send

  recv

  closesocket

  socket

  WSAGetLastError

  gethostname

  htonl

  getsockopt

  __WSAFDIsSet

  ntohl

  mpr

  WNetAddConnection2A

  iphlpapi

  GetUdpTable

  userenv

  GetUserProfileDirectoryA

  oleaut32

  GetErrorInfo

  Sections

  .text

  Size: 2.5MB - Virtual size: 2.5MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 16KB - Virtual size: 16KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE