5db917d4c7cb23376fb93844764418ee_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5db917d4c7cb23376fb93844764418ee_JaffaCakes118
Size

3.1MB
MD5

5db917d4c7cb23376fb93844764418ee
SHA1

03b02de83993bbaf37608ece9eb0ee5e2308ad3e
SHA256

ff3f944715b6db0920547bda8d052cecb7c3432490e70374f25b0b7ed508259f
SHA512

8f04b57d3adb5e64dc0bfaae403498d9bf7337051259285bec32260730fe86daf59d01598e0fe6f8b11825f6066c9a419ab806d49670c06183e015ef091c17ed
SSDEEP

98304:rS+5rOKR6aR0fYbiQkHf3v6r0MuhBACOlPGUsYKSpuG1sR:rS+tOKRBGYNYSrMBACcPkSpuG6R

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Take Command/Bchild.dll
unpack001/Take Command/Language.dll
unpack001/Take Command/ShrAlias.exe
unpack001/Take Command/TakeCmd.dll
unpack001/Take Command/onig.dll
unpack001/Take Command/tcmd.exe
unpack001/Take Command/tcstub.exe
unpack001/Take Command/unreg.exe

Files

5db917d4c7cb23376fb93844764418ee_JaffaCakes118
.rar
Take Command/BATCH.BCP
Take Command/Bchild.dll
.dll windows:4 windows x86 arch:x86

8a661d4a226f6827fd580c6703df63f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathCompactPathW
StrStrW
StrStrIW

comctl32

ord8
_TrackMouseEvent
ord17

kernel32

HeapSize
SetEndOfFile
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
FlushFileBuffers
SetStdHandle
SetFilePointer
GetOEMCP
GetCPInfo
GetLocaleInfoA
GetSystemInfo
VirtualProtect
VirtualQuery
InterlockedExchange
RtlUnwind
InitializeCriticalSection
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
ExitProcess
LCMapStringW
LCMapStringA
GetModuleHandleA
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetStringTypeW
GetStringTypeA
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetCommandLineA
GetCurrentThreadId
HeapAlloc
HeapFree
GetModuleHandleW
CreateMutexW
WaitForSingleObject
ReleaseMutex
WriteFile
DeleteFileW
SetFileAttributesW
GetFileAttributesW
CreateFileW
GetFileTime
GetACP
MultiByteToWideChar
CloseHandle
ReadFile
WideCharToMultiByte
CreateDirectoryW
FileTimeToLocalFileTime
FileTimeToSystemTime
MulDiv
GetCurrentDirectoryW
SetCurrentDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GlobalSize
LoadLibraryW
GetProcAddress
FreeLibrary
FormatMessageW
LocalFree
SetLastError
GetTempPathW
CopyFileW
GetLastError
GetDateFormatW
GetTimeFormatW
CreateProcessW
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
UnhandledExceptionFilter

user32

ClientToScreen
GetWindowRect
IsDlgButtonChecked
MessageBeep
ShowWindow
GetFocus
GetWindowTextLengthW
EnableWindow
CheckDlgButton
GetUpdateRect
BeginPaint
EndPaint
IsRectEmpty
ScrollWindow
SendDlgItemMessageW
CreateDialogParamW
GetDC
ReleaseDC
IsChild
InvalidateRect
DestroyCaret
SendMessageW
GetWindowLongW
GetParent
HideCaret
FillRect
PeekMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
IsWindowEnabled
GetScrollInfo
SetScrollInfo
PostMessageW
GetClientRect
PtInRect
ReleaseCapture
KillTimer
SetFocus
SetTimer
SetCapture
LoadStringW
MessageBoxW
MapVirtualKeyW
ToAscii
VkKeyScanW
GetKeyState
GetKeyboardState
UpdateWindow
SetWindowTextW
GetDesktopWindow
GetAsyncKeyState
DialogBoxParamW
GetDlgItemInt
SetDlgItemInt
EndDialog
GetDlgItem
SetDlgItemTextW
RegisterClassW
RegisterWindowMessageW
UnregisterClassW
GetCursorPos
ScreenToClient
SetCursor
DefWindowProcW
DestroyWindow
DestroyIcon
DestroyCursor
SetWindowLongW
LoadCursorW
CreateWindowExW
GetSysColor
GetClipboardData
SetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
IsClipboardFormatAvailable
IsWindowVisible
CreateCaret
GetSystemMetrics
SetCaretPos
ShowCaret
SetWindowPos

gdi32

StartPage
EndPage
SetBkMode
SetBkColor
SetTextColor
TextOutW
GetTextExtentPoint32W
GetStockObject
MoveToEx
GetTextExtentExPointW
SelectObject
GetObjectW
GetDeviceCaps
CreateFontIndirectW
DeleteDC
DeleteObject
CreateSolidBrush
CreatePatternBrush
CreatePen
BitBlt
SaveDC
GetClipBox
RoundRect
EndDoc
StartDocW
GetTextMetricsW
SetAbortProc
GetBkMode
CreateCompatibleBitmap
CreateCompatibleDC
LineTo
RestoreDC
Ellipse
GetBkColor
GetTextColor
GetCurrentObject

comdlg32

PrintDlgW
PageSetupDlgW

advapi32

RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetUserNameW
IsTextUnicode

shell32

SHGetFileInfoW
ShellExecuteW

ole32

DoDragDrop
RevokeDragDrop
RegisterDragDrop
ReleaseStgMedium
OleUninitialize
OleInitialize

Exports

Exports

AddHash
AddKeyword
AllocPooled
ArrayAdd
ArrayAllocMem
ArrayCreate
ArrayDelete
ArrayFreeMem
ArrayGetAt
ArrayGetSize
ArrayInsertAt
ArrayRemoveAll
ArrayRemoveAt
ArraySort
CheckUser
CodeQual2Str
CopyStringPool
CreateCList
CustomControlInfoW
DefaultParser
DeleteCList
FindCommand
FindCommandDesc
FindCommandID
FreeMemoryPool
FreeParserList
FreeParserNode
FreePooled
GetCommandTable
GetMemoryPool
GetUpdateMessage
IsNonModalDialogMessage
IsSpecialKey
KillCList
LoadParserFiles
LoadParserFromFile
LoadParserFromMemory
NextCEntry
OpenSettingsDialog
RemHash
SetupHash
Str2CodeQual

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Take Command/Guide.pdf
.pdf
- http://jpsoft.com
- http://jpsoft.com/
- http://jpsoft.com/.
- http://jpsoft.com/supplans.htm.
Take Command/Language.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 116KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Take Command/ShrAlias.exe
.exe windows:4 windows x86 arch:x86

8991f343afc53efd6085d2e1a64080a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
WaitForSingleObject
GetModuleHandleW
WriteFile
CreateFileW
GetEnvironmentVariableW
CreateEventW
SetCurrentDirectoryW
SetProcessWorkingSetSize
OpenFileMappingW
CloseHandle
CreateThread
lstrlenW
ExitProcess

user32

CreateWindowExW
RegisterClassExW
TranslateMessage
wsprintfW
PostMessageW
PostQuitMessage
GetMessageW
DestroyWindow
DispatchMessageW
DefWindowProcW

advapi32

GetUserNameW

Sections

.text
Size: 1024B - Virtual size: 909B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Take Command/TCMD32.INI
Take Command/TakeCmd.dll
.dll windows:4 windows x86 arch:x86

3e15ad9a23aeaffd554b1026edb64c82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mpr

