Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 340cc34419f755d5099f3a593e799878 --

Hashes
MD5: 340cc34419f755d5099f3a593e799878
SHA1: d2bb8951efca0a6e6a2b81586b4061f8e1e7d56d
SHA256: e1e5db1580d41546c31a95bb3ce0be14c28394b9b60c50380e55632aca31d3ea
SSDEEP: 3072:/67cNNbpBGVFLdQgQbKnIsArNntxg8JVYYaqbHAKYI9AdiOfmIf1h2cDb:HN1GLW+wpVveITOfmAN
Details
File Type: PE32+
Yara Hits
YRP/Microsoft_Visual_Cpp_80_DLL_additional | YRP/Microsoft_Visual_Cpp_80_DLL | YRP/IsPE64 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/network_tcp_listen | YRP/network_tcp_socket | YRP/network_dns | YRP/Str_Win32_Winsock2_Library |
Parent Files
3cfb5ac298abec347907f1e1b310ad0e
Strings
		!This program cannot be run in DOS mode.
uRichz
`.rdata
@.data
.pdata
@.rsrc
@.reloc
D$ H;{
D$ H;x
D$ H;{
D$ H;x
D$ H;{
D$ H;x
McD$hI
t$(H;~
\$`tRH
\$Ht$H
t$pH;G
H;8u)L
H;8u,L
I99u.A
TUUUUUU
t$Pt"H
HcG H;
=R	t@3
C(H;C r
D$ H;{
D$ H;x
D$ H;{
D$ H;x
D$ H;{
D$ H;x
|$8t$H
t$`H;C
H9+t	H
l$HH9w
t$Pt)H
C@I9CHu
@8kXt	
GHH+G@H;
D8k0t3
k(L9k 
GHH+G@H;
BXH;B@t
AHH+A@H;
@8qXtG
s(H9s 
A@H9AHH
|$0fff
l$xfff
H9S8tZ
D$@H+K8I;M
k8H9KxH
HL9A8H
l$Xfff
l$8u%J
C H9C(u#H
A H9A(u H
C@I9CHu
BXH;B@t
\$Xt)H
BHH+B@H;
t$@IcB
CHH+C@H;
CHH+C@H;
_(HcC H
\$xtoL
GHH+G@H;
{ HcC H
K(HcC H
JXH;B@t
A@H9AH
t$8HcG H
CHH+C@H;
A@H9AHu
QXH;A@t
AHH+A@H;
K(HcC H
SHHcC H
8HcA L
t$@fff
C@I9CHu
D8gXt	
t$`t"H
HcB I;
 HcR H
JXH;B@t
JXH;B@t
QXH;A@t
=R	tI3
d$pt$H
l$pt#H
C@I9CHu
t$PHcu t
\$@HcZ H
\$@HcZ H
BXH;B@t
GHH+G@H;
D8gXt?
GHH+G@H;
d$pt$H
l$pt#H
l$HHco H
C@I9CHu
\$HHcZ H
AHH+A@H;
BXH;B@t
AHH+A@H;
@8iXty
d$@urH
H9L$Xv
|$Hfff
BXH;B@H
BXH;B@t
l$HtOH9{
C@I9CHu
@8wXt	
x@89u I9x
H9{huGL
t$`t`H
D8h!u*H
D8o!u(fff
H9|$8H
H9|$XH
I99u.A
D8vIt#H
\$8D8sI
D8pIu%H
H;8u)L
I99u.A
TUUUUUU
@8sIu@H
=R	t@3
t$Pt"H
HcG H;
A L9A(u
t$`tdH
t$Pt"H
HcG H;
 HcR H
C@I9CHu
D8oXt	
D8hQu(H
H9k@to
H9k@tV
BXH;B@t
t$HtEL
l$xH;w
D8vQt#H
\$8D8sQ
D8pQu%H
@8sQu@H
SUVWATH
 A\_^][
SUVWATH
 A\_^][
t$`t$I
HcG H;
HcG H;
 HcR H
A8H9j8u3
B(H98t
H9y0uQH
AhH9AHr
J(L9	t
[(L)[0H
L9.ssH
A8H9j8u3
LcA<E3
bad allocation
..\..\..\src\app_thread.cpp
sockets.empty ()
Assertion failed: %s (%s:%d)
received
vector<T> too long
..\..\..\src\ctx.cpp
rc == 0
LOBYTE (wsa_data.wVersion) == 2 && HIBYTE (wsa_data.wVersion) == 2
signalers
io_thread
!terminated
info.app_thread
sockets > 0
i != app_threads.size ()
io_threads.size () > 0
min_load != -1
inserted
erased == 1
invalid map/set<T> iterator
map/set<T> too long
..\..\..\src\push.cpp
!inpipe_ && outpipe_
No Error
Interrupted system call
Bad file number
Permission denied
Bad address
Invalid argument
Too many open files
Operation now in progress
Operation already in progress
Socket operation on non-socket
Destination address required
Message too long
Protocol wrong type for socket
Bad protocol option
Protocol not supported
Socket type not supported
Operation not supported on socket
Protocol family not supported
Address family not supported by protocol family
Address already in use
Can't assign requested address
Network is down
Network is unreachable
Net dropped connection or reset
Software caused connection abort
Connection reset by peer
No buffer space available
Socket is already connected
Socket is not connected
Can't send after socket shutdown
Too many references can't splice
Connection timed out
Connection refused
Too many levels of symbolic links
File name too long
Host is down
No Route to Host
