Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 75641eabee93e568f2255df8602eaf09 --

Hashes
MD5: 75641eabee93e568f2255df8602eaf09
SHA1: 8e84169017755ff64d45bd0c18b9951ec2cc42eb
SHA256: 6397872f0d3be38dbb6e5eb488edfe818f5deae6402e22770d71c8268cb0b234
SSDEEP: 1536:aY6HHjQemiBPCBOQJyP5Newsrv4Va6RyyoPGZJUX67Sztg3ShZVQhM:qHHjQeBCOQYP50xz2aGyy8Og6uBgCeh
Details
File Type: PE32
Yara Hits
YRP/ASPack_v2001_Alexey_Solodovnikov | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/ASPack_v10804_additional | YRP/ASPack_v10804_Hint_WIN_EP | YRP/ASPack_v2000 | YRP/ASPack_v2001 | YRP/ASPackv2001AlexeySolodovnikov | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/keylogger | YRP/win_registry | YRP/suspicious_packer_section |
Source
http://103.68.190.250/Sources//Advance/WndRec/output/RecvFiles/bktest070AF94CB6AC85282/CBankClient/SYSTEM/cr_vesta.dll
Strings
		This program must be run under Win32
.idata
.edata
.reloc
.aspack
 oAk@&=
g(^riX
-6`^	T
:>Z3 8
gV"!90
-*U(q\$t
iTcCmwt
",~8&0?=
~J[>X	
,l)|4C
?Dx-aC
gwEL"Q
0wn"iNb
z0w^5y
3@=vj5
;FmKAI%@#
bctpr?
	].LEYu
ZF,y^)C
Ls81+V
o0H0TK
+VYp4q
M8	S7wfg
z^mrzt
{Y4j@R)~
^`VqmB
^d^hV1}
H&f(	c
EYIaeYV
((]F\2
H|2~,m
/PLKZr
hR6(1%
6>5GeSe
}%ZOx0)kS
A_VDxU 
Q@*;$}
iU3/*^M
#YB/*8
:W+"Yr
T`e*gs
w&t_j^
:^1fD	
OsXD4c
	Trl1,
jBYY3[Y
:AzO#Z
.pjxyO
h]w>]i
LVI/87
z7\oJ5
h0G9FkkR
#.s$Y&
$GVus\
G^]3Us
Ts5~8>Jt
C|cn[5
bJX43yG
y0CEfUd
 qy\/h
) )$*`
",JAF*
1A]P4J_D
arA%w_
{IAPdIZ
kKkiNz
oD}m`u
}% xDP)N
*fP;]^Sg
V":Hai
8;ic/:dE
J@U0|^|
S=13'e
oPyBe|
-l=d^`S0
S~'0i'
SkQ-r	
0Kzo*kA
zhNcsl
&+9>5f
iN7Wz!kU 4
Zt]-20
$ukrPr
oWajO]
K4bmh_
XrFc10,
0+0A@R
"K=\#|
AgL)n:
2uNkvQ
y8u'kO7
pPz_MJ
&KwKtSV
c>u!)>
_tr^,W)
gAp@1x
d+P{4m
Po<S.n
Y6YmuQ
}Dh/`Pg
Mg;sT(N
"\,9jR
b:H!$G
, Id**
)&YQQd!%e@
Zdq6~:
;'q;QN;
A^< |M
Ct7cx7
lDrj$qOTr'
&59AqK
0B$w^1
cr_vesta.dll
AddSign
CertAndRequestTransferMatch
ClearCash
ConvertTransferToSignedRequest
CreateDirStructure
DecodeData
DoneEngine
EncodeData
ExcludeSelfPublicKeyTransfer
GenerateNewSEK
GenerateNewSSK
GetCryptObj
GetCryptoErrorString
GetCryptoParamName
GetCryptoParamNumber
GetCryptoParamValue
GetCurrentUserUID
GetEncodeUIDBySignUID
GetLastErrorMessage
GetMaxAdditionEx
GetMaxCryptoParamNameLength
GetMaxCryptoParamValueLength
GetMaxEncodeAddition
GetMaxErrorStringLength
GetMaxFilePathLength
GetMaxPasswordLength
GetMaxPublicKeyPropertiesLength
GetMaxPublicKeyTransferSize
GetMaxReportSize
GetMaxSignAddition
GetMaxSignatureLength
GetMaxUIDLength
GetParamInfo
GetPublicKeyProperties
GetPublicKeyPropertiesByFile
GetPublicKeyPropertiesByTransfer
GetPublicKeyTransfer
GetPublicKeyTransferByFile
GetPureSign
GetRemoteGenType
GetReport
GetUIDByCertIdent
GetUIDByPublicKeyTransfer
HashData
IncludeCACertificateFromTransfer
IncludeCRL
IncludePublicEncodeKey
IncludePublicKey
IncludePublicKeyTransfer
InstallCertsInMyStore
IsDifferentKeys
RegisterOIDInfo
RemoteGenerateFinish
RemoteGenerateFinishEx
RemoteGenerateStart
RemoteGenerateStartEx
RemoveCertificate
RemoveSign
RemoveSignaturesFromFile
SavePublicKeyFromTransfer
SaveSignedDataToFile
SetCryptoParamValue
SetPasswordRequestFunc
SetRemoteGeneratePath
SetRootPath
SetTMRequestFunc
ShowCertificate
SignData
SignFile
TransPrivateKeyFromFileToTM
TransSignatureFromFileToTM
UpdateCertificateCash
VerifyData
VerifyFile
VerifySignWOCheckValidity
FIc'lK
$9"	a$I"
;U;e9*
N[T'7Q
{<6^M:
$#D^9|
C}u#7O
.*]Zo^
kF-~Z=l
1QuAic
Al3i{ -} ?#
Nvdzu%7
C5,WTZ{li5
I`O)\V'
 (08@P`p
kernel32.dll
VirtualAlloc
VirtualFree
VirtualProtect
ExitProcess
user32.dll
MessageBoxA
wsprintfA
LOADER ERROR
The procedure entry point %s could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
kernel32.dll
GetProcAddress
GetModuleHandleA
LoadLibraryA
user32.dll
advapi32.dll
oleaut32.dll
user32.dll
GetKeyboardType
RegQueryValueExA
VariantChangeTypeEx
MessageBoxA