Extracted

Extracted

• JaffaCakes118_96e65e7686ff79eae91ad4b287611b74

  .exe windows:4 windows x86 arch:x86

  393ae1647aee6373b1ed90950be4b4bb

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_DEBUG_STRIPPED

  Imports

  advapi32

  AdjustTokenPrivileges

  LookupPrivilegeValueA

  OpenProcessToken

  RegEnumKeyA

  RegOpenKeyExA

  RegQueryValueExA

  kernel32

  AddAtomA

  AllocConsole

  CallNamedPipeA

  CloseHandle

  ConnectNamedPipe

  CreateFileA

  CreateMutexA

  CreateNamedPipeA

  CreateProcessA

  DeleteFileA

  DisconnectNamedPipe

  ExitProcess

  FindAtomA

  FindClose

  FindFirstFileA

  FindNextFileA

  FindResourceA

  FreeLibrary

  GetAtomNameA

  GetCommandLineA

  GetComputerNameA

  GetCurrentDirectoryA

  GetCurrentProcess

  GetCurrentProcessId

  GetDiskFreeSpaceA

  GetDiskFreeSpaceExA

  GetDriveTypeA

  GetEnvironmentVariableA

  GetExitCodeProcess

  GetFileAttributesA

  GetLastError

  GetModuleFileNameA

  GetModuleHandleA

  GetProcAddress

  GetStartupInfoA

  GetStdHandle

  GetTempPathA

  GetVersion

  GetVolumeInformationA

  InterlockedIncrement

  LoadLibraryA

  LoadResource

  MoveFileExA

  ReadConsoleA

  ReadFile

  ReleaseMutex

  SetConsoleMode

  SetCurrentDirectoryA

  SetLastError

  SetUnhandledExceptionFilter

  SizeofResource

  Sleep

  TlsAlloc

  TlsFree

  TlsGetValue

  TlsSetValue

  WaitForSingleObject

  WriteConsoleA

  WriteFile

  msvcrt

  _fdopen

  _fileno

  _isatty

  _strdup

  _write

  __getmainargs

  __mb_cur_max

  __p__environ

  __p__fmode

  __set_app_type

  _assert

  _beginthread

  _cexit

  _ctype

  _endthread

  _errno

  _fileno

  _iob

  _isctype

  _onexit

  _pctype

  _setmode

  _vsnprintf

  abort

  atexit

  atoi

  exit

  fclose

  fflush

  fopen

  fprintf

  fread

  free

  fseek

  ftell

  fwrite

  getc

  getenv

  localeconv

  malloc

  memchr

  memcpy

  memmove

  memset

  printf

  puts

  realloc

  setlocale

  setvbuf

  signal

  sprintf

  strcat

  strchr

  strcmp

  strcoll

  strcpy

  strftime

  strlen

  strncpy

  strtod

  strtol

  strtoul

  strxfrm

  ungetc

  shell32

  ShellExecuteA

  user32

  EnumWindows

  ExitWindowsEx

  GetWindowLongA

  GetWindowThreadProcessId

  MessageBoxA

  SetForegroundWindow

  Exports

  Exports

  _Z10testStringP7JNIEnv_P8_jobjectP8_jstring@12

  _Z15jnm_exitWindowsP7JNIEnv_P8_jobjectl@12

  _Z16jnm_getdriveinfoP7JNIEnv_P8_jobjectS2_@12

  _Z16jnm_shellexecuteP7JNIEnv_P8_jobjectP8_jstringS4_S4_S4_l@28

  _Z21jnm_getExecutableNameP7JNIEnv_P8_jobject@8

  _Z21jnm_getExecutablePathP7JNIEnv_P8_jobject@8

  _Z22jnm_deleteFileOnRebootP7JNIEnv_P8_jobjectP8_jstring@12

  Sections

  .text

  Size: 402KB - Virtual size: 401KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .bss

  Size: - Virtual size: 18KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .edata

  Size: 512B - Virtual size: 472B

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 12KB - Virtual size: 11KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 489KB - Virtual size: 492KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE