Sample details: 90fda2fb312f23a79d2b1800388387ed --

Hashes
MD5: 90fda2fb312f23a79d2b1800388387ed
SHA1: 18b1ce537d2aed41afffda8fa978855f4809f946
SHA256: 679990bd7ebd064b9abfbadc85abedd6a8979610afd6c23b2fdc1ea48f6d0b52
SSDEEP: 6144:0cMQGqp/JGUfe+JvJAugJAI4H9shC8NmIKsO+XXM:0CpRoJ8bymlOXM
Details
File Type: PE32+
Yara Hits
YRP/Microsoft_Visual_Cpp_80_DLL | YRP/IsPE64 | YRP/IsConsole | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/VMWare_Detection | YRP/DebuggerException__SetConsoleCtrl | YRP/create_service | YRP/network_tcp_socket | YRP/Str_Win32_Winsock2_Library |
Parent Files
3cfb5ac298abec347907f1e1b310ad0e
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
D$hH9D$`t
D$(H9D$ t
D$8H9D$0t
D$HH9D$@t
H9D$`t
H9D$xt
D$HH9D$Pt
D$@H9D$xt
D$8H9D$0t
D$PH9D$(
D$hH9D$8t
D$(H9D$Ht
D$hH9D$`t
H9D$pt
D$HH9D$@t
D$(H9D$ t
D$hH9D$`t
D$(H9D$ t
D$8H9D$0t
D$HH9D$@t
D$hH9D$`t
D$(H9D$ t
D$8H9D$0t
D$HH9D$@t
D$@H9D$Ht
D$8H9D$0t
D$8H9D$0t0H
D$8H9D$0t
D$xH9D$pt!3
|$H&u`H
D$`9D$,~/
9D$8}MHcD$8Hk
t5HcD$8Hk
HcL$8Hk
HcD$ Hk
HcD$ Hk
HcD$ Hk
HcD$ Hk
HcD$ Hk
D$0HcD$ Hi
HcD$ Hi
HcL$0Hi
HcL$ Hi
HcD$ Hi
9D$@}u
tHHcD$@Hk
HcD$@Hk
HcD$@Hk
HcD$@Hk
D$PHcD$@Hk
HcD$@Hk
(HcL$PH
t&HcD$@Hk
(HcL$PH
HcD$@Hk
HcL$@Hk
HcT$@Hk
LcD$@Mk
LcL$@Mk
LcT$@Mk
HcD$@Hk
@L9D$P
HcD$PH
WHcL$PH
VHcT$PH
UHc|$PL
TLcD$PL
SLcL$PL
RLcT$PL
QLc\$PH
HcD$PH
HcL$PH
HcT$PH
Hc\$PH
Hc|$PL
LcD$PL
LcL$PL
	LcT$PL
HcD$ H
HcD$ H
D$ 9D$8}BHcD$8Hk
u+HcD$8Hk
8HcL$XH
HcD$0Hi
HcD$0Hi
HcD$0Hi
8HcL$0Hk
D$@9D$,
HcD$,Hi
HcL$,Hi
HcL$ Hi
D$$HcD$ Hi
t2HcD$ Hi
HcD$ Hi
HcL$ Hi
HcD$ Hi
HcL$ Hi
HcD$ Hi
HcD$ Hi
HcD$0Hi
wHcD$ Hi
HcD$ Hi
9D$@}uHcD$@Hi
tPHcD$@Hi
u"HcD$@Hi
HcL$8H
HcD$8Hc
@09D$8
HcD$8Hi
HcD$8Hi
9D$H}/HcD$HH
D$p9D$H
HcD$HH
HcD$HH
HcD$HH
@X9D$`
HcD$`Hk
I`HcT$`Hk
HcD$`Hk
 HcD$`Hk
HcD$`Hk
HcD$`Hk
HcD$`Hk
HcD$`Hk
HcD$`Hk
HcD$`Hk
HcD$`Hk
@X9D$`s2HcD$`Hk
HcD$`Hk
@H9D$H
HcD$HHk
HcD$HHk
HcL$HHk
HcD$HHk
HcL$HHk
HcD$HHk
(HcL$HHk
@H9D$H
HcD$HHk
HcD$HHk
HcL$HHk
HcD$HHk
HcL$HHk
HcD$HHk
SUVWATAUAVAWH
A_A^A]A\_^][
 !"#$%&'()*+,-./0123456789:;<BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=>BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB?B@A
HcD$ Hi
HcD$ Hi
D$(HcD$ Hi
D$$HcD$ Hi
HcD$ Hi
HcD$ Hi
HcD$ Hi
<$@}OHc
<$@}oHc
}hHcD$ Hi
tIHcD$ Hi
HcD$ Hi
HcD$ Hi
u_HcD$ Hi
HcD$ Hi
HcD$ Hi
D$ 9D$$
@HcD$$Hi
D$ 9D$$u
H9D$0|pH
|$x0u+H
HcD$ Hi
HcL$ Hi
uXHcD$ Hi
HcD$ Hi
HHcL$ Hi
tXHcD$ Hi
HcD$ H
D$(HcL$ H
D$ HcD$ H
D$,HcL$ H
9D$ }qHcD$ Hi
HcL$ Hi
