Sample details: 33ab48407344ce8dcb9212cda387c4e8 --

Hashes
MD5: 33ab48407344ce8dcb9212cda387c4e8
SHA1: ff68d14443121b6553b3eaabd074a55674ebf1fe
SHA256: 2041c27c7e39a80358411493f6488d9fe62fcfd3b368ba818338a333b489166a
SSDEEP: 1536:7TqlQY/C+cV27bx58z6TmYfV18+Bd3ouNi0yvSfAYYMC9Wn3UOqcqcqcqCF0DFEA:ut/C/K8z6TmY9pd3lrydeCkZ0DqFxLw
Details
File Type: PE32
Yara Hits
YRP/Borland_Delphi_40_additional | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_Setup_Module | YRP/Borland_Delphi_40 | YRP/Borland_Delphi_v40_v50 | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/Borland | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/borland_delphi_dll | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/keylogger | YRP/win_registry | YRP/win_files_operation | YRP/Big_Numbers2 | YRP/Big_Numbers3 | YRP/Big_Numbers4 | YRP/Delphi_Random | YRP/Delphi_CompareCall | YRP/Delphi_Copy |
Source
http://103.68.190.250/Sources//Advance/WndRec/output/RecvFiles/azlogtest070AF94CB6AC85282/Client_prg/C__ifobs/nkicnt.dll
Strings
		This program must be run under Win32
.idata
.edata
P.reloc
P.rsrc
StringX
TObject
YZ]_^[
YZ]_^[
_^[YY]
YZ]_^[
Ht Ht.
~KxI[)
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
ZTUWVSPRTj
kernel32.dll
GetLongPathNameA
Software\Borland\Locales
Software\Borland\Delphi\Locales
_^[YY]
	Exception
EHeapException
EOutOfMemory
EInOutError
	EExternal
EExternalException
	EIntError
EDivByZero
ERangeError
EIntOverflow
EMathError
EInvalidOp
EZeroDivide
	EOverflow
EUnderflow
EInvalidPointer
EInvalidCast
EConvertError
EAccessViolation
EPrivilege
EStackOverflow
	EControlC
EVariantError
EAssertionFailed
EAbstractError
EIntfCastError
ESafecallException
SysUtils
SysUtils
<*t"<0r=<9w9i
INFNAN
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
QQQQQQSVW3
QQQQQSVW
_^[YY]
	TErrorRec
TExceptRec
m/d/yy
mmmm d, yyyy
:mm:ss
kernel32.dll
GetDiskFreeSpaceExA
[Select]
[Params]
PREFER
REINIT
PADDING
nkidll.dll
nkiEnumDevices
nkiOpenSessionEx
nkiCloseSessionEx
nkiGetUID
nkiGetInfo
nkiCheckPIN
nkiIOControl
nkiReadFileEx
nkiWriteFileEx
nkiGetFileSizeEx
nkiChangePIN
nkiCheckPINEx
nkiChangePINEx
nkiErrorMsgLang
ECardError
TUkrcosCard
<None>
No mac
No enc
No dec
Timeout
Invalid response size
The specified reader name is not recognized
The user-specified timeout value has expired
The reader or smart card is not ready to accept commands
The Smart card resource manager has shut down
The smart card has been removed, so that further communication is not possible
Card blocked
Invalid password. Attempts left - 
Card Error 
Error 
TContainerAbs
TGostCipher
	TGostHash
_^[YY]
TContainerV23
TContainerV4
 - Warning
You must not use this application to change a PIN for that card
TBlockChipherB8
TTripleDes
'_^[Y]
55252129B5F541298D75FD5C9F9E96277EC393B1ECCA51F5847F23
540000000000000000000000000220CE7AE2EF45195539E7C3EE35
<7FCA0F29817A87FE09C968698289FDAB99CD4EE80B971AEAAB8520D1E1FE
<4000000000000000000000000000007E5B3FEA27F5D14EBE62CE275BF32B
?4373A6D32B7C40A78BCAB1B5C3F3C838D98C918B4D4CBA18D9BD54BB0DD29A3?4000000000000000000000000000000050A25A9F0DD05F3AE774D7E6F1D885D
17A7821EB5205A6B8E8409CBB4BB4CAF3D393CA9641A0A7676E629AE52186F08966DC8743D8AE3A08D14FB95D997A3717FBC08AD85EEB78090E8BA6242DD0532
10000000000000000000000000000000000000000000000000000000000000001DD401302388FE904935573948ED58F7E13242A783052CC89E34020362A758F9
<5464CC2F3C64F7BDF1888A8B66278B5B165A7586E9341C4F61AF89C88D9B
?7C1BB86EEC48CEFAF7030D1850B4B9CDDF5FCBEE45CB0410C0CE36F09A337C5
197D9BE30EE2381E551DA2A0386EA6277DFB60F51D81364F2C4B2F3500F31ADCF9C012AE648360378360E15E41640418CD4A8B845536B9F3A2B3BFD1D1ADE6A3
)5FF6108462A2DC8210AB403925E638A19C1455D21
)400000000000000000002BEC12BE2262D39BCF14D
*6EE3CEEB230811759F20518A0930F1A4315A827DAC
*3FFFFFFFFFFFFFFFFFFFFFB12EBCC7D7F29FF7701F
,108576C80499DB2FC16EDDF6853BBB278F6B6FB437D9
+800000000000000000000189B4E67606E3825BB2831-4A6E0856526436F2F88DD07A341E32D04184572BEB710
-3FFFFFFFFFFFFFFFFFFFFFFB981960435FE5AB64236EF
07BC86E2102902EC4D5890E8B6B4981FF27E0482750FEFC03
040000000000000000000000069A779CAC1DABC6788F7474F
;06973B15095675534C7CF7E64A21BD54EF5DD3B8A0326AA936ECE454D2C;1000000000000000000000000000013E974E72F8A6922031D2603CFE0D7A1CEF494720115657E18F938D7A7942394FF9425C1458C57861F9EEA6ADBE3BE10
@800000000000000000000000000000006759213AF182E987D3E17714907D470D
M393C7F7D53666B5054B5E6C6D3DE94F4296C0C599E2E2E241050DF18B6090BDC90186904968BB
M3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC079C2F3825DA70D390FBBA588D4604022B7B7
\43FC8AD242B0B7A6F3D1627AD5654447556B47BF6AA4A64B0C2AFE42CADAB8F93D92394C79A79755437B56995136
\40000000000000000000000000000000000000000000009C300B75A3FA824F22428FD28CE8812245EF44049B2D49
l03CE10490F6A708FC26DFE8C3D27C4F94E690134D5BFF988D8D28AAEAEDE975936C66BAC536B18AE2DC312CA493117DAA469C640CAF3
l3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBA3175458009A8C0A724F02F81AA8A1FCBAF80D90C7A95110504CF
,043D7E139319F43BA00944915740E1E6651B06E278C7
-19C9EBC4FD8308193D3A61762C547C82F2E6B2182CBCB
013871C9D29D6CEEA740FD57444F72FDBAE559C13A1E31EF8
;080F920952A702C75B704A424C018EEA55AA44664F3A003E0962D4F9A8El53FB7AF7B4407000A6F226AD6BAD28378646BD83F1F940810A4C19536EE65E53F40F973F2F06C5E80EFE3B43651BD5FF8B06BA5F9299
J$1X 1H$
J,1X(1H,
J41X01H4
J<1X81H<[
JINOKy
Z 1X [
YZ]_^[
TContainerV5
ADVAPI32.DLL
SystemFunction036
********
0714114B762F2FF4A7912A6D2AC58B9B5C2FCFE76DAEB7129
029C41E568B77C617EFE5902F11DB96FA9613CD8D03DB08DA
07B7EAF8C4D485DA67841A60ABFDFBECEE9A2E9B2775C8754
************************mmmm
_^[YY]
_^[YY]
AVTDATAau
NokkCtV2
CipherV3
12345678
NokkCtV2
CipherV3
CNTRV4
AVTSV3
_^[YY]
_^[YY]
No errors
Invalid context
This type of NKI is not supported
Device haven't connected
Context is already used
Device is corrupted
Incorrect password or Device is corrupted
Unsupported version
Connection was aborted
Device is blocked
Access condition is incorrect
Device have not initialized
Pin required
Unsupported cipher
Unsupported hash-function
Unsupported algorythm of digital sign