WNetGetConnectionW
WNetGetUniversalNameW

comctl32

InitCommonControlsEx
ImageList_Create
ImageList_AddMasked
PropertySheetW
ord13

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wsock32

WSACleanup
WSAStartup
inet_addr
gethostbyname
gethostname

ipworks6

XMLp_Set
Rshell_Do
XMPP_GetLastErrorCode
Rexec_Create
FTP_GetLastError
NetClock_Set
SMPP_Create
NetClock_GetLastError
FileMailer_GetLastErrorCode
IPInfo_Do
IPInfo_Get
NetClock_Do
SNPP_GetLastErrorCode
Ping_Destroy
FTP_GetLastErrorCode
NetClock_GetLastErrorCode
XMPP_Create
SMPP_Destroy
NetClock_Create
FileMailer_Destroy
TFTP_Destroy
XMPP_Do
XMLp_Get
NetClock_Destroy
FTP_Destroy
SNPP_Destroy
SNPP_Create
XMLp_Create
XMLp_Destroy
FileMailer_Create
SMPP_GetLastError
TFTP_Do
IPInfo_Destroy
Rexec_GetLastErrorCode
Ping_Create
SNMPAgent_GetLastErrorCode
Rexec_Set
FileMailer_GetLastError
XMPP_Destroy
SMPP_GetLastErrorCode
SNMPAgent_GetLastError
XMLp_GetLastErrorCode
TFTP_GetLastError
FTP_Get
Rshell_GetLastErrorCode
TFTP_Create
SNPP_Do
FTP_Set
Rshell_Destroy
IPInfo_Create
XMPP_GetLastError
SMPP_Set
XMLp_Do
FileMailer_Set
Rexec_Do
XMLp_GetLastError
Ping_GetLastError
Rshell_GetLastError
SNMPAgent_Destroy
FTP_Create
Ping_Set
Rexec_GetLastError
TFTP_GetLastErrorCode
Ping_Get
SNPP_Set
Ping_Do
SNMPAgent_Do
SNMPAgent_Create
TFTP_Set
SNPP_GetLastError
SNMPAgent_Set
SMPP_Do
FileMailer_Do
FTP_Do
XMPP_Set
Rshell_Create
Rexec_Destroy
Rshell_Set

ipwssl6

HTTPS_Destroy
HTTPS_Do
HTTPS_Set
FTPS_GetLastErrorCode
FTPS_Create
FTPS_GetLastError
FTPS_Get
FTPS_Destroy
HTTPS_Create
FTPS_Do
HTTPS_GetLastErrorCode
HTTPS_GetLastError
FTPS_Set

shlwapi

PathFindNextComponentW
PathIsUNCW
SHDeleteKeyW

psapi

GetModuleFileNameExW
EnumProcessModules

advapi32

DeregisterEventSource
GetUserNameW
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueW
RegOpenKeyExA
RegQueryValueExA
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
AdjustTokenPrivileges
ReportEventW
LookupPrivilegeValueW
RegDeleteKeyW
IsTextUnicode
CreateProcessWithLogonW
OpenProcessToken
RegisterEventSourceW
RegOpenKeyW
GetSecurityDescriptorOwner
LookupAccountSidW
GetFileSecurityW
GetCurrentHwProfileW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyW

onig

onig_end
onig_search
OnigEncodingUTF16_LE
onig_error_code_to_str
OnigSyntaxGrep
onig_region_new
onig_free
onig_new
OnigSyntaxJava
OnigEncodingASCII
OnigSyntaxGnuRegex
OnigSyntaxRuby
OnigSyntaxPosixExtended
onig_region_free
OnigSyntaxPerl

bchild

LoadParserFromFile

kernel32

HeapFree
HeapAlloc
HeapReAlloc
MoveFileW
ExitProcess
GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentDirectoryA
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
LocalFree
LocalAlloc
LocalLock
LocalUnlock
GetCurrentThread
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
Beep
SetLocalTime
FreeConsole
QueryDosDeviceW
InterlockedDecrement
InterlockedIncrement
GetFileSize
GetCurrentThreadId
GlobalFree
GlobalSize
CreatePipe
SetNamedPipeHandleState
SetStdHandle
SetThreadPriority
WaitForSingleObjectEx
SuspendThread
CreateToolhelp32Snapshot
Process32NextW
OpenThread
Process32FirstW
Thread32Next
IsBadWritePtr
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapSize
LCMapStringA
LCMapStringW
GetOEMCP
GetCPInfo
VirtualProtect
SetHandleCount
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
UnhandledExceptionFilter
RtlUnwind
GetStringTypeA
GetStringTypeW
FlushFileBuffers
SetUnhandledExceptionFilter
Thread32First
SetPriorityClass
IsBadCodePtr
RemoveDirectoryW
SetConsoleCtrlHandler
CreateHardLinkW
SetSystemPowerState
OpenProcess
SetEvent
SetProcessAffinityMask
OpenSemaphoreW
CreateSemaphoreW
ReleaseSemaphore
GetStartupInfoW
VirtualAlloc
VirtualFree
IsBadReadPtr
GetModuleFileNameW
SetFilePointer
SetErrorMode
SystemTimeToFileTime
CompareFileTime
OutputDebugStringW
GetTickCount
GetConsoleMode
SetConsoleMode
CreateFileW
lstrcmpW
lstrlenW
GetStdHandle
GetLastError
FindClose
GetLocalTime
lstrcmpiW
lstrcatW
GetConsoleTitleW
CloseHandle
lstrcpyW
WriteFile
ReadFile
SetEnvironmentVariableW
GetEnvironmentStringsW
GetModuleHandleW
GetPrivateProfileStringW
Sleep
MulDiv
GetPrivateProfileIntW
FreeEnvironmentStringsW
GetCurrentProcessId
WriteConsoleW
TerminateProcess
GlobalLock
GlobalAlloc
GlobalUnlock
SetConsoleTextAttribute
WriteConsoleOutputCharacterW
WriteConsoleOutputW
ScrollConsoleScreenBufferW
ReadConsoleOutputAttribute
WideCharToMultiByte
ReadConsoleOutputW
SetConsoleCursorPosition
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
GetFileType
SetConsoleCursorInfo
FillConsoleOutputAttribute
GetConsoleCursorInfo
WriteConsoleOutputAttribute
ReadConsoleOutputCharacterW
SetEndOfFile
CreateProcessW
FileTimeToSystemTime
WritePrivateProfileStringW
FileTimeToLocalFileTime
GetCompressedFileSizeW
FreeLibrary
LoadLibraryW
GetConsoleWindow
GetProcAddress
DisableThreadLibraryCalls
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
FormatMessageW
GetSystemDefaultLangID
GetCommandLineW
GetDateFormatW
GlobalMemoryStatus
GetLocaleInfoA
GetDriveTypeW
QueryPerformanceCounter
GetUserDefaultLCID
GetComputerNameW
ConnectNamedPipe
CreateNamedPipeW
GetUserDefaultLangID
InitializeCriticalSection
GetSystemDirectoryW
GetLocaleInfoW
GetSystemPowerStatus
GetVersionExW
GetFileAttributesW
GetTimeZoneInformation
GetACP
MultiByteToWideChar
RaiseException
InterlockedExchange
GetCurrentDirectoryW
DeviceIoControl
GetSystemInfo
OpenEventW
QueryPerformanceFrequency
DeleteCriticalSection
GetWindowsDirectoryW
GetVersion
GetFileInformationByHandle
GetVolumeInformationW
GetCurrentProcess
WaitForSingleObject
SetConsoleScreenBufferSize
GetExitCodeProcess
SetConsoleWindowInfo
SetConsoleTitleW
DuplicateHandle
GetPrivateProfileSectionW
ResumeThread
PeekNamedPipe
CopyFileExW
SystemTimeToTzSpecificLocalTime
UnlockFile
LockFile
SetFileTime
GetTempPathW
GetSystemTime
GetTempFileNameW
FindFirstFileW
GetShortPathNameW
lstrcpynW
SetCurrentDirectoryW
GetEnvironmentVariableW
FindNextFileW
GetFileTime
SetFileAttributesW
LocalFileTimeToFileTime
DeleteFileW
WinExec
CreateDirectoryW
WriteConsoleInputW
GetNumberOfConsoleInputEvents
PeekConsoleInputW
ReadConsoleInputW
SetConsoleActiveScreenBuffer
CreateConsoleScreenBuffer
GetConsoleCP
SetConsoleCP
SetConsoleOutputCP
VirtualQuery