}HHcD$
~"HcD$
HcL$ Hi
D$$HcD$ Hi
t2HcD$ Hi
HcD$ Hi
HcL$ Hi
HcD$ Hi
HcL$ Hi
HcD$ Hi
HcD$ Hi
HcD$ Hi
HcD$ Hi
tpHcD$DHi
HcD$DHi
tmHcD$4Hi
HcD$4Hi
tmHcD$DHi
HcD$DHi
t|HcD$8Hi
D$P9D$<}>HcD$<Hi
D$P9D$<
HcD$<Hi
HcL$0H
HcT$<Hi
HcD$8Hi
t{HcD$4Hi
HcD$4Hi
tjHcD$4Hi
HcD$4Hi
HcD$4Hi
HcD$4Hi
HcD$4Hi
udHcD$4Hi
HcD$4Hi
@ H9D$8u
HcD$4Hi
HcD$4Hi
HcD$4Hi
HcD$4Hi
HcD$4Hi
HcD$4Hi
tjHcD$@Hi
HcD$@Hi
D$`9D$ s{
1HcD$ H
 HcL$$
1HcD$ H
 HcL$$
D$X9D$(v
D$p9D$,v
D$h9D$8v
D$89D$ s5
D$P9D$ s2A
L$(9H(r9H
|$ ATH
|$ ATH
SVWATH
\$`fff
8A\_^[
LcA<E3
bad allocation
primevaultisperfect
inproc://workers
tcp://*:11763
noUnactivatedLicenses
Unknown
(null)
unable to free results
unable to free arguments
VER1.0)(-=+|!$#%*S!$#%*T!$#%*O!$#%*R!$#%*I#M(A!x
127.0.0.1
RSDSe.z
c:\development\IMA\current\src\output\x64\Release\ISCMService.pdb
SHFileOperationW
SHELL32.dll
WS2_32.dll
zmq_term
zmq_msg_close
zmq_errno
zmq_recv
zmq_msg_init
zmq_connect
zmq_socket
zmq_strerror
zmq_close
zmq_msg_data
zmq_msg_size
zmq_msg_init_size
zmq_send
zmq_device
zmq_init
zmq_bind
libzmq.dll
VerifyVersionInfoW
VerSetConditionMask
CloseHandle
GetLastError
GetExitCodeProcess
CreateProcessW
GetModuleFileNameW
SetConsoleCtrlHandler
LocalFree
lstrlenW
FormatMessageW
WaitForSingleObject
CreateEventW
SetEvent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
KERNEL32.dll
DispatchMessageW
PeekMessageW
USER32.dll
RevertToSelf
ImpersonateLoggedOnUser
LogonUserW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
DeregisterEventSource
ReportEventW
RegisterEventSourceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
DeleteService
QueryServiceStatus
ControlService
OpenServiceW
ADVAPI32.dll
iscmFree
iscmGetErrMessage
iscmGetDirListInXML
iscmGetAppCtrlList
iscmGetIMAPath
iscmGetIMAConfigPath
iscmSetBluestoneProtocol
iscmCheckPackageSignature_Ex
iscmLicenseEx_SetLicenseEx
iscmLicenseEx_ValidateKeycode
iscmLicenseEx_GetCurrentQualifier
iscmFreeMem
iscmBuiltinAccountGet
iscmLicenseEx_FreeTProductKeycodeEx
iscmLicenseEx_ExportRegistrationMaterialEx
iscmLicenseEx_GetLicenseEx
iscmLicenseEx_ImportSignatureExWithResult
iscmLicenseEx_IsLicense
iscmLicenseEx_ConvertToLicense4Code
iscmGetAppCtrlUnitInfo
iscmGetServerListInRegistry
iscmGetIMAVersionEx
iscmFreeTDiskInfoList
iscmSnapshotActionWithSN
iscmGetDiskInfoList
iscmFreeTDiskInfo
iscmGetDiskInfoBySerialNumber
iscmSnapshotCatalog
iscmSnapshotActionWithSNEx
iscmExecCommand
