Static task
static1
Behavioral task
behavioral1
Sample
5509c319219d5b1ec17b3ac404e167c5_JaffaCakes118.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
5509c319219d5b1ec17b3ac404e167c5_JaffaCakes118.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
General
-
Target
5509c319219d5b1ec17b3ac404e167c5_JaffaCakes118
-
Size
43KB
-
MD5
5509c319219d5b1ec17b3ac404e167c5
-
SHA1
4cafd2de656b9f63a0c794dd5aa43e34481ba124
-
SHA256
af36ad06245bfaf87236b1789fbbfee2b538b0f231df7b6b386e1a4f1f762344
-
SHA512
6ee2ca784b3862c67b956fe8855af1ef0b11ccd7298aff173355ac10bc9dd125d796d7957aceb741c52bad3608d8dfa6906b377c8972369d49f878bd545f2db9
-
SSDEEP
768:Yo658Q+AAWFxHos6OEV+kFrOFi3p2h5BLcZgvWowEITFdD:/k/Is6fVEE5KLlWow15dD
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5509c319219d5b1ec17b3ac404e167c5_JaffaCakes118
Files
-
5509c319219d5b1ec17b3ac404e167c5_JaffaCakes118.exe windows:5 windows x86 arch:x86
029432d54a669f9178612406bff86e4a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
rpcrt4
I_RpcSendReceive
RpcServerUnregisterIfEx
NdrServerUnmarshall
NdrNonEncapsulatedUnionMemorySize
NdrConformantVaryingArrayMarshall
MesHandleFree
NdrFullPointerXlatFree
NdrConformantStructMarshall
RpcErrorClearInformation
NdrNonEncapsulatedUnionBufferSize
UuidFromStringA
I_RpcServerInqAddressChangeFn
UuidCreateNil
RpcNsBindingInqEntryNameA
I_RpcServerInqTransportType
I_RpcServerSetAddressChangeFn
NdrpCreateStub
NdrCreateServerInterfaceFromStub
NdrDllGetClassObject
RpcObjectSetInqFn
NdrpReleaseTypeGenCookie
pfnSizeRoutines
RpcRaiseException
RpcCertGeneratePrincipalNameW
I_RpcTransServerNewConnection
NdrClientInitialize
opengl32
glListBase
glVertex3dv
glLighti
glDebugEntry
glTexCoord1i
glLoadMatrixf
glColorMask
glRasterPos2iv
glColorPointer
glEvalPoint2
glRasterPos2f
wglDescribePixelFormat
glGetMapdv
glGetTexEnviv
glClearDepth
glTexImage2D
glColor3ui
glAccum
glIndexub
glGenTextures
GlmfEndGlsBlock
glRasterPos4fv
glMaterialiv
glVertex4sv
wglUseFontOutlinesW
glColor3iv
glPixelMapusv
dbghelp
dh
SymEnumTypes
SymFromName
SymEnumerateSymbolsW
SymEnumerateSymbols64
MakeSureDirectoryPathExists
SymGetLineFromName64
srcfiles
SymGetSymFromName64
ImagehlpApiVersion
SymGetTypeInfo
MapDebugInformation
SymMatchString
SymEnumSymbols
SymFunctionTableAccess
SymUnDName
SymGetSymPrev
SymGetLineNext
ExtensionApiVersion
DbgHelpCreateUserDumpW
DbgHelpCreateUserDump
FindFileInPath
MiniDumpWriteDump
ImageDirectoryEntryToData
EnumerateLoadedModules64
UnDecorateSymbolName
FindExecutableImage
SymGetModuleInfo
SymUnloadModule
SymGetFileLineOffsets64
SymEnumerateSymbolsW64
SymGetSymNext64
SymFunctionTableAccess64
SymFromAddr
FindFileInSearchPath
SymGetModuleBase
sym
SymLoadModule64
ImageRvaToVa
SymGetModuleBase64
dbghelp
odbc32
SQLNativeSql
SQLProcedureColumnsW
SQLParamOptions
SQLGetStmtAttr
ODBCGetTryWaitValue
SQLConnect
SQLRowCount
SQLPrepareA
SQLTransact
SQLAllocHandleStd
PostODBCComponentError
SQLGetConnectOptionA
SQLBrowseConnect
ODBCSetTryWaitValue
SQLGetDiagRecA
SQLDrivers
SQLSetConnectOption
SQLColAttributeA
SQLColAttributes
SQLGetData
SQLSetDescFieldA
SQLCloseCursor
SQLGetInfoW
SQLFetchScroll
SQLGetDiagField
SQLSpecialColumnsA
SQLSetCursorName
SQLGetConnectOptionW
user32
DlgDirListA
GetClassInfoA
GetClassLongA
CallMsgFilter
GetAppCompatFlags2
CharPrevW
DrawMenuBarTemp
SetDlgItemInt
CharUpperBuffA
SetScrollPos
IsDialogMessage
RegisterClassExW
ToUnicode
IsRectEmpty
IsIconic
IMPSetIMEW
CreateIcon
QuerySendMessage
MBToWCSEx
CreateWindowExA
ScrollDC
SetWindowLongW
RegisterWindowMessageW
DialogBoxIndirectParamW
SetUserObjectSecurity
GetLastInputInfo
CsrBroadcastSystemMessageExW
CharPrevA
MoveWindow
SystemParametersInfoA
GetOpenClipboardWindow
msvcrt20
_getws
_tcsnicmp
?overflow@filebuf@@UAEHH@Z
??_Dofstream@@QAEXXZ
_execlp
??5istream@@QAEAAV0@PAC@Z
??0filebuf@@QAE@HPADH@Z
_mbctolower
??5istream@@QAEAAV0@PAD@Z
__winitenv
??0istream_withassign@@QAE@XZ
_assert
tan
??5istream@@QAEAAV0@AAD@Z
?seekg@istream@@QAEAAV1@J@Z
getc
_amsg_exit
time
_wsearchenv
_ismbcspace
??1ifstream@@UAE@XZ
??5istream@@QAEAAV0@AAO@Z
_CxxThrowException
ispunct
_mbslwr
_mbctokata
mbstowcs
atoi
_fmode
_setmode
qsort
??5istream@@QAEAAV0@PAE@Z
strncat
??_7istream@@6B@
??6ostream@@QAEAAV0@D@Z
_wctime
?sync@strstreambuf@@UAEHXZ
?str@strstreambuf@@QAEPADXZ
?setmode@ifstream@@QAEHH@Z
_errno
ufat
?QueryCensusAndRelocate@FAT_SA@@QAEEPAU_CENSUS_REPORT@@PAVINTSTACK@@PAE@Z
?Initialize@REAL_FAT_SA@@UAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@E@Z
?Read@REAL_FAT_SA@@UAEEPAVMESSAGE@@@Z
?QueryEaSetClusterNumber@EA_HEADER@@QBEGG@Z
?QueryLongName@FATDIR@@QAEEJPAVWSTRING@@@Z
??1FILEDIR@@UAE@XZ
?QueryLengthOfChain@FAT@@QBEKKPAK@Z
?Read@CLUSTER_CHAIN@@UAEEXZ
?QueryLastWriteTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?Write@CLUSTER_CHAIN@@UAEEXZ
Format
Recover
?SearchForDirEntry@FATDIR@@QAEPAXPBVWSTRING@@@Z
?FreeChain@FAT@@QAEXK@Z
?QueryName@FAT_DIRENT@@QBEEPAVWSTRING@@@Z
??1FAT_SA@@UAE@XZ
??1REAL_FAT_SA@@UAE@XZ
?IsValidLastAccessTime@FAT_DIRENT@@QBEEXZ
?Initialize@FILEDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@K@Z
Chkdsk
??0FAT_SA@@QAE@XZ
?Initialize@EA_SET@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?Initialize@FAT_DIRENT@@QAEEPAXE@Z
??0CLUSTER_CHAIN@@QAE@XZ
??1FAT_DIRENT@@UAE@XZ
?QueryLastAccessTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?Set12@FAT@@AAEXKK@Z
?Initialize@ROOTDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@KJ@Z
?QueryCreationTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?QueryFileStartingCluster@FAT_SA@@QAEKPBVWSTRING@@PAVHMEM@@PAPAVFATDIR@@PAEPAVFAT_DIRENT@@@Z
??0EA_SET@@QAE@XZ
??1ROOTDIR@@UAE@XZ