user32

GetLastActivePopup
DialogBoxIndirectParamW
DrawIcon
RedrawWindow
GetActiveWindow
DestroyIcon
GetDialogBaseUnits
DdeInitializeW
DdeCreateStringHandleW
DdeAccessData
DdeGetLastError
DdeQueryStringW
DdeFreeStringHandle
DdeUninitialize
LoadStringW
GetWindowTextW
MessageBeep
MoveWindow
CheckMenuItem
DefWindowProcW
SendMessageW
SetDlgItemTextW
GetDlgItemTextW
IsWindowVisible
GetSystemMetrics
MessageBoxW
CreateWindowExW
IsWindow
LoadBitmapW
GetSysColorBrush
ShowWindow
GetDesktopWindow
SendDlgItemMessageW
EndDialog
EnableMenuItem
SystemParametersInfoW
LoadMenuW
LoadIconW
RegisterClassExW
GetMenu
LoadAcceleratorsW
GetScrollBarInfo
ModifyMenuW
SetFocus
GetClientRect
FindWindowW
LoadCursorW
DialogBoxParamW
SetForegroundWindow
GetSubMenu
GetKeyState
IsZoomed
KillTimer
PostMessageW
IsIconic
TrackPopupMenu
PostQuitMessage
GetWindowRect
SetTimer
DestroyAcceleratorTable
DestroyWindow
UpdateWindow
UnhookWindowsHookEx
InvalidateRect
SetClipboardData
CountClipboardFormats
OpenClipboard
EmptyClipboard
ReleaseDC
GetClipboardData
GetDC
IsClipboardFormatAvailable
GetWindowDC
CloseClipboard
CreateCaret
ScrollWindow
GetFocus
SetWindowPos
CallWindowProcW
GetScrollPos
SetScrollInfo
DrawFrameControl
ReleaseCapture
ShowScrollBar
EnableScrollBar
SetWindowLongW
SetScrollPos
GetScrollInfo
DrawFocusRect
PtInRect
BeginPaint
DrawEdge
DrawTextExW
GetParent
SetCapture
FillRect
SetCursor
EndPaint
EnableWindow
SetCaretPos
CheckRadioButton
CreateDialogParamW
IsDlgButtonChecked
CheckDlgButton
GetDlgItem
ReplyMessage
CharUpperW
CharLowerW
SendMessageTimeoutW
GetWindowThreadProcessId
GetLastInputInfo
GetWindowPlacement
GetForegroundWindow
UnregisterClassW
EnumWindows
SetWindowPlacement
IsWindowEnabled
wsprintfW
InsertMenuW
FlashWindow
DrawMenuBar
SetLayeredWindowAttributes
GetSysColor
SetClassLongW
GetWindowLongW
SetScrollRange
ShowCaret
DeleteMenu
HideCaret
SetDlgItemInt
GetDlgItemInt
GetCursorPos
GetKeyboardState
SetKeyboardState
SetWindowsHookExW
GetAsyncKeyState
CallNextHookEx
MapVirtualKeyW
VkKeyScanW
DispatchMessageW
ValidateRect
SetWindowTextW
ClipCursor
PeekMessageW
IsDialogMessageW
TranslateMessage
SendInput
GetSystemMenu
GetClassNameW
MessageBoxA
SetRectEmpty
ExitWindowsEx
LockWorkStation
keybd_event
DrawTextW
GetWindow
GetMessageW
TranslateAcceleratorW
WaitForInputIdle
FrameRect
SetRect
InflateRect
DdeDisconnect
DdeNameService
DdeConnect
DdeClientTransaction

gdi32

DeleteObject
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteDC
BitBlt
GetNearestColor
CreateSolidBrush
GetStockObject
CreatePen
CreateBrushIndirect
Rectangle
CreatePenIndirect
SetBkMode
CreateFontIndirectW
CreateDCW
MoveToEx
LineTo
SetBkColor
ExtTextOutW
SetWindowOrgEx
EndPage
StartPage
SetAbortProc
CreateFontW
StartDocW
TextOutW
EndDoc
AbortDoc
GetTextExtentPoint32W
GetTextMetricsW
SetTextColor

winspool.drv

AddPrinterConnectionW
DeletePrinterConnectionW

comdlg32

GetOpenFileNameW
ChooseFontW
PrintDlgW
GetSaveFileNameW
ChooseColorW

shell32

ExtractIconW
ShellExecuteExW
FindExecutableW
SHFileOperationW
SHChangeNotify
SHBrowseForFolderW
SHGetMalloc
Shell_NotifyIconW
SHGetPathFromIDListW
ShellExecuteW

ole32

CoCreateInstance
StgOpenStorageEx
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
ProgIDFromCLSID
CoUninitialize

oleaut32

VariantClear
SysFreeString
LoadTypeLi
SysAllocString
SafeArrayGetVartype
SafeArrayGetElement
VariantChangeType
VariantInit

Exports

Exports

?AboutDlgProc@@YGHPAUHWND__@@IIJ@Z
?AdjustTTYCaret@@YAXXZ
?BreakOut@@YAXH@Z
?ClearTTY@@YAXXZ
?ConsoleBreakHandler@@YAHK@Z
?CutEgets@@YAXXZ
?DefaultINI@@YAXXZ
?DelayLoadDllExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
?DescribeDlg@@YAXXZ
?DisableInternalCommand@@YAHPA_W@Z
?DisplayPluginNames@@YGHPA_W@Z
?EnumWProc@@YGHPAUHWND__@@J@Z
?EnvironmentList@@YAPAUHWND__@@I@Z
?Executables@@3PAPA_WA
?ExpandFunctionsInFileName@@YGHPA_W0@Z
?FFindDlgProc@@YGHPAUHWND__@@IIJ@Z
?FreeToolBar@@YAXXZ
?FunctionList@@YAPAUHWND__@@I@Z
?GetCharFromBIOS@@YGHXZ
?GetCharFromConsole@@YGHXZ
?IniClear@@YAXPAUINIFILE@@@Z
?IniLine@@YAHPA_WPAUINIFILE@@HHPAPA_W@Z
?IniParse@@YAHPA_WPAUINIFILE@@I@Z
?InitAFS@@YAHXZ
?InitColors@@YAXXZ
?InitFont@@YAXXZ
?InitStatBar@@YAXXZ
?InitToolBar@@YAHHPA_W@Z
?InitializeGlobalVariables@@YGXXZ
?InitializeIniFile@@YAXXZ
?InitializeREXX@@YAHXZ
?InitializeTTY@@YAHXZ
?LCS@@YAPA_WPA_W0@Z
?ListBoxProc@@YAJIIJ@Z
?ListCopyToClipboard@@YAHXZ
?ListSaveFile@@YAXXZ
?ListVScroll@@YAHPAUHWND__@@IJ@Z
?NTInternalHelp@@YAHPA_W@Z
?OurDdeInitiate@@YAXXZ
?PositionWindowW@@YAXXZ
?PrintBuffer@@YAXPAUHWND__@@H@Z
?ProcessINI@@YAHPA_W@Z
?QueryCloseAllWindows@@YAHXZ
?QueryCountryInfo@@YAXXZ
?QueryDirectoryTree@@YGHPA_W@Z
?QueryDiskInfo@@YAHPA_WPAUQDISKINFO@@H@Z
?QueryInternalCommandFlags@@YAHPA_W@Z
?QueryIsDelimiter@@YAH_W@Z
?QueryIsPipeHandle@@YAHPAX@Z
?QueryIsWhiteSpace@@YAH_W@Z
?QueryNTFSInfo@@YAEHPAUQDISKINFO@@@Z
?QueryOSVersion@@YAXPAU_OSVERSIONINFOW@@@Z
?QueryPluginPathname@@YGPA_WPA_W@Z
?ReadBCP@@YGHPA_W0@Z
?RegisterDebuggerClass@@YAHXZ
?RegularExpressionSearch@@YGHPA_WH@Z
?ResetConsoleSTDOUT@@YAXXZ
?ResetEGets@@YAXHH@Z
?ResetTTYScreen@@YAXXZ
?RestoreFromTray@@YAXXZ
?RestoreVDMDirectory@@YAXXZ
?RubyFunction@@YGHPA_W0@Z
?RunDlgProc@@YGHPAUHWND__@@IIJ@Z
?SaveIniData@@YAXXZ
?SaveTTYBuffer@@YAXPAUHWND__@@@Z
?ScriptHost@@YGHPA_W0H@Z
?SelectLBProc@@YAHIIJ@Z
?SetDriveString@@YAXPA_W@Z
?SetInternalCommandFlags@@YAHPA_WH@Z
?ShowPrompt@@YAXXZ
?ShutdownCommandProcessor@@YAXXZ
?Similar@@YAHPA_W0@Z
?SizeTTY@@YAXII@Z
?SkipWhiteSpace@@YAPA_WPA_W@Z
?StatbarWndProc@@YGJPAUHWND__@@IIJ@Z
?StatusBarUpdate@@YAXXZ
?StripLeadingCharacters@@YAXPA_W0@Z
?StripQuotes@@YAXPA_W@Z
?StripTrailingCharacters@@YAXPA_W0@Z
?TTYData@@3UTTY_WNDDATA@@A
?ToolbarDlgProc@@YGHPAUHWND__@@IIJ@Z
?ToolbarWndProc@@YGJPAUHWND__@@IIJ@Z
?TrimCharacters@@YAXPA_W0@Z
?UpdateTCMDFromCaveman@@YAHXZ
?WinKeyHandler@@YAJIIJ@Z
?WriteBCP@@YGHPA_W0@Z
?WrongOS@@YAXXZ
?XMLPath@@YGHPA_W00@Z
?_ctoupper@@YAHH@Z
?aColors@@3PAUANSI_COLORS@@A
?aGlobals@@3UGLOBAL_VARIABLES@@A
?aIniFile@@3UINIFILE@@A
?gVM@@3U_VM_DATA@@A
?is_signed_digit@@YAHH@Z
?isdigit@@YAH_W@Z
?isxdigit@@YAH_W@Z
?nextline@@YAPA_WPA_WH@Z
?prevline@@YAPA_WPA_WPAH@Z
?scan@@YAPA_WPA_W00@Z
?strend@@YAPA_WPA_W@Z
?tty_hscroll@@YAHPAUHWND__@@IJ@Z
?tty_vscroll@@YAHPAUHWND__@@IJ@Z
?wcmemset@@YAXPA_W_WH@Z
ASCIIToUnicode
Activate_Cmd
AddCommas
AddQuotes
AddToHistory
AddVariableToList
AddWildcardIfDirectory
AliasList
Alias_Cmd
AllocMem
AnsiString
AsciiToDouble
Assoc_Cmd
Attrib_Cmd
BDebugger_Cmd
BatComp_Cmd
Battext_Cmd
Beep_Cmd
BreakHandler
Break_Cmd
Breakpoint_Cmd
CPUUsage
CallHtmlHelp
CallRexxSubroutine
Call_Cmd
Cancel_Cmd
Case_Cmd
Cd_Cmd
Cdd_Cmd
CenterWindow
ChangeDirectory
Chcp_Cmd
Cls_Cmd
Cmds_Cmd
ColorPrintf
Color_Cmd
Command
CompareFiles
CompareStrings
CopyDescriptions
CopyFilename
CopyFromClipboard
CopyTextToClipboard
CopyToClipboard
Copy_Cmd
CrLf
CreateLink
DDE_Cmd
Date_Cmd
DebugString_Cmd
Del_Cmd
Delay_Cmd
Describe_Cmd
DestroyFolder
Detach_Cmd
DirHistory_Cmd
Dir_Cmd
Dirs_Cmd
DoPropertySheet
Do_Cmd
DrawHline_Cmd
DrawVline_Cmd
Drawbox_Cmd
EatKeystrokes
EchoErr_Cmd
Echo_Cmd
EchosErr_Cmd
Echos_Cmd
EjectMedia_Cmd
EnableSignals
EndOfList
Endlocal_Cmd
ErrorMsgBox
EscapeLine
Eset_Cmd
Evaluate
Eventlog_Cmd
Except_Cmd
Exit_Cmd
ExpandAliases
ExpandVariables
ExtensionPart
External
ExtractFileSummary
Ffind_Cmd
FilenamePart
FindProcess
FmtMsgBox
For_Cmd
FormatDate
FreeMem
Free_Cmd
Ftype_Cmd
Function_Cmd
FuzzyFindWindow
GetAbsCursorPosition
GetAbsScrRows
GetAlias
GetAttribute
GetClipboardLine
GetColors
GetCursorPosition
GetCursorRange
GetDriveTypeEx
GetEnvironmentVariablePtr
GetExeType
GetFileLine
GetFuzzyDir
GetKeystroke
GetLine
GetLongName
GetMountPoint
GetMousePosition
GetParentPID
GetParentProcessName
GetRandom
GetRowOffset
GetScrCols
GetScrRows
GetShortName
GetSymlink
GetTempDirectory
GetToken
GetVariableList
GetWOW64
Global_Cmd
Gosub_Cmd
GotoURL
Goto_Cmd
HashFile
Head_Cmd
Help_Cmd
HideCaretTTY
History_Cmd
HoldSignals
IFTP_Cmd
IPAddress
IPName
If_Cmd
Iff_Cmd
Inkey_Cmd
Input_Cmd
InsertPathInFilename
IsAFSServerInstalled
IsAFSServiceRunning
IsMountPoint
IsPathInAFS
IsSymlink
Jabber_Cmd
Keybd_Cmd
Keys_Cmd
Keystack_Cmd
LastArgument
List_Cmd
LoadAllPlugins
LoadOnePlugin
Loadbtm_Cmd
Log_Cmd
MakeDirectoryName
MakeFolder
MakeFullName
MakeVLFN
MakeWildcardName
Md_Cmd
Memory_Cmd
Mklnk_Cmd
MouseCursorOff
MouseCursorOn
Msgbox_Cmd
Mv_Cmd
MyFindExecutable
NetworkClock
NextArgument
NextHistoryEntry
NextListEntry
NthArgument
OSD_Cmd
OffOn
On_Cmd
Option_Cmd
PDir_Cmd
ParseColors
PathLength
PathPart
Path_Cmd
PauseKeys
Pause_Cmd
Perl
PerlArgvLine
PerlString
PingPing
Playavi_Cmd
Playsound_Cmd
Plugin_Cmd
Popd_Cmd
PostMsg_Cmd
PreviousHistoryEntry
Print_Cmd
Printf
Priority_Cmd
ProcessRexxFile
PromptAliases
Prompt_Cmd
Pushd_Cmd
QPutc
QPuts
Qprintf
QueryAFSDiskInfo
QueryAFSMountPath
QueryCodePage
QueryCurrentDate
QueryCurrentDirectory
QueryCurrentDrive
QueryCurrentTime
QueryDiskLabel
QueryDriveExists
QueryDriveReady
QueryDriveRemote
QueryDriveRemovable
QueryFileOwner
QueryFileSize
QueryIFSType
QueryInputChar
QueryIsANSI
QueryIsCDROM
QueryIsCON
QueryIsConsole
QueryIsDevice
QueryIsDirectory
QueryIsFTPDirectory
QueryIsFile
QueryIsFileOrDirectory
QueryIsFileUnicode
QueryIsGUI
QueryIsJunction
QueryIsLFN
QueryIsNetworkDrive
QueryIsNumeric
QueryIsPluginCommand
QueryIsPluginFeature
QueryIsTTY
QueryIsURL
QueryIsVMWare
QueryIsVirtualPC
QueryKeyWaiting
QueryMemSize
QueryMouseClickWaiting
QueryOptionValue
QueryPluginInfo
QueryTrueName
QueryUnicodeOutput
QueryVolumeInfo
QueryWOW64FsRedirection
Querybox_Cmd
QuitSendKeys
Quit_Cmd
Rd_Cmd
ReadCellStr
ReadDescriptions
ReallocMem
Reboot_Cmd
Recycle_Cmd
RegularExpression
Remark_Cmd
Ren_Cmd
ResolveLink
Ret_Cmd
Rexec_Cmd
Rmlnk_Cmd
Rshell_Cmd
Ruby
RubyString
RunKeystrokePlugin
RunPlugin
RunStartupFiles
SMPP_Cmd
SNMP_Cmd
SNPP_Cmd
Scr_Cmd
Script_Cmd
Scroll
Scrput_Cmd
SearchPaths
SelectFolder
Select_Cmd
SendKeys
SendMail_Cmd
SetAbsCursorPosition
SetCodePage
SetColors
SetCursorPosition
SetCursorSize
SetEVariable
SetLineColor
SetMousePosition
SetScrColor
SetSessionTitle
SetTransparency
Set_Cmd
Setdos_Cmd
Setlocal_Cmd
Shift_Cmd
Shortcut_Cmd
ShowCaretTTY
Shralias_Cmd
Sprintf
Sscanf
Start_Cmd
StripEnclosingQuotes
StuffKeyboard
Switch_Cmd
Sync_Cmd
SysBeep
SysWait
TCToolbar_Cmd
TTYScreenWrite
Tail_Cmd
Taskend_Cmd
Tasklist_Cmd
Tee_Cmd
Time_Cmd
Timer_Cmd
Title_Cmd
Touch_Cmd
Transient_Cmd
Tree_Cmd
Truename_Cmd
Type_Cmd
Unalias_Cmd
Unfunction_Cmd
UnicodeToASCII
UniqueFileName
UnloadAllPlugins
UnloadOnePlugin
Unset_Cmd
UpdateFrameProfile
UpdateTitleAndIcon
VScrput_Cmd
Ver_Cmd
Verify_Cmd
Volume_Cmd
WMIQuery_Cmd
WhichCell
WhichVolume
Which_Cmd
WildcardComparison
WindowToClipboard
Window_Cmd
WorkstationCell
WriteCellStr
WriteChrAtt
WriteDescriptions
WritePrivateProfileInt
WriteStrAtt
WriteTTY
WriteVStrAtt
Y_Cmd
egets
error
honk
strins
stristr
strlast
tty_resetbusy
tty_setbusy
tty_yield
wwriteXP

Sections

.text
Size: 607KB - Virtual size: 606KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Take Command/examples.btm
.vbs
Take Command/ipworks6.dll
.dll windows:4 windows x86 arch:x86

4e2e9ea9982dce432dbcdfd9db5699a2

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:92:af:e0:a6:e1:26:e8:cd:53:32:cb:4d:41:69:db
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

21/03/2006, 00:00

Not After

18/04/2007, 23:59

Subject

CN=N Software Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=N Software Inc.,L=Research Triangle Park,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
DeleteCriticalSection
InitializeCriticalSection
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetTickCount
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
HeapSize
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
QueryPerformanceFrequency
GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
SetCurrentDirectoryA
GetSystemTime
CloseHandle
GetComputerNameA
EnterCriticalSection
GetOEMCP
LeaveCriticalSection
GetACP
GetTempFileNameA
GetTempPathA
DeleteFileA
GetModuleFileNameA
WriteFile
GetLastError
GetFileSize
CreateFileA
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
MoveFileA
SetSystemTime
GetVersionExA
QueryPerformanceCounter
GetLocalTime
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
RtlUnwind
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
ExitProcess
VirtualAlloc
IsBadWritePtr
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType

user32

GetActiveWindow
DialogBoxParamA
EndDialog
SetDlgItemTextA
SendMessageA
GetWindowRect
GetSystemMetrics
MoveWindow
SetWindowPos
GetDlgItem
BeginPaint
LoadBitmapA
EndPaint
MessageBeep
MessageBoxA
wsprintfA
DefWindowProcA
GetWindowLongA
SetWindowLongA
DestroyWindow
MsgWaitForMultipleObjects
IsWindow
DispatchMessageA
TranslateMessage
PostQuitMessage
PeekMessageA
PostMessageA
CreateWindowExA
RegisterClassA
UnregisterClassA
RegisterWindowMessageA

gdi32

GetStockObject
CreateCompatibleDC
DeleteObject
SelectObject
BitBlt
DeleteDC
SetBkColor

