Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 41f98468291969774dd2cba791a8307f --

Hashes
MD5: 41f98468291969774dd2cba791a8307f
SHA1: 09ffb13d8133dc4178f01b9f80325b2f2bdb7773
SHA256: 78c806f62bc059b57176c3cbfffae395b233425d2f91e357e2311b0a83b1f66a
SSDEEP: 768:oe1uY2MBLVOi2nTGjgkJZ2/p+7/Xr99pOTDxVDWZAOhrgSj:oeP2MBLVOi2TGjgkG/KXSfDWZHhd
Details
File Type: PE32+
Yara Hits
YRP/IsPE64 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/anti_dbg | YRP/win_registry | YRP/Str_Win32_Winsock2_Library |
Parent Files
3cfb5ac298abec347907f1e1b310ad0e
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
HcD$@H
zHcD$@H
D$@9D$0}3HcD$0A
D$@9D$0
WATAUH
 A]A\_
LcA<E3
bad allocation
DiskSafeGetDiskInfo
c:\development\ima\current\sandiskmgt\output\x64\release\sdmgr_api.pdb
iscmFiniLib
iscmInitLib
iscmFree
iscmGetErrMessage
iscmGetServerListInRegistry2
iscmRefreshServerList
iscmRegisterClient
iscmGetServerInfoInRegistry
iscmRemoveServerEx
iscmRegisterProtocol
iscmGetServerProtocolList
iscmIscsiResetPassword
iscmAllocDisk
iscmVSCExpandDisk
iscmGetClientDevices
iscmFreeTClientDevices
iscmIsIPStorDisk
iscmFreeTDiskNoList
iscmGetDiskNoList
iscmDeleteClientDevice
iscmVSCGetServerProperty
iscmVSCGetDiskProperty
iscmRepairConnection
iscmVSCCreateSnapshot
iscmFreeMem
iscmVSCGetSnapshotList
iscmVSCMountSnapshot
iscmVSCUnmountSnapshot
iscmVSCRemoveSnapshot
iscmGetDiskNumberByWWID
iscmFreeTDiskInfoEx
iscmGetDiskInfoByDiskNoEx
iscmFreeTDiskInfoEx_2
iscmGetDiskInfoByDiskNoEx_2
iscmGetInitiatorName
iscmTaskUninit
iscmTaskFindTask
iscmTaskInit
iscmTaskFindScheduler
iscmTaskFreeTask
iscmTaskFreeScheduler
iscmTaskDeleteTask
iscmTaskDeleteScheduler
iscmGetDiskInfoByDiskNo
iscmFreeTDiskInfo
iscmTaskFreeTaskList
iscmTaskGetTaskList
iscmTaskCreateTask
iscmTaskCreateScheduler
iscmGetAppCtrlList
iscmGetAppCtrlUnitEx
iscmGetAppCtrlUnitInfo
iscmLicenseEx_GetLicenseEx
iscmLicenseEx_FreeTProductKeycodeEx
iscmLicenseEx_ValidateKeycode
iscmLicenseEx_RemoveLicense
iscmLicenseEx_SetLicenseEx
iscmIsProductLic4FromServer
iscmLicenseEx_IsLicense
iscmLicenseEx_GetCurrentQualifier
iscmLicenseEx_ExportRegistrationMaterial
iscmLicenseEx_ImportSignature
iscmGetIMAVersion
iscmReportIMAEventLog_i
iscmGetIMAPath
iscmGetXRay
iscmGetIMAConfigPath
iscmGetCMRunLevel
iscmSetCMRunLevel
iscmSetiSCSITargetAccessMode
iscmGetiSCSITargetAccessMode
iscmGetClientClusterProperty
iscmSetClientClusterProperties
iscmGetExtInfo
iscmSetExtInfo
iscmGetLocationFilePath
ISCMLIB.dll
RegisterClientByGUI
ProtocolSettingByGUI
AllocateDiskByGUIEx3
TSNewTaskByGUIEx3
TSManagementByGUIEx4
TSTaskPropertiesByGUI
LicenseAddByGUI
LicenseActivateByGUI
ccsetwiz.dll
ch_public_init
ch_public_shutdown
ch_public_register_server
ch_public_get_server
ch_public_unregister_server
ccmhostpublic.dll
WS2_32.dll
MultiByteToWideChar
GetLocalTime