kernel32
WriteConsoleInputVDMA
lstrcpyA
BuildCommDCBAndTimeoutsA
GetConsoleCommandHistoryLengthA
HeapFree
MultiByteToWideChar
GetPrivateProfileSectionA
RtlCaptureContext
GetCalendarInfoA
GetExitCodeProcess
FlushFileBuffers
VirtualFreeEx
FindResourceExW
EnumDateFormatsW
CompareStringW
lstrcpy
VirtualAlloc
TerminateJobObject
Thread32First
AddLocalAlternateComputerNameW
WinExec
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetDefaultCommConfigA
SetVolumeMountPointW
SetProcessAffinityMask
GetWindowsDirectoryA
GetSystemInfo
_lwrite
lstrcmpW
GetConsoleAliasesLengthA
GlobalAddAtomA
FindCloseChangeNotification
LoadModule
CreateSemaphoreA
Module32NextW
GetStartupInfoA
GetCurrencyFormatW
odbccu32
SQLGetStmtOption
SQLNativeSql
SQLFetchScroll
SQLBindParameter
SQLFreeHandle
SQLNumParams
SQLFreeStmt
SQLGetInfo
SQLGetData
SQLSetPos
SQLRowCount
SQLParamData
SQLSetStmtOption
SQLBulkOperations
SQLTransact
SQLPrepare
SQLExtendedFetch
SQLSetDescField
SQLMoreResults
ReleaseCLStmtResources
SQLSetStmtAttr
SQLFetch
SQLSetConnectOption
SQLGetDescRec
SQLGetDescField
SQLSetDescRec
SQLPutData
SQLCloseCursor
SQLExecDirect
SQLExecute
SQLEndTran
SQLSetScrollOptions
SQLParamOptions
SQLCancel
SQLBindCol
SQLGetStmtAttr
SQLSetConnectAttr
ole32
OleQueryLinkFromData
StgCreatePropStg
CoFreeAllLibraries
CoRegisterChannelHook
CoGetObject
OleRun
CoReactivateObject
OleUninitialize
CoInitializeEx
StgCreateStorageEx
BindMoniker
OleCreateLinkFromData
OleCreateFromFileEx
OleSetAutoConvert
OleCreateFromFile
DoDragDrop
HMENU_UserUnmarshal
CoResumeClassObjects
StgCreateDocfileOnILockBytes
STGMEDIUM_UserFree
OleGetIconOfFile
StgSetTimes
MonikerRelativePathTo
OleFlushClipboard
StgOpenStorageEx
PropSysAllocString
StgOpenStorage
OleCreateLink
OleDoAutoConvert
CoRegisterClassObject
OleConvertIStorageToOLESTREAM
StgConvertVariantToProperty
HMENU_UserSize
OleInitializeWOW
FreePropVariantArray
CoRevokeMallocSpy
CoSwitchCallContext
CLSIDFromProgID
CoInitialize
IsValidIid
PropVariantCopy
HENHMETAFILE_UserFree
OleCreateFromData
ReadClassStg
HMETAFILEPICT_UserMarshal
CoGetMarshalSizeMax
CoFreeUnusedLibraries
StgCreateDocfile
ReadClassStm
CoGetClassVersion
HWND_UserMarshal
CoGetMalloc
UtConvertDvtd16toDvtd32
CoGetComCatalog
GetDocumentBitStg
CoGetPSClsid
HMETAFILE_UserFree
HACCEL_UserFree
PropSysFreeString
STGMEDIUM_UserSize
WriteStringStream
CreatePointerMoniker
CoFreeUnusedLibrariesEx
HMETAFILE_UserMarshal
GetHGlobalFromILockBytes
ReadOleStg
CoLoadLibrary
StgConvertPropertyToVariant
OleBuildVersion
msvcp60
_LDtest
?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@N@0@@Z
??1bad_cast@std@@UAE@XZ
?close@?$basic_fstream@GU?$char_traits@G@std@@@std@@QAEXXZ
??Kstd@@YA?AV?$complex@M@0@ABMABV10@@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0bad_cast@std@@QAE@ABV01@@Z