iscmFiniLib
iscmInitLib
iscmTaskStop
iscmTaskRun
iscmTaskDeleteScheduler
iscmTaskDeleteTask
iscmGetCMRunLevel
iscmRepairConnection
iscmISCSIIsRunning
iscmISCSIIsInstalled
iscmAppCtrlAction
iscmRegisterClientEx
iscmRegisterClientEx2
iscmRegisterProtocol
iscmRescanDiskByBridge
iscmIscsiResetPassword
iscmTaskManualMaintail
iscmGetHostNameByBridge
ISCMLIB.dll
ccm_i_get_ima_properties
ccm_ap_get_appctrl_path
ccm_ap_appctrl_get_list
ccm_ap_appctrl_get_unit_ex
ccm_i_get_serverlist_info
ccm_i_get_iscsi_properties
ccm_i_get_fc_properties
ccm_ap_appctrl_get_entry
ccm_i_get_server_secret
iscmccmlib.dll
AL_atomic_dec_32
AL_s_assign_s
AL_doc_create
AL_stricmp
AL_s_destroy
AL_sleep
AL_atomic_inc_32
AL_s_append_n
AL_s_clear
AL_strlen
AL_s_sprintf_i
AL_wchar_2_char
AL_log_write_another_file_i
AL_printf_ex
AL_s_from_char_n
AL_free
AL_thread_pool_destroy
AL_thread_pool_run_job
AL_thread_pool_create
AL_rest_api_escape
AL_s_trim_end_c
AL_snprintf
AL_xml_parse_file
AL_iscm_util_QuietRunAndWait
AL_registry_getstring
AL_xml_create
AL_delete_file
AL_strcmp
AL_user_is_admin
?set_attribute@AL_doc_node@@QEAAXPEB_W0@Z
AL_xml_parse_str
AL_query_disk_info
AL_enum_dir_end
AL_enum_dir_next
AL_write_time_t
AL_enum_dir_get
AL_enum_dir_begin
AL_iscm_util_Unicode2ANSI
AL_malloc
AL_time
AL_iscm_util_UTF82Unicode
AL_get_tick_count
AL_log_read_system_log
AL_iscm_util_xml_freeDoc
AL_iscm_util_load_file
AL_iscm_util_xml_saveFile
AL_iscm_util_xml_appendChild
AL_iscm_util_xml_getInitialHElementFromHDoc
AL_iscm_util_xml_createDoc
AL_iscm_util_gen_tmp_file
AL_iscm_util_xml_setAttributeStr
AL_iscm_util_xml_setAttributeInt32
AL_iscm_util_xml_removeNode
AL_hostinfo_ex_t_free
AL_get_host_info_ex
AL_s_append_sprintf
AL_sprintf
AL_iscm_util_substring_list_t_free
AL_iscm_util_Unicode2UTF8
AL_atoi
AL_iscm_util_get_substring_list_1
AL_char_2_wchar
AL_thread_create
AL_stat64
AL_connect_network_share
AL_strdup
AL_analyze_network_share_path
AL_current_user_is_admin
AL_NT_service_start
AL_get_tmp_dir
AL_get_filename
AL_get_base_path
AL_fclose
AL_fopen
AL_close_file
AL_write_file
AL_open_file
AL_iscm_util_i_ANSI2Unicode
AL_iscm_util_ANSI2Unicode
AL_iscm_util_ReportEventLog
AL_registry_getint
AL_SEH_record_exception_info
AL_iscm_util_i_UTF82Unicode
AL_strcpy
AL_query_system_info
AL_printf
AL_read_file
AL_seek_file
AL_tell_file
AL_iscm_util_get_cfg_path
AL_realloc
AL_shutdown
AL_lock_process_create_everyone
AL_lock_process_close
AL_lock_process_unlock
AL_lock_process_open
AL_log_set_output
AL_log_add_level
AL_init
AL_gethostname
AL_thread_wait_for_termination
AL_get_system_time
AL_log_set_level
AL_registry_putint
AL_socket_close
AL_bind
AL_socket
AL_thread_create_ex
AL_iscm_util_i_Unicode2UTF8
AL_iscm_util_CreateFolder
AL_iscm_util_IsFileExist
al_lib_ima.dll
imarpc_hash_machine_name
imarpc_svctcp_get_uid
imarpc_svcerr_systemerr
imarpc_svc_sendreply
imarpc_svcerr_decode
imarpc_svcerr_noproc
imarpc_svc_unregister
imarpc_svc_run
imarpc_svctcp_set_auth_callback
imarpc_svctcp_set_machine_manager
imarpc_sanauth_1
imarpc_svc_register
imarpc_svctcp_create_2
imarpc_svc_set_multithread
imarpc_svc_interrupt
FSNRPC_IMA.dll
ch_public_get_secret_by_server_address
ch_public_get_secret_by_session_hash
ch_public_execute_api
ch_public_shutdown
ch_public_init
ch_public_stop_host_service
ch_public_start_host_service
ch_public_set_verbose_mode
ch_public_upgrade_ccm_client
ccmhostpublic.dll
memset
??3@YAXPEAX@Z
strlen
_CxxThrowException
??0exception@std@@QEAA@AEBV01@@Z
__CxxFrameHandler3
??0exception@std@@QEAA@XZ
??1exception@std@@UEAA@XZ
memcpy
??2@YAPEAX_K@Z
_stricmp
fprintf
memcmp
wprintf
_wcsicmp
_swprintf
strcpy
wcslen
strncpy
__iob_func
sprintf
tolower
strcmp
malloc
_wcsdup
_time64
wcscat
wcscpy
_close
_write
_wopen
_wstat64
MSVCR80.dll
__C_specific_handler
_amsg_exit
__wgetmainargs
_XcptFilter
_cexit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
_unlock
__dllonexit
_onexit
_decode_pointer
SHGetFolderPathW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateDirectoryW
SetFileAttributesW
DeleteFileW
DeleteCriticalSection
.?AVerror_t@zmq@@
.?AVexception@std@@
.?AVtype_info@@
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity name="FalconStor.RD.IMA" processorArchitecture="amd64" version="1.0.0.0" type="win32"></assemblyIdentity><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="amd64" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.762" processorArchitecture="amd64" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD0
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
130405000000Z
160603235959Z0
New York1
Melville1
Falconstor Software1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
Falconstor Software0
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
AI9/wUe
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
140812045752Z0#