Directory not empty
Too many processes
Too many users
Disc Quota Exceeded
Stale NFS file handle
Too many levels of remote in path
Network SubSystem is unavailable
WINSOCK DLL Version out of range
Successful WSASTARTUP not yet performed
Host not found
Non-Authoritative Host not found
Non-Recoverable errors: FORMERR REFUSED NOTIMP
Valid name no data record of requested
error not defined
..\..\..\src\err.cpp
..\..\..\src\forwarder.cpp
%s (%s:%d)
..\..\..\src\fq.cpp
!more || pipes [current] != pipe_
!(more && !fetched)
..\..\..\src\io_object.cpp
..\..\..\src\io_thread.cpp
poller
..\..\..\src\ip.cpp
(size_t) (res->ai_addrlen) <= sizeof (*addr_)
..\..\..\src\lb.cpp
..\..\..\src\msg_store.cpp
filesize > 0
block_size > 0
read_pos != write_pos
read_pos <= commit_pos && commit_pos <= write_pos
read_pos <= commit_pos || commit_pos <= write_pos
offset == pos
rc > 0
offset == write_buf_start_addr
..\..\..\src\object.cpp
peer_identity_.size () <= 0xff
cmd.args.attach.peer_identity_size
cmd.args.bind.peer_identity_size
..\..\..\src\owned.cpp
!shutting_down
..\..\..\src\pair.cpp
!inpipe && !outpipe
pipe_ == inpipe
pipe_ == outpipe
!alive
!outpipe_alive
..\..\..\src\pipe.cpp
msg.flags & ZMQ_MSG_MORE
d:\falcon_source\finixibm\zeromq-2.0.10\src\ypipe.hpp
d:\falcon_source\finixibm\zeromq-2.0.10\src\yqueue.hpp
begin_chunk
end_chunk->next
..\..\..\src\prefix_tree.cpp
next.table
next.node
next.table [c - min]
..\..\..\src\pub.cpp
!inpipe_
..\..\..\src\queue.cpp
..\..\..\src\rep.cpp
inpipe_ && outpipe_
in_pipes.size () == out_pipes.size ()
sending_reply || !more || in_pipes [current] != pipe_
!more || written
written
fetched
..\..\..\src\req.cpp
!receiving_reply || !more || reply_pipe != pipe_
receiving_reply || !more || out_pipes [current] != pipe_
receiving_reply
pipe_ == reply_pipe
index >= active
msg_->flags & ZMQ_MSG_MORE
zmq_msg_size (msg_) == 0
reply_pipe
..\..\..\src\select.cpp
load.get () == 0
fds.size () <= FD_SETSIZE
it != fds.end ()
..\..\..\src\session.cpp
!in_pipe
!out_pipe
!incomplete_in
ordinal
in_pipe == pipe_
out_pipe == pipe_
peer_identity == peer_identity_
!engine
engine_
..\..\..\src\signaler.cpp
rc == sizeof (command_t)
nbytes % sizeof (uint32_t) == 0
inproc
..\..\..\src\socket_base.cpp
listener
in_pipe
out_pipe
session
connecter
named_sessions.empty ()
unnamed_sessions.empty ()
it != named_sessions.end ()
it != unnamed_sessions.end ()
pending_term_acks
..\..\..\src\streamer.cpp
..\..\..\src\sub.cpp
inpipe_ && !outpipe_
errno == EAGAIN
..\..\..\src\tcp_connecter.cpp
s == retired_fd
s != retired_fd
errno == WSAECONNREFUSED || errno == WSAETIMEDOUT || errno == WSAECONNABORTED || errno == WSAEHOSTUNREACH
..\..\..\src\tcp_listener.cpp
sock != INVALID_SOCKET
..\..\..\src\tcp_socket.cpp
..\..\..\src\thread.cpp
..\..\..\src\pull.cpp
..\..\..\src\uuid.cpp
ret == RPC_S_OK
..\..\..\src\xrep.cpp
it->active
!it->active
!it->second.active
!current_out
inpipes [current_in].active
..\..\..\src\xreq.cpp
Not supported
Address in use
Address not available
Operation in progress
Number of preallocated application threads exceeded
Operation cannot be accomplished in current state
The protocol is not compatible with the socket type
Context was terminated
..\..\..\src\zmq.cpp
msg_->content
nitems_ <= FD_SETSIZE
..\..\..\src\zmq_connecter.cpp
..\..\..\src\zmq_decoder.cpp
*tmpbuf > 0
size > 0
d:\falcon_source\finixibm\zeromq-2.0.10\src\decoder.hpp