?do_narrow@?$ctype@G@std@@MBEPBGPBG0DPAD@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@O@0@@Z
??_8?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@7B@
??Gstd@@YA?AV?$complex@M@0@ABV10@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@
?quiet_NaN@?$numeric_limits@_N@std@@SA_NXZ
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAG@Z
?_Sinh@?$_Ctr@O@std@@SAOOO@Z
??1_Timevec@std@@QAE@XZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??_7bad_alloc@std@@6B@
??0?$collate@D@std@@QAE@I@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
??_0std@@YAAAV?$complex@M@0@AAV10@ABV10@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
?min@?$numeric_limits@C@std@@SACXZ
??_F?$complex@N@std@@QAEXXZ
?unget@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
?find_first_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??8locale@std@@QBE_NABV01@@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??1?$collate@G@std@@UAE@XZ
??0?$numpunct@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
_FNan
??_7?$numpunct@G@std@@6B@
??_7?$messages@G@std@@6B@
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@C@std@@QAEAAV01@ABV01@@Z
_Exp
?overflow@?$basic_filebuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?endl@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@1@AAV21@@Z
?epsilon@?$numeric_limits@C@std@@SACXZ
_FDnorm
??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@
??_F?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0bad_typeid@std@@QAE@ABV01@@Z
?grouping@?$numpunct@D@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?seekoff@?$basic_filebuf@GU?$char_traits@G@std@@@std@@MAE?AV?$fpos@H@2@JW4seekdir@ios_base@2@H@Z
?compare@?$collate@G@std@@QBEHPBG000@Z
_Getctype
?_Init@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAEXABV_Locinfo@2@@Z
??_7facet@locale@std@@6B@
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?infinity@?$numeric_limits@M@std@@SAMXZ
_Toupper
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IABV12@II@Z
??Pstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??Zstd@@YAAAV?$complex@M@0@AAV10@ABV10@@Z
?scan_not@?$ctype@G@std@@QBEPBGFPBG0@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
?sync@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEHXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?find@?$char_traits@G@std@@SAPBGPBGIABG@Z
?pubseekpos@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE?AV?$fpos@H@2@V32@F@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
??Hstd@@YA?AV?$complex@O@0@ABV10@@Z
?sqrt@?$_Ctr@N@std@@SANN@Z
?_Init@?$_Mpunct@G@std@@IAEXABV_Locinfo@2@@Z
?do_scan_not@?$ctype@G@std@@MBEPBGFPBG0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?opfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE_NXZ
?imbue@?$basic_ios@GU?$char_traits@G@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??_7codecvt_base@std@@6B@
?isfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
?in@?$codecvt@GDH@std@@QBEHAAHPBD1AAPBDPAG3AAPAG@Z
?min@?$numeric_limits@F@std@@SAFXZ
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?do_frac_digits@?$_Mpunct@G@std@@MBEHXZ
untfs
Chkdsk
?QueryAttributeList@NTFS_FRS_STRUCTURE@@QAEEPAVNTFS_ATTRIBUTE_LIST@@@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEXZ
?QueryDefaultClustersPerIndexBuffer@NTFS_SA@@SGKPBVDP_DRIVE@@K@Z
?ComputeFileNameSignature@NTFS_MFT_INFO@@CGXKPAU_FILE_NAME@@QAE@Z
?Read@NTFS_MFT_FILE@@UAEEXZ
?ReadAgain@NTFS_FRS_STRUCTURE@@QAEEVBIG_INT@@@Z
?Initialize@NTFS_ATTRIBUTE_DEFINITION_TABLE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@E@Z
?InsertEntry@NTFS_INDEX_TREE@@QAEEKPAXU_MFT_SEGMENT_REFERENCE@@E@Z
?CompareDupInfo@NTFS_MFT_INFO@@SGEPAXPAU_FILE_NAME@@@Z
?IsAttributePresent@NTFS_FILE_RECORD_SEGMENT@@QAEEKPBVWSTRING@@E@Z
?Create@NTFS_FILE_RECORD_SEGMENT@@QAEEPBU_STANDARD_INFORMATION@@G@Z
??1NTFS_FILE_RECORD_SEGMENT@@UAE@XZ
?Initialize@NTFS_UPCASE_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Initialize@NTFS_MFT_INFO@@QAEEVBIG_INT@@PAVNTFS_UPCASE_TABLE@@EE_K@Z
??0NTFS_UPCASE_FILE@@QAE@XZ
?GetNextAttributeListEntry@NTFS_ATTRIBUTE_LIST@@QBEPBU_ATTRIBUTE_LIST_ENTRY@@PBU2@@Z
??1NTFS_SA@@UAE@XZ
?Initialize@NTFS_ATTRIBUTE@@QAEEPAVLOG_IO_DP_DRIVE@@KPBXKKPBVWSTRING@@G@Z
Recover
??0NTFS_REFLECTED_MASTER_FILE_TABLE@@QAE@XZ
?WriteRemainingBootCode@NTFS_SA@@QAEEXZ
??1NTFS_BITMAP_FILE@@UAE@XZ
??1NTFS_BITMAP@@UAE@XZ
?TakeCensus@NTFS_SA@@QAEEPAVNTFS_MASTER_FILE_TABLE@@KPAUNTFS_CENSUS_INFO@@@Z
?QueryAttributeListAttribute@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_ATTRIBUTE@@PAE@Z
??1NTFS_ATTRIBUTE_RECORD@@UAE@XZ
?Flush@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_BITMAP@@PAVNTFS_INDEX_TREE@@E@Z
?Initialize@NTFS_BITMAP@@QAEEVBIG_INT@@EPAVLOG_IO_DP_DRIVE@@K@Z
??0NTFS_BOOT_FILE@@QAE@XZ
fmifs
FormatEx2
EnableVolumeCompression
SetLabel
Format
ChkdskEx
ComputeFmMediaType
QuerySupportedMedia
QueryDeviceInformation
Chkdsk
FormatEx
QueryAvailableFileSystemFormat
QueryLatestFileSystemVersion
QueryFileSystemName
Extend
DiskCopy
QueryDeviceInformationByHandle
advapi32
ClearEventLogW
CreateProcessWithLogonW
ReadEncryptedFileRaw
RegQueryInfoKeyA
RegCreateKeyExA
LsaLookupPrivilegeDisplayName
RegLoadKeyW
CredDeleteW
LsaQueryInformationPolicy
CredWriteDomainCredentialsW
SystemFunction027
SystemFunction026
CryptSignHashW
LsaClose
UpdateTraceW
GetInformationCodeAuthzLevelW
MakeSelfRelativeSD
SystemFunction005
DecryptFileA
SystemFunction034
CryptSetProviderExW
CryptHashData
OpenServiceA
QueryAllTracesW
LookupPrivilegeDisplayNameW
AddAuditAccessAceEx
DeregisterEventSource
gdi32
RectVisible
Sections
.text Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