Unsupported cipher mode
Out of range
Invalid key state
Operation was not initialized
Private key is absent
Key is already loaded
Key is absent
Private & public keys mismatch
Invalid token
Certificate is absent
Certificates are not loaded
Invalid MAC
Invalid digital sign
Not enough space to complete this operation
Invalid pin (
 attempts remain)
Bad arguments
This function is unsupported by device
I/O error
CryptoLib internal error
Unknown error 0x
 CryptoLib
TResDlgItem
TResDlgU
_^[YY]
TPasswordDlg
********
DIALOG_1
********
 "ServiceNki" 
You must to stop the service "ServiceNki" to reinitialize that card
5678u	
<$1234t=
Runtime error     at 00000000
0123456789ABCDEF
;3+#>6.&
'2, /+0&7!4-)1#
@@@A@D@E@P@Q@T@U@
A@AAADAEAPAQATAUA
D@DADDDEDPDQDTDUD
E@EAEDEEEPEQETEUE
P@PAPDPEPPPQPTPUP
Q@QAQDQEQPQQQTQUQ
T@TATDTETPTQTTTUT
U@UAUDUEUPUQUTUUU
@@@A@D@E@P@Q@T@U@
A@AAADAEAPAQATAUA
D@DADDDEDPDQDTDUD
E@EAEDEEEPEQETEUE
P@PAPDPEPPPQPTPUP
Q@QAQDQEQPQQQTQUQ
T@TATDTETPTQTTTUT
U@UAUDUEUPUQUTUUU
@@@A@D@E@P@Q@T@U@
A@AAADAEAPAQATAUA
D@DADDDEDPDQDTDUD
E@EAEDEEEPEQETEUE
P@PAPDPEPPPQPTPUP
Q@QAQDQEQPQQQTQUQ
T@TATDTETPTQTTTUT
U@UAUDUEUPUQUTUUUQ
@@@A@D@E@P@Q@T@U@
A@AAADAEAPAQATAUA
D@DADDDEDPDQDTDUD
E@EAEDEEEPEQETEUE
P@PAPDPEPPPQPTPUP
Q@QAQDQEQPQQQTQUQ
T@TATDTETPTQTTTUT
U@UAUDUEUPUQUTUUU
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
WideCharToMultiByte
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
user32.dll
GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
kernel32.dll
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
kernel32.dll
WriteFile
VirtualQuery
LoadLibraryA
GetVersionExA
GetUserDefaultLangID
GetTickCount
GetThreadLocale
GetSystemTimeAsFileTime
GetStringTypeExA
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetDiskFreeSpaceA
GetCPInfo
GetACP
FreeLibrary
FormatMessageA
EnumCalendarInfoA
user32.dll
SetDlgItemTextA
SendMessageA
MessageBoxA
LoadStringA
GetSystemMetrics
GetDlgItemTextA
GetDlgItem
EndDialog
DialogBoxParamA
DestroyWindow
CharNextA
CharUpperBuffA
CharToOemA
winscard.dll
SCardGetAttrib
SCardControl
SCardTransmit
SCardStatusA
SCardEndTransaction
SCardBeginTransaction
SCardDisconnect
SCardReconnect
SCardConnectA
SCardGetStatusChangeA
SCardListReadersA
SCardReleaseContext
SCardEstablishContext
nkicnt03.dll
nkiChangePIN
nkiChangePINEx
nkiCheckPIN
nkiCheckPINEx
nkiCloseSession
nkiCloseSessionEx
nkiCreateContext
nkiDestroyContext
nkiEnumDevices
nkiErrorMsgLang
nkiForgetPIN
nkiGetFileIndex
nkiGetFileSize
nkiGetFileSizeEx
nkiGetUID
nkiGetVersion
nkiIoControl
nkiNotifyPasswordChanged
nkiOpenSession
nkiOpenSessionEx
nkiReInitialize
nkiReInitializeEx
nkiReadFile
nkiReadFileEx
nkiSetMode
nkiWriteFile
nkiWriteFileEx
0,080<0@0D0H0L0P0T0b0j0r0z0
1"1*121:1B1J1R1Z1b1j1r1z1
5-696T6
9&9,949F9R9a9m9u9
:/:::[:s:
='=0=;=D=K=Z=a=
020\0e0u0}0
1(1@1L1T1k1z1
1,2P2n2~2
3$3u3|3
5#5+5O5o5
6!7.7F7O7
?,?H?`?q?}?
2+2I2_2v2
545B5v5
5,656g6p6
9P9X9c9
:L:\:b:h:n:s:y:
<6<K<U<Z<y<~<
='=M=Z=
<)<:<G<N<R<X<\<b<i<m<
=&=.=6=^=
>,><>M>Y>g>q>
?"?*?2?:?B?J?R?Z?b?j?r?z?
0+080J0P0X0`0h0p0x0
1 1(10181@1H1P1X1`1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
3(3034383<3@3D3H3L3P3^3p3
4(4H4P4T4X4\4`4d4h4l4p4
5 585X5`5d5h5l5p5t5x5|5
6 6$6(6,606@6`6h6l6p6t6x6|6
7 7$7(7,7074787<7L7l7t7x7|7
8$8(8,8084888<8@8D8T8t8|8
9,94989<9@9D9H9L9P9T9h9
: :@:H:L:P:T:X:\:`:d:h:|:
;0;P;X;\;`;d;h;l;p;t;x;
< <$<(<,<0<4<H<h<p<t<x<|<
193=3A3E3I3M3Q3U3Y3]3a3e3i3m3q3u3y3}3I4P4
8":7:B;~<
>$>N>b>
>	?)?Q?
0/0>0W0r0
5'5I5W5^5v5}5
6=6h6w6
:6:=:G:M:T:^:c:i:n:t:y:
;#;,;T;];f;l;};
<*<H<a<
>$>.>@>U>`>e>j>w>
0 030F0O0j0}0
1)1G1i1x1
3*353;3C3H3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4t4x4
5 5(5,54585@5D5L5P5X5\5d5h5p5t5|5
6$6(60646<6@6H6L6[6g6r6
7$7.797C7N7X7b7l7v7
9::E:O:e:
< <E<U<
<_=k=r=|=
>'>,>9>>>K>P>]>b>o>t>
O0c0q0z0
021E1a1
2 232?2L2^2f2n2v2~2
3$3,3034383<3@3D3H3L3\3h3|3
;H;O;x;
2$222@2i2
=*=0=P=X=\=`=d=h=l=p=t=x=|=
>$>D>L>P>T>X>\>`>d>h>l>|>
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?
2V3S4_4l4~4
4 5N5X5
63758:8
9.949T9\9`9d9h9l9p9t9x9|9
=	>E>v>9?b?
(0O0[0h0z0
5F6S6h6u6
7+787c;p;
<'<=<J<_<l<
=+=C=P=e=r=
K4W4d4v4W<c<p<
6;7G7T7f7
<*<0<P<X<\<`<d<h<l<p<t<x<
4&4,484L4T4X4\4`4d4h4l4p4t4x4|4
6K7R7r7
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
2*2<2N2`2r2
3&383J3\3n3}3
44484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
606B6T6f6x6
7,7>7P7b7t7
8'868E8f8
3&333C3O3\3n3t3
4 4$4>4
5O6'737@7R7
8 8$8(8,8084888<8@8D8
9"9.969F9f9~9
:7:K:Q:^:g:l:
:);X;};
4,4_5k5x5
828D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
9 9$9(9,949?9
4080<0
1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
2$2,242<2D2L2T2\2d2l2t2|2
X6\6`6d6h6l6p6t6x6|6
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|7
Gggfv@
&vvggd
wwgbvt
1wwwr"gf@
1wwwr"vv@
wr""gf@
wr""&f@
ww"w""@
wr'""@
vnkicnt03
?NkiSvc
System
SysInit
KWindows
UTypes
NkiDirect
SysUtils
SysConst
}ContainerAbs
[UkrcosCard
WinPCSC
ContainerV23
@CrlImportDCU
FGosts
crltypes
ContainerV4
RContainerV5
ParseIni
yEcc4145a
Ecc4145sCurve
SEcc4145oGENR
Ecc4145pGENR
VEcc4145p1919
Ecc4145p25712
;Ecc4145p50923
Des32x
IResDlgU1
3Messages
nkicnt03u
GlobalSign nv-sa1
Root CA1
GlobalSign Root CA0
990128130000Z
170127120000Z0
GlobalSign nv-sa1%0#
Primary Object Publishing CA100.
'GlobalSign Primary Object Publishing CA0
%uyP}_
"http://crl.globalsign.net/Root.crl0
GlobalSign nv-sa1
ObjectSign CA1!0
GlobalSign ObjectSign CA0
101014141621Z
131014141621Z0{1
AVTOR Ltd.1
AVTOR Ltd.1$0"
author@author.kiev.ua0
2http://secure.globalsign.net/cacert/ObjectSign.crt09
(http://crl.globalsign.net/ObjectSign.crl0	
%http://www.globalsign.net/repository/0
GlobalSign nv-sa1%0#
Primary Object Publishing CA100.
'GlobalSign Primary Object Publishing CA0
040122100000Z
170127110000Z0c1
GlobalSign nv-sa1
ObjectSign CA1!0
GlobalSign ObjectSign CA0
$http://www.globalsign.net/repository09
(http://crl.globalsign.net/primobject.crl0N
2http://secure.globalsign.net/cacert/PrimObject.crt0
GlobalSign nv-sa1
ObjectSign CA1!0
GlobalSign ObjectSign CA
Ou%ipI