Sample details: 70dfab20a13716ef856cf37b68d8ce01 --

Hashes
MD5: 70dfab20a13716ef856cf37b68d8ce01
SHA1: b2f1566faac71c84dc7b3b99cb82a8108e867253
SHA256: da37b18875c1b14b6bd456eed5ed3edad840189fadb7f1426df7490300730105
SSDEEP: 384:xK215y2zzPBOFB+6tpg6f+DgZ+UnYPLrdipeM4:xKs82zQ+TRDgZhI
Details
File Type: PE32+
Yara Hits
YRP/Microsoft_Visual_Cpp_80_DLL | YRP/IsPE64 | YRP/IsConsole | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | FlorianRoth/DragonFly_APT_Sep17_3 |
Parent Files
3cfb5ac298abec347907f1e1b310ad0e
Strings
		!This program cannot be run in DOS mode.
kRich=	
`.rdata
@.data
.pdata
@.rsrc
9D$0}<
}5HcD$0H
9D$0}<
}5HcD$0H
HcD$0Hi
D$8HcD$0Hi
9D$8}LHcD$0Hi
HcL$8Hi
HcD$(H
HcD$(H
|$\vtQ
HcD$(H
HcD$(H
HcD$(H
|$ ATH
LcA<E3
bad allocation
FalconStor Software
c:\development\IMA\current\src\output\x64\Release\iscmregctrl.pdb
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
KERNEL32.dll
iscmFiniLib
iscmCleanAppCtrl
iscmRemoveAppCtrlUnit
iscmGetAppCtrlList
iscmAddAppCtrlUnitEx
iscmAddAppCtrlUnit
iscmRegisterAppCtrl
iscmInitLib
iscmSetAppCtrlUnitInfo
ISCMLIB.dll
AL_shutdown
AL_registry_getstring
AL_iscm_util_IsFileExist
AL_sprintf
AL_s_destroy
AL_strlen
AL_iscm_util_get_cfg_path
AL_iscm_util_substring_list_t_free
AL_iscm_util_get_substring_list_1
AL_atoi
AL_printf
AL_stricmp
AL_strcmp
AL_free
AL_strcpy
AL_get_filename
AL_init
al_lib_ima.dll
memset
__CxxFrameHandler3
MSVCR80.dll
_amsg_exit
__wgetmainargs
__C_specific_handler
_XcptFilter
_cexit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_onexit
_decode_pointer
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity name="FalconStor.RD.IMA" processorArchitecture="amd64" version="1.0.0.0" type="win32"></assemblyIdentity><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="amd64" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.762" processorArchitecture="amd64" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX0
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
130405000000Z
160603235959Z0
New York1
Melville1
Falconstor Software1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
Falconstor Software0
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
AI9/wUe
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
}PSxjqS_
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
140812045801Z0#