d:\falcon_source\finixibm\zeromq-2.0.10\src\encoder.hpp
..\..\..\src\zmq_engine.cpp
!inout
reconnecter
..\..\..\src\zmq_init.cpp
engine
!peer_identity.empty ()
..\..\..\src\zmq_listener.cpp
d:\falcon_source\finixibm\zeromq-2.0.10\lib\libzmq.pdb
freeaddrinfo
getaddrinfo
WSASocketA
WS2_32.dll
UuidToStringA
UuidCreate
RpcStringFreeA
RPCRT4.dll
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FormatMessageA
GetLastError
GetCurrentThreadId
WaitForSingleObject
QueryPerformanceCounter
QueryPerformanceFrequency
KERNEL32.dll
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAHPEBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD_K@Z
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@H@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@AEBV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAXXZ
?_Xran@_String_base@std@@SAXXZ
?_Xlen@_String_base@std@@SAXXZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PEBD@Z
	?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2_KB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA?AV12@_K0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KPEBD_K@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@PEBD@Z
MSVCP80.dll
memmove_s
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@AEBV01@@Z
__iob_func
_errno
_invalid_parameter_noinfo
fprintf
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
malloc
perror
_purecall
strchr
strrchr
_lseeki64
?_open@@YAHPEBDHH@Z
??_V@YAXPEAX@Z
_unlink
_write
_close
memmove
realloc
_beginthreadex
strerror
_wassert
MSVCR80.dll
__CxxFrameHandler3
__C_specific_handler
_unlock
_encode_pointer
__dllonexit
_onexit
_decode_pointer
_malloc_crt
_initterm
_initterm_e
_encoded_null
_amsg_exit
__CppXcptFilter
__crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DisableThreadLibraryCalls
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
memset
memcpy
_CxxThrowException
libzmq.dll
??4_Init_locks@std@@QEAAAEAV01@AEBV01@@Z
zmq_bind
zmq_close
zmq_connect
zmq_device
zmq_errno
zmq_getsockopt
zmq_init
zmq_msg_close
zmq_msg_copy
zmq_msg_data
zmq_msg_init
zmq_msg_init_data
zmq_msg_init_size
zmq_msg_move
zmq_msg_size
zmq_poll
zmq_recv
zmq_send
zmq_setsockopt
zmq_sleep
zmq_socket
zmq_stopwatch_start
zmq_stopwatch_stop
zmq_strerror
zmq_term
zmq_version
.?AVtype_info@@
.?AVobject_t@zmq@@
.?AVapp_thread_t@zmq@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVbad_alloc@std@@
.?AVout_of_range@std@@
.?AVyarray_item_t@zmq@@
.?AUi_endpoint@zmq@@
.?AVsocket_base_t@zmq@@
.?AVpush_t@zmq@@
.?AVio_object_t@zmq@@
.?AUi_poll_events@zmq@@
.?AVio_thread_t@zmq@@
.?AVowned_t@zmq@@
.?AVpair_t@zmq@@
.?AV?$ypipe_t@Uzmq_msg_t@@$0BAA@@zmq@@
.?AVpipe_t@zmq@@
.?AVwriter_t@zmq@@
.?AVreader_t@zmq@@
.?AVpub_t@zmq@@
.?AVrep_t@zmq@@
.?AVreq_t@zmq@@
.?AVsession_t@zmq@@
.?AUi_inout@zmq@@
.?AVsub_t@zmq@@
.?AVpull_t@zmq@@
.?AVxrep_t@zmq@@
.?AVxreq_t@zmq@@
.?AVzmq_connecter_t@zmq@@
.?AV?$decoder_t@Vzmq_decoder_t@zmq@@@zmq@@
.?AVzmq_decoder_t@zmq@@
.?AV?$encoder_t@Vzmq_encoder_t@zmq@@@zmq@@
.?AVzmq_encoder_t@zmq@@
.?AVzmq_engine_t@zmq@@
.?AUi_engine@zmq@@
.?AVzmq_init_t@zmq@@
.?AVzmq_listener_t@zmq@@
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50608.0" processorArchitecture="amd64" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
    </dependentAssembly>
  </dependency>
</assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD