Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 1d24a8475609c992b4e2e21f7551802f --

Hashes
MD5: 1d24a8475609c992b4e2e21f7551802f
SHA1: 594d2a793d3647f9eb6d6f8b2fa5e31fcd81d2db
SHA256: d2fa2ef1ddc5500b7b166e5b504d82cdceae01f9423a6d30515e16495133550f
SSDEEP: 384:bQkfkHUk5S/bBluS3JEQd9AI+wUYD/lk5Ho/9X8rrrrrrrrrrvrrrrrrcq6dIi3s:Ld9AI+n1U9e6yi3Lawa
Details
File Type: PE32+
Yara Hits
YRP/IsPE64 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/Str_Win32_Winsock2_Library | FlorianRoth/DragonFly_APT_Sep17_3 |
Parent Files
3cfb5ac298abec347907f1e1b310ad0e
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
HcL$0Hi
HcD$0Hi
u+HcD$0Hi
tnHcD$0Hi
HcT$0Hi
R HcD$0Hi
HcD$ Hi
HcL$ Hi
kHcD$ Hi
IHcD$ Hi
HcD$ Hi
HcD$@L
HcD$@H
D$(HcD$(Hi
D$0HcD$(Hi
D$,HcD$(Hi
HcT$(Hi
R HcD$(Hi
D$XHcD$XHi
D$`HcD$XHi
D$@HcD$@Hi
D$PHcD$@Hi
D$PHcD$PHi
HcD$PHi
tDHcD$HH
HcD$HL
D$(HcD$(Hi
HcD$(Hi
D$(HcD$(Hi
HcD$(Hi
D$LHcD$LHi
D$THcD$LHi
HcD$@H
D$@9D$H}tHcD$HH
HcL$XH
HcD$HH
D$(HcD$(Hi
D$LHcD$(Hi
D$(HcD$(Hi
HcD$(Hi
D$(HcD$(Hi
HcD$(Hi
HcD$(Hi
D$(HcD$(Hi
D$@HcD$(Hi
D$(HcD$(Hi
HcD$(Hi
D$8HcD$8Hi
HcD$8Hi
HcD$xL
WATAUH
 A]A\_
LcA<E3
c:\development\IMA\current\src\output\x64\Release\ISCMSvrRPC.pdb
WS2_32.dll
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
KERNEL32.dll
AL_iscm_util_string2ip
AL_free
AL_iscm_util_Unicode2UTF8
AL_strncpy
AL_iscm_util_i_UTF82Unicode
AL_iscm_util_i_Unicode2UTF8
AL_iscm_util_UTF82Unicode
AL_close_file
AL_read_file
AL_open_file
AL_strrchr
al_lib_ima.dll
imarpc_xdr_void
imarpc_xdr_u_char
imarpc_xdr_int
imarpc_xdr_u_int
imarpc_xdr_vector
imarpc_xdr_array
imarpc_xdr_string
imarpc_clnttcp_create
imarpc_xdr_free
imarpc_clnttcp_add_machine_iscm
imarpc_clnttcp_secure
imarpc_clnttcp_secure_machine
FSNRPC_IMA.dll
memset
memcpy
malloc
MSVCR80.dll
_encode_pointer
_malloc_crt
_initterm
_initterm_e
_encoded_null
_decode_pointer
_amsg_exit
__C_specific_handler
__CppXcptFilter
__clean_type_info_names_internal
_unlock
__dllonexit
_onexit
DisableThreadLibraryCalls
ISCMSvrRPC.dll
ISCMbridgeAddClient
ISCMbridgeCleanup
ISCMbridgeConnect
ISCMbridgeDisconnect
ISCMbridgeFindIPAddress
ISCMbridgeGetBridgeInfo
ISCMbridgeGetName
ISCMbridgeInitAction
ISCMbridgeLocalhostNotify
ISCMbridgePeerCopyFile
ISCMbridgePeerDelFile
ISCMbridgePeerGetHostNameByBridge
ISCMbridgePeerGetHostNameByIP
ISCMbridgePeerGetServerList
ISCMbridgePeerRegisterClient
ISCMbridgePeerRegisterClient2
ISCMbridgePeerRegisterProtocol
ISCMbridgePeerRescanDisk
ISCMbridgePeerResetIscsiPassword
ISCMbridgeStartup
ISCMbridgeTestConnection
ISCMbridgeTestPort
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.762" processorArchitecture="amd64" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
    </dependentAssembly>
  </dependency>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
130405000000Z
160603235959Z0
New York1
Melville1
Falconstor Software1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
Falconstor Software0
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
AI9/wUe
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
140812045756Z0#