Extracted

• JaffaCakes118_a43e9d152796855e2d736ddfa8f65332ae1b4b8be8cd6592ecef9c9ab9ca2394

  .zip
• core.bat
• license.dat
• vessel-64.dat

  .dll regsvr32 windows:6 windows x64 arch:x64

  7699a5dff78fd6d7ef6c98d3071356f3

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DLL

  Imports

  shlwapi

  StrStrIA

  msvcrt

  memset

  kernel32

  GetCommandLineA

  FlsSetValue

  LocalAlloc

  LocalFree

  GetModuleFileNameW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  Sleep

  ExitProcess

  FreeLibrary

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  shell32

  SHGetFolderPathA

  wtsapi32

  WTSSendMessageW

  user32

  GetProcessWindowStation

  GetProcessWindowStation

  GetUserObjectInformationW

  Exports

  Exports

  �cz�X�C�t7�꛰� �Z}I)U_�`p��(?���6�Rhle( �Hh3Q'��Z��o�iޜ�J��C�8=f��_E�g�d��-R��R<��H�6�x�����v$�j�5��#<�vP����b-!���L���Tʝ��l�m�k���j�{0R���?�
  Y_�3�? V��`+�k�׿*���g�:�&!:�b�OΙ����F*����c�}l{F�pMR ٷ���-W��E�:Wʒu�娰�:y�dL�ɪ!�j�<��!˗��7��OcS/Nw�#g�y��_.O:G���(f15Y�t+������}eN ��C骽xP;O�՟G��,7kԥ��8$�@0�t�MIHo�{M��w��7K���;@���W�e����(YG��ؚ� G�"#�����RVf���9:ܒ>�,T� ����q>7�g��L�c�Q;�����T�!\zy���L�[���Zl
  *d�!;��GUf�S�CMZO�t����6R���C�`/�'@h�֦<�� C?Y�_���$ƯĠ��R�Y@�r@��ܮ���biF�fK�^��x����6(A���EO)����� ����>���ٍ2S"Z� ��y�[�Tײ -��*:�)���`d�8�_�=J[;z&�=��苃����Q�3�d�%�_ۉ{�@ѻ:x�D6f1M�{��nj =�y� p^��e�
  J�t7��yH�#*����6c���;9�}�B���{%60�FR�ʞ��֠,T(
  �皯H�L^��\+�vb|{�(K��j�Y����i8�ng���"��1z��崰񕪄ؐ����LNyp��r)�����`dM��J�"m@�7��LG�O�Qv��6�w�N�����Rt����+ٴ��������wvmn&<��J��c(U���o���I���2�i�N��?,�J0��L������h�?��B,��&*��q���#QNc��b�~�R��q�d/���&�hw��[��̆�D����������ų����֪'���X}��Hf�#��w��q��:��p�]{�V�[���E����v�o&R+R:�^�/|��6����]5RpSI<����oޞ[��2o𤋮9!�_[CJ�X��Pt¯�(��U�俥Lj�}�$��'��?kN��� �1oUY���Ҏxښ���ZNxw FY/^GMQ�΋�8��H�E��φ�Uƻ>�MMu���ĵ��7$�w�2���J"8�� F��7nB �Sb��/�r@��'�F���Y�_��)�������HS� �7;�</ڐ+'A��=D�_�{ �/Ǻ��0Si$�xWR���5�@�R"�M)�����nu#E�ūC�1�~*;����j��`�b/v�؜(|���7�w�+�> ��k@��4n���t��4f�*�i(�k�y�&' ��Zk�û�\��?뜭��9��y��l���C�Z0�U����ۇ��V�A��F�C� �^-��
  ���2�Z���2���`�Q qT���:�0��ؠ$d��(��V�vl$���Im�l�#<�#�����^٪~��g����^��=&��~�����ƛi��G,(���ߘ�"��k-�{sK�S1�Y�p��.�R�`���I ���$Z��1Kǧ��jR��[y��ir�9PCO }�2��ГϪb����Jx*0!�\'G���/�����x[�<
  �� ��>�.8�S%,DM�ʟ�����;�tiB9��L��ϱ�#
  �}k��^ ����A=mH��HT�&����R���!U���^�4�~E��u���ɑ�kBmYm*02�ʹ��{��cT�Y�C}���C!���8����Z%!� !3��D�l�ᘁڙ�0W�F#e>�}Q�{�q�
  �hu\^ʲ�s��!�CL;� �����S���ǟ cGaR�Ōe��{?Ԓ:�_��L�������>*��"w����qldF�P.��o*޻|w s#�)��B��n<~C?�7 �|��^AI�� W^Qww"��������ʌB�=!��R8�3�q�#�!G�(?�W�Vױe9"���w�������?R�dE0����_�Za��{� �D�ŽF7?J�$�+e�@�O�2i�9?Ъ��ē��]`u�3%�?��s� }e���2�A w N�-l��2����c�z���k��fԾ��󷏤�l��E�����1_y��w���E&���������n���ۀ��|?wL�$%�Y�E��?�5rn$��3B X���[\K�n�c����)~�5���Ip�ٱ��D;��ƥ�b���\��W� ��cxn�=˒I�7�[��>��&X＇Fh[f����f�ltFE���3*3��( *�ؕ=u���Ą��|,�)���>��i�+J�)���ھ$Xp!����H� �AVc~8�v���:�d0Z���3?g�1�T?�=9�O����I=�G�NX����HxK�\�F4n��#� F��>�"�����4E�<�pn�6F�*�Rd�J�/Xw�ӭ}����}P��`-8����q.�ܳq M�\��[�JϮ� ��({f1=���ڍ@��:���1s҈\�hX`|C�濇��S9X�C[��9vhE�.���1�\��iD�\�դՒ?N_�k01d}KN�8��p�M.J'y�+�N��Gѱbs}���lA��(j}��7ٸ����t#��HY �ա�++�OY��S���h�u��d��R��eTힺ!&w���A������r�� �]{��$��;���i\�mzts�hueVbm�Q.)�
  l�T.�{�������$�z>;oEQ&��B��P�5�B!�����^���ټ9���|%��@�]�L�U4�cb��y�+L,�����(�����nL[*�<�%5���2��R�Ai^�OM��$>6 A�ޣ�TD��*j��[�?�W���0��S��Y�v��9s4C�`N�l���b�,u�<�����@�� �s ��-
  ���A���S�W
  Nj����,#��U�~��u����.��I=��v5�Ez�� �~�綣�'��
  ���
  ��������;��V�MŻ������z�Dj�����#�*ݞ�!w

  DllRegisterServer

  update

  Sections

  .text

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1024B - Virtual size: 624B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 512B - Virtual size: 108B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  0

  Size: 2.5MB - Virtual size: 2.5MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  1

  Size: 2.0MB - Virtual size: 2.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1024B - Virtual size: 836B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