lstrlenW
lstrcpyW
LoadLibraryExW
lstrcatW
FreeLibrary
GetProcAddress
GetCurrentThreadId
KERNEL32.dll
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ADVAPI32.dll
_swprintf
memset
_ultow
wcstoul
malloc
wcscpy
wcsncpy
wcslen
swscanf
wcsncmp
wcscmp
wcscat
_snwprintf
_wrename
_wremove
_wstat64i32
fclose
fwprintf
_wfopen
_vsnwprintf
wcschr
_fstat64i32
MSVCR80.dll
_encode_pointer
_malloc_crt
_initterm
_initterm_e
_encoded_null
_decode_pointer
_amsg_exit
__C_specific_handler
__CppXcptFilter
__crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_onexit
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
_fileno
sdmgr_api.dll
sdmCheckLic4FromServer
sdmCheckQualifier
sdmCreateTaskSchedule
sdmDeleteCCMServer
sdmDeleteSchedule
sdmDeleteTask
sdmEnableCCMServer
sdmExportLicenseToDatFile
sdmFindSchedule
sdmFindTask
sdmFiniLib
sdmFreeIMAErrorMsg
sdmFreeIMAMemory
sdmFreeLicenseInfoList
sdmFreeScheduleMemory
sdmFreeTaskMemory
sdmGetAppCtrlList
sdmGetAppCtrlUnitEx
sdmGetAppCtrlUnitInfo
sdmGetCCMServer
sdmGetCMRunLevel
sdmGetClientClusterProperty
sdmGetExtInfo
sdmGetIMAErrorMsg
sdmGetIMAPath
sdmGetIMAVersion
sdmGetIMAXRay
sdmGetLicenseInfoList
sdmGetLocationFilePath
sdmGetScsiAddress
sdmGetiScsiTargetAccessMode
sdmImportSignatureFile
sdmInitLib
sdmIsIPStorDisk
sdmIsLicense
sdmIsLicenseExist
sdmLicenseActivateByGUI
sdmLicenseAddByGUI
sdmModifyTaskScheduleByGUI
sdmProtocolAdd
sdmProtocolAddByGUI
sdmProtocolGetList
sdmProtocolResetISCSIPassword
sdmRefreshServers
sdmRemoveLicense
sdmReprotIMAEvent
sdmServerAddClient
sdmServerAddClientByGUI
sdmServerDelete
sdmServerGetInformation
sdmServerGetList
sdmSetCMRunLevel
sdmSetClientClusterProperty
sdmSetExtInfo
sdmSetLicense
sdmSetiScsiTargetAccessMode
sdmTaskManageByGUI
sdmTaskNewByGUI
sdmUtilFreeDiskLocalInformation
sdmUtilFreeDiskLocalInformation_ex
sdmUtilGetDiskCapacity
sdmUtilGetDiskInfo
sdmUtilGetDiskLabelInformation
sdmUtilGetDiskLocalInformation
sdmUtilGetDiskLocalInformation_ex
sdmUtilGetDiskNoByWWWId
sdmUtilGetDiskNumber
sdmUtilGetInitiatorName
sdmVDiskAlloc
sdmVDiskAllocByGUI
sdmVDiskDelete
sdmVDiskDeleteSnapshot
sdmVDiskExpand
sdmVDiskFreeList
sdmVDiskFreeSnapshotList
sdmVDiskGetInformation
sdmVDiskGetSnapshotList
sdmVDiskList
sdmVDiskMountSnapshot
sdmVDiskRefreshAll
sdmVDiskSnapshot
sdmVDiskUnmountSnapshot
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.762" processorArchitecture="amd64" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
    </dependentAssembly>
  </dependency>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
130405000000Z
160603235959Z0
New York1
Melville1
Falconstor Software1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
Falconstor Software0
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
AI9/wUe
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
140812045810Z0#