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

DNS_CheckIndex
DNS_Create
DNS_Destroy
DNS_Do
DNS_Get
DNS_GetLastError
DNS_GetLastErrorCode
DNS_Set
DNS_StaticDestroy
DNS_StaticInit
FTP_CheckIndex
FTP_Create
FTP_Destroy
FTP_Do
FTP_Get
FTP_GetLastError
FTP_GetLastErrorCode
FTP_Set
FTP_StaticDestroy
FTP_StaticInit
FileMailer_CheckIndex
FileMailer_Create
FileMailer_Destroy
FileMailer_Do
FileMailer_Get
FileMailer_GetLastError
FileMailer_GetLastErrorCode
FileMailer_Set
FileMailer_StaticDestroy
FileMailer_StaticInit
HTMLMailer_CheckIndex
HTMLMailer_Create
HTMLMailer_Destroy
HTMLMailer_Do
HTMLMailer_Get
HTMLMailer_GetLastError
HTMLMailer_GetLastErrorCode
HTMLMailer_Set
HTMLMailer_StaticDestroy
HTMLMailer_StaticInit
HTTP_CheckIndex
HTTP_Create
HTTP_Destroy
HTTP_Do
HTTP_Get
HTTP_GetLastError
HTTP_GetLastErrorCode
HTTP_Set
HTTP_StaticDestroy
HTTP_StaticInit
ICMPPort_CheckIndex
ICMPPort_Create
ICMPPort_Destroy
ICMPPort_Do
ICMPPort_Get
ICMPPort_GetLastError
ICMPPort_GetLastErrorCode
ICMPPort_Set
ICMPPort_StaticDestroy
ICMPPort_StaticInit
IMAP_CheckIndex
IMAP_Create
IMAP_Destroy
IMAP_Do
IMAP_Get
IMAP_GetLastError
IMAP_GetLastErrorCode
IMAP_Set
IMAP_StaticDestroy
IMAP_StaticInit
IPDaemon_CheckIndex
IPDaemon_Create
IPDaemon_Destroy
IPDaemon_Do
IPDaemon_Get
IPDaemon_GetLastError
IPDaemon_GetLastErrorCode
IPDaemon_Set
IPDaemon_StaticDestroy
IPDaemon_StaticInit
IPInfo_CheckIndex
IPInfo_Create
IPInfo_Destroy
IPInfo_Do
IPInfo_Get
IPInfo_GetLastError
IPInfo_GetLastErrorCode
IPInfo_Set
IPInfo_StaticDestroy
IPInfo_StaticInit
IPMonitor_CheckIndex
IPMonitor_Create
IPMonitor_Destroy
IPMonitor_Do
IPMonitor_Get
IPMonitor_GetLastError
IPMonitor_GetLastErrorCode
IPMonitor_Set
IPMonitor_StaticDestroy
IPMonitor_StaticInit
IPPort_CheckIndex
IPPort_Create
IPPort_Destroy
IPPort_Do
IPPort_Get
IPPort_GetLastError
IPPort_GetLastErrorCode
IPPort_Set
IPPort_StaticDestroy
IPPort_StaticInit
LDAP_CheckIndex
LDAP_Create
LDAP_Destroy
LDAP_Do
LDAP_Get
LDAP_GetLastError
LDAP_GetLastErrorCode
LDAP_Set
LDAP_StaticDestroy
LDAP_StaticInit
MCast_CheckIndex
MCast_Create
MCast_Destroy
MCast_Do
MCast_Get
MCast_GetLastError
MCast_GetLastErrorCode
MCast_Set
MCast_StaticDestroy
MCast_StaticInit
MIME_CheckIndex
MIME_Create
MIME_Destroy
MIME_Do
MIME_Get
MIME_GetLastError
MIME_GetLastErrorCode
MIME_Set
MIME_StaticDestroy
MIME_StaticInit
MX_CheckIndex
MX_Create
MX_Destroy
MX_Do
MX_Get
MX_GetLastError
MX_GetLastErrorCode
MX_Set
MX_StaticDestroy
MX_StaticInit
NNTP_CheckIndex
NNTP_Create
NNTP_Destroy
NNTP_Do
NNTP_Get
NNTP_GetLastError
NNTP_GetLastErrorCode
NNTP_Set
NNTP_StaticDestroy
NNTP_StaticInit
NetClock_CheckIndex
NetClock_Create
NetClock_Destroy
NetClock_Do
NetClock_Get
NetClock_GetLastError
NetClock_GetLastErrorCode
NetClock_Set
NetClock_StaticDestroy
NetClock_StaticInit
NetCode_CheckIndex
NetCode_Create
NetCode_Destroy
NetCode_Do
NetCode_Get
NetCode_GetLastError
NetCode_GetLastErrorCode
NetCode_Set
NetCode_StaticDestroy
NetCode_StaticInit
NetDial_CheckIndex
NetDial_Create
NetDial_Destroy
NetDial_Do
NetDial_Get
NetDial_GetLastError
NetDial_GetLastErrorCode
NetDial_Set
NetDial_StaticDestroy
NetDial_StaticInit
POP_CheckIndex
POP_Create
POP_Destroy
POP_Do
POP_Get
POP_GetLastError
POP_GetLastErrorCode
POP_Set
POP_StaticDestroy
POP_StaticInit
Ping_CheckIndex
Ping_Create
Ping_Destroy
Ping_Do
Ping_Get
Ping_GetLastError
Ping_GetLastErrorCode
Ping_Set
Ping_StaticDestroy
Ping_StaticInit
RCP_CheckIndex
RCP_Create
RCP_Destroy
RCP_Do
RCP_Get
RCP_GetLastError
RCP_GetLastErrorCode
RCP_Set
RCP_StaticDestroy
RCP_StaticInit
RSS_CheckIndex
RSS_Create
RSS_Destroy
RSS_Do
RSS_Get
RSS_GetLastError
RSS_GetLastErrorCode
RSS_Set
RSS_StaticDestroy
RSS_StaticInit
Rexec_CheckIndex
Rexec_Create
Rexec_Destroy
Rexec_Do
Rexec_Get
Rexec_GetLastError
Rexec_GetLastErrorCode
Rexec_Set
Rexec_StaticDestroy
Rexec_StaticInit
Rshell_CheckIndex
Rshell_Create
Rshell_Destroy
Rshell_Do
Rshell_Get
Rshell_GetLastError
Rshell_GetLastErrorCode
Rshell_Set
Rshell_StaticDestroy
Rshell_StaticInit
SMPP_CheckIndex
SMPP_Create
SMPP_Destroy
SMPP_Do
SMPP_Get
SMPP_GetLastError
SMPP_GetLastErrorCode
SMPP_Set
SMPP_StaticDestroy
SMPP_StaticInit
SMTP_CheckIndex
SMTP_Create
SMTP_Destroy
SMTP_Do
SMTP_Get
SMTP_GetLastError
SMTP_GetLastErrorCode
SMTP_Set
SMTP_StaticDestroy
SMTP_StaticInit
SNMPAgent_CheckIndex
SNMPAgent_Create
SNMPAgent_Destroy
SNMPAgent_Do
SNMPAgent_Get
SNMPAgent_GetLastError
SNMPAgent_GetLastErrorCode
SNMPAgent_Set
SNMPAgent_StaticDestroy
SNMPAgent_StaticInit
SNMPMgr_CheckIndex
SNMPMgr_Create
SNMPMgr_Destroy
SNMPMgr_Do
SNMPMgr_Get
SNMPMgr_GetLastError
SNMPMgr_GetLastErrorCode
SNMPMgr_Set
SNMPMgr_StaticDestroy
SNMPMgr_StaticInit
SNPP_CheckIndex
SNPP_Create
SNPP_Destroy
SNPP_Do
SNPP_Get
SNPP_GetLastError
SNPP_GetLastErrorCode
SNPP_Set
SNPP_StaticDestroy
SNPP_StaticInit
SOAP_CheckIndex
SOAP_Create
SOAP_Destroy
SOAP_Do
SOAP_Get
SOAP_GetLastError
SOAP_GetLastErrorCode
SOAP_Set
SOAP_StaticDestroy
SOAP_StaticInit
SysLog_CheckIndex
SysLog_Create
SysLog_Destroy
SysLog_Do
SysLog_Get
SysLog_GetLastError
SysLog_GetLastErrorCode
SysLog_Set
SysLog_StaticDestroy
SysLog_StaticInit
TFTP_CheckIndex
TFTP_Create
TFTP_Destroy
TFTP_Do
TFTP_Get
TFTP_GetLastError
TFTP_GetLastErrorCode
TFTP_Set
TFTP_StaticDestroy
TFTP_StaticInit
Telnet_CheckIndex
Telnet_Create
Telnet_Destroy
Telnet_Do
Telnet_Get
Telnet_GetLastError
Telnet_GetLastErrorCode
Telnet_Set
Telnet_StaticDestroy
Telnet_StaticInit
TraceRoute_CheckIndex
TraceRoute_Create
TraceRoute_Destroy
TraceRoute_Do
TraceRoute_Get
TraceRoute_GetLastError
TraceRoute_GetLastErrorCode
TraceRoute_Set
TraceRoute_StaticDestroy
TraceRoute_StaticInit
UDPPort_CheckIndex
UDPPort_Create
UDPPort_Destroy
UDPPort_Do
UDPPort_Get
UDPPort_GetLastError
UDPPort_GetLastErrorCode
UDPPort_Set
UDPPort_StaticDestroy
UDPPort_StaticInit
WebDAV_CheckIndex
WebDAV_Create
WebDAV_Destroy
WebDAV_Do
WebDAV_Get
WebDAV_GetLastError
WebDAV_GetLastErrorCode
WebDAV_Set
WebDAV_StaticDestroy
WebDAV_StaticInit
WebForm_CheckIndex
WebForm_Create
WebForm_Destroy
WebForm_Do
WebForm_Get
WebForm_GetLastError
WebForm_GetLastErrorCode
WebForm_Set
WebForm_StaticDestroy
WebForm_StaticInit
WebUpload_CheckIndex
WebUpload_Create
WebUpload_Destroy
WebUpload_Do
WebUpload_Get
WebUpload_GetLastError
WebUpload_GetLastErrorCode
WebUpload_Set
WebUpload_StaticDestroy
WebUpload_StaticInit
Whois_CheckIndex
Whois_Create
Whois_Destroy
Whois_Do
Whois_Get
Whois_GetLastError
Whois_GetLastErrorCode
Whois_Set
Whois_StaticDestroy
Whois_StaticInit
XMLp_CheckIndex
XMLp_Create
XMLp_Destroy
XMLp_Do
XMLp_Get
XMLp_GetLastError
XMLp_GetLastErrorCode
XMLp_Set
XMLp_StaticDestroy
XMLp_StaticInit
XMPP_CheckIndex
XMPP_Create
XMPP_Destroy
XMPP_Do
XMPP_Get
XMPP_GetLastError
XMPP_GetLastErrorCode
XMPP_Set
XMPP_StaticDestroy
XMPP_StaticInit

Sections

.text
Size: 480KB - Virtual size: 478KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Take Command/ipwssl6.dll
.dll windows:4 windows x86 arch:x86

0a0530382770914b6cfab3f52f273ecc

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:92:af:e0:a6:e1:26:e8:cd:53:32:cb:4d:41:69:db
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

21/03/2006, 00:00

Not After

18/04/2007, 23:59

Subject

CN=N Software Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=N Software Inc.,L=Research Triangle Park,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FileTimeToLocalFileTime
FileTimeToSystemTime
SetCurrentDirectoryA
CloseHandle
LCMapStringW
SystemTimeToFileTime
GetStringTypeW
GetStringTypeA
GetOEMCP
GetCPInfo
GetTimeZoneInformation
FreeLibrary
GetProcAddress
LoadLibraryA
InitializeCriticalSection
LCMapStringA
DeleteCriticalSection
GetSystemTime
GetComputerNameA
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetFileSize
CreateFileA
ReadFile
SetFilePointer
MultiByteToWideChar
GetTickCount
GetVersion
GetACP
WideCharToMultiByte
WriteFile
GetTempFileNameA
GetTempPathA
DeleteFileA
FindClose
FindNextFileA
FindFirstFileA
MoveFileA
GetModuleFileNameA
CreateThread
GetExitCodeThread
TerminateThread
WaitForSingleObject
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
RtlUnwind
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
ExitProcess
VirtualAlloc
IsBadWritePtr
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapSize
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr

user32

GetActiveWindow
DialogBoxParamA
EndDialog
SetDlgItemTextA
SendMessageA
GetWindowRect
GetSystemMetrics
DefWindowProcA
GetWindowLongA
SetWindowLongA
DestroyWindow
MsgWaitForMultipleObjects
IsWindow
DispatchMessageA
TranslateMessage
PostQuitMessage
PeekMessageA
PostMessageA
CreateWindowExA
RegisterClassA
UnregisterClassA
MoveWindow
SetWindowPos
GetDlgItem
BeginPaint
LoadBitmapA
EndPaint
MessageBeep
MessageBoxA
wsprintfA

gdi32

GetStockObject
CreateCompatibleDC
DeleteObject
SelectObject
BitBlt
DeleteDC
SetBkColor

advapi32

CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptImportKey
CryptDestroyKey
CryptAcquireContextA
CryptExportKey
CryptGetUserKey
CryptGenKey
CryptGetKeyParam
CryptGetProvParam

ole32

CoInitialize

Exports

Exports

CertMgr_CheckIndex
CertMgr_Create
CertMgr_Destroy
CertMgr_Do
CertMgr_Get
CertMgr_GetLastError
CertMgr_GetLastErrorCode
CertMgr_Set
CertMgr_StaticDestroy
CertMgr_StaticInit
FTPS_CheckIndex
FTPS_Create
FTPS_Destroy
FTPS_Do
FTPS_Get
FTPS_GetLastError
FTPS_GetLastErrorCode
FTPS_Set
FTPS_StaticDestroy
FTPS_StaticInit
FileMailerS_CheckIndex
FileMailerS_Create
FileMailerS_Destroy
FileMailerS_Do
FileMailerS_Get
FileMailerS_GetLastError
FileMailerS_GetLastErrorCode
FileMailerS_Set
FileMailerS_StaticDestroy
FileMailerS_StaticInit
HTMLMailerS_CheckIndex
HTMLMailerS_Create
HTMLMailerS_Destroy
HTMLMailerS_Do
HTMLMailerS_Get
HTMLMailerS_GetLastError
HTMLMailerS_GetLastErrorCode
HTMLMailerS_Set
HTMLMailerS_StaticDestroy
HTMLMailerS_StaticInit
HTTPS_CheckIndex
HTTPS_Create
HTTPS_Destroy
HTTPS_Do
HTTPS_Get
HTTPS_GetLastError
HTTPS_GetLastErrorCode
HTTPS_Set
HTTPS_StaticDestroy
HTTPS_StaticInit
IMAPS_CheckIndex
IMAPS_Create
IMAPS_Destroy
IMAPS_Do
IMAPS_Get
IMAPS_GetLastError
IMAPS_GetLastErrorCode
IMAPS_Set
IMAPS_StaticDestroy
IMAPS_StaticInit
IPDaemonS_CheckIndex
IPDaemonS_Create
IPDaemonS_Destroy
IPDaemonS_Do
IPDaemonS_Get
IPDaemonS_GetLastError
IPDaemonS_GetLastErrorCode
IPDaemonS_Set
IPDaemonS_StaticDestroy
IPDaemonS_StaticInit
IPPortS_CheckIndex
IPPortS_Create
IPPortS_Destroy
IPPortS_Do
IPPortS_Get
IPPortS_GetLastError
IPPortS_GetLastErrorCode
IPPortS_Set
IPPortS_StaticDestroy
IPPortS_StaticInit
LDAPS_CheckIndex
LDAPS_Create
LDAPS_Destroy
LDAPS_Do
LDAPS_Get
LDAPS_GetLastError
LDAPS_GetLastErrorCode
LDAPS_Set
LDAPS_StaticDestroy
LDAPS_StaticInit
NNTPS_CheckIndex
NNTPS_Create
NNTPS_Destroy
NNTPS_Do
NNTPS_Get
NNTPS_GetLastError
NNTPS_GetLastErrorCode
NNTPS_Set
NNTPS_StaticDestroy
NNTPS_StaticInit
POPS_CheckIndex
POPS_Create
POPS_Destroy
POPS_Do
POPS_Get
POPS_GetLastError
POPS_GetLastErrorCode
POPS_Set
POPS_StaticDestroy
POPS_StaticInit
RSSS_CheckIndex
RSSS_Create
RSSS_Destroy
RSSS_Do
RSSS_Get
RSSS_GetLastError
RSSS_GetLastErrorCode
RSSS_Set
RSSS_StaticDestroy
RSSS_StaticInit
SMPPS_CheckIndex
SMPPS_Create
SMPPS_Destroy
SMPPS_Do
SMPPS_Get
SMPPS_GetLastError
SMPPS_GetLastErrorCode
SMPPS_Set
SMPPS_StaticDestroy
SMPPS_StaticInit
SMTPS_CheckIndex
SMTPS_Create
SMTPS_Destroy
SMTPS_Do
SMTPS_Get
SMTPS_GetLastError
SMTPS_GetLastErrorCode
SMTPS_Set
SMTPS_StaticDestroy
SMTPS_StaticInit
SNPPS_CheckIndex
SNPPS_Create
SNPPS_Destroy
SNPPS_Do
SNPPS_Get
SNPPS_GetLastError
SNPPS_GetLastErrorCode
SNPPS_Set
SNPPS_StaticDestroy
SNPPS_StaticInit
SOAPS_CheckIndex
SOAPS_Create
SOAPS_Destroy
SOAPS_Do
SOAPS_Get
SOAPS_GetLastError
SOAPS_GetLastErrorCode
SOAPS_Set
SOAPS_StaticDestroy
SOAPS_StaticInit
TelnetS_CheckIndex
TelnetS_Create
TelnetS_Destroy
TelnetS_Do
TelnetS_Get
TelnetS_GetLastError
TelnetS_GetLastErrorCode
TelnetS_Set
TelnetS_StaticDestroy
TelnetS_StaticInit
WebDAVS_CheckIndex
WebDAVS_Create
WebDAVS_Destroy
WebDAVS_Do
WebDAVS_Get
WebDAVS_GetLastError
WebDAVS_GetLastErrorCode
WebDAVS_Set
WebDAVS_StaticDestroy
WebDAVS_StaticInit
WebFormS_CheckIndex
WebFormS_Create
WebFormS_Destroy
WebFormS_Do
WebFormS_Get
WebFormS_GetLastError
WebFormS_GetLastErrorCode
WebFormS_Set
WebFormS_StaticDestroy
WebFormS_StaticInit
WebUploadS_CheckIndex
WebUploadS_Create
WebUploadS_Destroy
WebUploadS_Do
WebUploadS_Get
WebUploadS_GetLastError
WebUploadS_GetLastErrorCode
WebUploadS_Set
WebUploadS_StaticDestroy
WebUploadS_StaticInit
XMPPS_CheckIndex
XMPPS_Create
XMPPS_Destroy
XMPPS_Do
XMPPS_Get
XMPPS_GetLastError
XMPPS_GetLastErrorCode
XMPPS_Set
XMPPS_StaticDestroy
XMPPS_StaticInit

Sections

.text
Size: 428KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Take Command/jphelp.chm
.chm
Take Command/onig.dll
.dll windows:4 windows x86 arch:x86

31ddbd6927e0867c7be1b7d9a854808a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
UnhandledExceptionFilter
DisableThreadLibraryCalls
WriteFile
SetFilePointer
GetACP
GetOEMCP
GetCPInfo
RtlUnwind
InterlockedExchange
VirtualQuery
LoadLibraryA
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
GetLocaleInfoA
VirtualProtect
GetSystemInfo
CloseHandle

