Extracted

• JaffaCakes118_8aa0892ed756ce1a48507cf2ce970bec

  .exe windows:5 windows x86 arch:x86

  8629bc658ccc88e80f9b1bc48e261674

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  wininet

  InternetCloseHandle

  InternetOpenA

  InternetReadFile

  InternetOpenUrlA

  kernel32

  CreateProcessA

  GetTempPathA

  CreateThread

  ExitProcess

  SetPriorityClass

  GetLocaleInfoA

  MoveFileExA

  GetCurrentProcess

  GetCurrentThread

  SetProcessPriorityBoost

  GetDriveTypeA

  GetFileAttributesA

  GetEnvironmentVariableA

  SetThreadPriority

  GetShortPathNameA

  GetProcAddress

  LoadLibraryA

  GetModuleHandleA

  GetVersionExA

  OpenMutexA

  CreateMutexA

  ReleaseMutex

  WinExec

  GetWindowsDirectoryA

  GetLastError

  CopyFileA

  SetFileAttributesA

  GetCurrentProcessId

  DeleteFileA

  lstrlenA

  FreeLibrary

  CreateRemoteThread

  OpenProcess

  VirtualFreeEx

  VirtualAllocEx

  WriteProcessMemory

  TerminateProcess

  lstrcmpiA

  CreateDirectoryA

  GetLogicalDriveStringsA

  SetLastError

  WaitForSingleObject

  SetEvent

  InitializeCriticalSectionAndSpinCount

  Sleep

  LeaveCriticalSection

  ExitThread

  EnterCriticalSection

  OpenEventA

  WaitForMultipleObjects

  DeleteCriticalSection

  MultiByteToWideChar

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetEnvironmentStrings

  FreeEnvironmentStringsA

  HeapSize

  IsValidCodePage

  GetOEMCP

  GetACP

  GetStdHandle

  GetCurrentThreadId

  TlsFree

  TlsSetValue

  TlsAlloc

  TlsGetValue

  HeapReAlloc

  VirtualAlloc

  VirtualFree

  HeapCreate

  LCMapStringW

  LCMapStringA

  GetCPInfo

  RtlUnwind

  RaiseException

  GetStartupInfoA

  GetCommandLineA

  HeapAlloc

  GetModuleHandleW

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  HeapFree

  WriteFile

  GetTickCount

  CreateFileA

  VirtualQuery

  CloseHandle

  CreateToolhelp32Snapshot

  GetModuleFileNameA

  Process32Next

  Process32First

  GetComputerNameA

  SetHandleCount

  GetFileType

  QueryPerformanceCounter

  InitializeCriticalSection

  InterlockedExchange

  InterlockedDecrement

  InterlockedIncrement

  WideCharToMultiByte

  GetSystemTimeAsFileTime

  CreateEventA

  GetStringTypeW

  GetUserDefaultLCID

  EnumSystemLocalesA

  IsValidLocale

  LocalFree

  FlushFileBuffers

  ReadFile

  WriteConsoleW

  GetConsoleOutputCP

  WriteConsoleA

  SetStdHandle

  GetLocaleInfoW

  GetConsoleMode

  GetConsoleCP

  SetFilePointer

  SetEnvironmentVariableA

  CompareStringW

  CompareStringA

  GetStringTypeA

  user32

  VkKeyScanW

  SendInput

  FindWindowA

  VkKeyScanA

  GetMenuItemID

  PostMessageA

  IsWindowVisible

  SetForegroundWindow

  SetFocus

  RealGetWindowClassA

  keybd_event

  FindWindowExA

  SendMessageA

  GetWindowTextA

  BlockInput

  GetForegroundWindow

  DestroyWindow

  GetMessageA

  RegisterClassExA

  PostQuitMessage

  TranslateMessage

  CreateWindowExA

  DefWindowProcA

  ShowWindow

  DispatchMessageA

  UpdateWindow

  RegisterDeviceNotificationA

  IsCharAlphaA

  IsCharAlphaNumericA

  SwitchToThisWindow

  GetWindowThreadProcessId

  IsWindow

  MapVirtualKeyA

  advapi32

  AllocateAndInitializeSid

  RegOpenKeyExA

  IsTextUnicode

  RegCloseKey

  RegCreateKeyExA

  RegSetValueExA

  AdjustTokenPrivileges

  LookupPrivilegeValueA

  OpenProcessToken

  FreeSid

  GetUserNameA

  RegQueryValueExA

  shell32

  ShellExecuteExA

  ShellExecuteA

  SHChangeNotify

  ole32

  CoInitialize

  CoUninitialize

  CoCreateInstance

  oleaut32

  VariantClear

  VariantInit

  SysAllocString

  ws2_32

  getaddrinfo

  recv

  select

  ioctlsocket

  gethostname

  inet_ntoa

  ntohl

  inet_addr

  htonl

  htons

  gethostbyname

  connect

  WSAStartup

  send

  WSAGetLastError

  WSACleanup

  socket

  freeaddrinfo

  closesocket

  ntdll

  ZwSystemDebugControl

  NtQuerySystemInformation

  shlwapi

  SHDeleteKeyA

  mpr

  WNetCancelConnectionA

  WNetUseConnectionA

  WNetCancelConnection2A

  WNetGetLastErrorA

  rpcrt4

  RpcMgmtStatsVectorFree

  RpcStringBindingComposeA

  RpcBindingFree

  RpcBindingFromStringBindingA

  RpcStringFreeA

  RpcMgmtIsServerListening

  RpcMgmtSetComTimeout

  NdrClientCall2

  RpcMgmtInqStats

  comctl32

  ord17

  Sections

  .text

  Size: 288KB - Virtual size: 288KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 60KB - Virtual size: 60KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .data

  Size: 32KB - Virtual size: 32KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  27n.jlfc

  Size: 8KB - Virtual size: 8KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .adata

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  929qe1iu

  Size: 72KB - Virtual size: 72KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  6vhg0vg9

  Size: 76KB - Virtual size: 76KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  chojxumj

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