Exports

Exports

OnigAsciiPairAmbigCodes
OnigDefaultAmbigFlag
OnigDefaultSyntax
OnigEncAsciiCtypeTable
OnigEncAsciiToLowerCaseTable
OnigEncDefaultCharEncoding
OnigEncISO_8859_1_ToLowerCaseTable
OnigEnc_Unicode_ISO_8859_1_CtypeTable
OnigEncodingASCII
OnigEncodingBIG5
OnigEncodingEUC_CN
OnigEncodingEUC_JP
OnigEncodingEUC_KR
OnigEncodingEUC_TW
OnigEncodingGB18030
OnigEncodingISO_8859_1
OnigEncodingISO_8859_10
OnigEncodingISO_8859_11
OnigEncodingISO_8859_13
OnigEncodingISO_8859_14
OnigEncodingISO_8859_15
OnigEncodingISO_8859_16
OnigEncodingISO_8859_2
OnigEncodingISO_8859_3
OnigEncodingISO_8859_4
OnigEncodingISO_8859_5
OnigEncodingISO_8859_6
OnigEncodingISO_8859_7
OnigEncodingISO_8859_8
OnigEncodingISO_8859_9
OnigEncodingKOI8_R
OnigEncodingSJIS
OnigEncodingUTF16_BE
OnigEncodingUTF16_LE
OnigEncodingUTF32_BE
OnigEncodingUTF32_LE
OnigEncodingUTF8
OnigSyntaxASIS
OnigSyntaxEmacs
OnigSyntaxGnuRegex
OnigSyntaxGrep
OnigSyntaxJava
OnigSyntaxPerl
OnigSyntaxPerl_NG
OnigSyntaxPosixBasic
OnigSyntaxPosixExtended
OnigSyntaxRuby
onig_capture_tree_traverse
onig_copy_encoding
onig_copy_syntax
onig_copyright
onig_end
onig_error_code_to_str
onig_foreach_name
onig_free
onig_get_ambig_flag
onig_get_capture_tree
onig_get_default_ambig_flag
onig_get_encoding
onig_get_match_stack_limit_size
onig_get_options
onig_get_syntax
onig_get_syntax_behavior
onig_get_syntax_op
onig_get_syntax_op2
onig_get_syntax_options
onig_init
onig_match
onig_name_to_backref_number
onig_name_to_group_numbers
onig_new
onig_new_deluxe
onig_noname_group_capture_is_active
onig_number_of_capture_histories
onig_number_of_captures
onig_number_of_names
onig_region_clear
onig_region_copy
onig_region_free
onig_region_init
onig_region_new
onig_region_resize
onig_region_set
onig_search
onig_set_default_ambig_flag
onig_set_default_syntax
onig_set_match_stack_limit_size
onig_set_meta_char
onig_set_syntax_behavior
onig_set_syntax_op
onig_set_syntax_op2
onig_set_syntax_options
onig_set_verb_warn_func
onig_set_warn_func
onig_version
onigenc_always_false_is_allowed_reverse_match
onigenc_always_true_is_allowed_reverse_match
onigenc_ascii_get_all_pair_ambig_codes
onigenc_ascii_is_mbc_ambiguous
onigenc_ascii_mbc_to_normalize
onigenc_ess_tsett_get_all_comp_ambig_codes
onigenc_get_default_encoding
onigenc_get_left_adjust_char_head
onigenc_get_prev_char_head
onigenc_get_right_adjust_char_head
onigenc_get_right_adjust_char_head_with_prev
onigenc_init
onigenc_is_mbc_newline_0x0a
onigenc_iso_8859_1_get_all_pair_ambig_codes
onigenc_mb2_code_to_mbc
onigenc_mb2_code_to_mbc_first
onigenc_mb2_code_to_mbclen
onigenc_mb2_is_code_ctype
onigenc_mb4_code_to_mbc
onigenc_mb4_code_to_mbc_first
onigenc_mb4_code_to_mbclen
onigenc_mb4_is_code_ctype
onigenc_mbn_is_mbc_ambiguous
onigenc_mbn_mbc_to_code
onigenc_mbn_mbc_to_normalize
onigenc_not_support_get_ctype_code_range
onigenc_nothing_get_all_comp_ambig_codes
onigenc_set_default_caseconv_table
onigenc_set_default_encoding
onigenc_single_byte_code_to_mbc
onigenc_single_byte_code_to_mbc_first
onigenc_single_byte_code_to_mbclen
onigenc_single_byte_left_adjust_char_head
onigenc_single_byte_mbc_enc_len
onigenc_single_byte_mbc_to_code
onigenc_step
onigenc_step_back
onigenc_str_bytelen_null
onigenc_strlen
onigenc_strlen_null
onigenc_unicode_get_ctype_code_range
onigenc_unicode_is_code_ctype
onigenc_with_ascii_strncmp
re_adjust_startpos
re_alloc_pattern
re_compile_pattern
re_free_pattern
re_free_registers
re_match
re_mbcinit
re_search
re_set_casetable
reg_foreach_name
reg_name_to_group_numbers
reg_number_of_names
reg_set_encoding
regcomp
regerror
regexec
regfree

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Take Command/readme.txt
Take Command/tcmd.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 26KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 350KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Take Command/tcstub.exe
.exe windows:4 windows x86 arch:x86

e8725384369d7196aad39b0039c45d45

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
SetEvent
OpenEventA
CloseHandle

Sections

.text
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Take Command/unreg.exe
.exe windows:4 windows x86 arch:x86

527134952303588979d03b87030d4edf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetProcessHeap
GetStartupInfoA
GetModuleHandleA
HeapAlloc
ExitProcess

user32

PostMessageA

advapi32

RegOpenKeyExA
RegCloseKey
RegSetValueExA

Sections

.text
Size: 512B - Virtual size: 406B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Take Command/下载说明.htm
.html .js polyglot
Take Command/安装说明.txt
Take Command/非常世纪资源网.url
.url

Sharing

General

Malware Config

Signatures

Files

8a661d4a226f6827fd580c6703df63f6

Headers

File Characteristics

Imports

shlwapi

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 127KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 19KB - Virtual size: 35KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 116KB - Virtual size: 109KB

.reloc Size: 4KB - Virtual size: 8B

8991f343afc53efd6085d2e1a64080a6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 1024B - Virtual size: 909B

.rdata Size: 1024B - Virtual size: 1008B

.data Size: 512B - Virtual size: 368B

.rsrc Size: 1024B - Virtual size: 856B

3e15ad9a23aeaffd554b1026edb64c82

Headers

File Characteristics

Imports

mpr

comctl32

version

wsock32

ipworks6

ipwssl6

shlwapi

psapi

advapi32

onig

bchild

kernel32

user32

gdi32

winspool.drv

comdlg32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 607KB - Virtual size: 606KB

.rdata Size: 134KB - Virtual size: 133KB

.data Size: 24KB - Virtual size: 157KB

.rsrc Size: 88KB - Virtual size: 87KB

.reloc Size: 51KB - Virtual size: 51KB

4e2e9ea9982dce432dbcdfd9db5699a2

Code Sign

01Certificate

0aCertificate

.text
Size: 128KB - Virtual size: 127KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 19KB - Virtual size: 35KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 116KB - Virtual size: 109KB

.reloc
Size: 4KB - Virtual size: 8B

.text
Size: 1024B - Virtual size: 909B

.rdata
Size: 1024B - Virtual size: 1008B

.data
Size: 512B - Virtual size: 368B

.rsrc
Size: 1024B - Virtual size: 856B

.text
Size: 607KB - Virtual size: 606KB

.rdata
Size: 134KB - Virtual size: 133KB

.data
Size: 24KB - Virtual size: 157KB

.rsrc
Size: 88KB - Virtual size: 87KB

.reloc
Size: 51KB - Virtual size: 51KB

01
Certificate

0a
Certificate

03:92:af:e0:a6:e1:26:e8:cd:53:32:cb:4d:41:69:db
Certificate

.text
Size: 480KB - Virtual size: 478KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 60KB - Virtual size: 58KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 28KB - Virtual size: 25KB

01
Certificate

0a
Certificate

03:92:af:e0:a6:e1:26:e8:cd:53:32:cb:4d:41:69:db
Certificate

.text
Size: 428KB - Virtual size: 425KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 44KB - Virtual size: 45KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 24KB - Virtual size: 23KB

.text
Size: 112KB - Virtual size: 109KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 8KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 4KB

.data
Size: 350KB - Virtual size: 352KB

.adata
Size: - Virtual size: 4KB