Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 9f94c0b745d50a46ae32d03cd3b27290 --

Hashes
MD5: 9f94c0b745d50a46ae32d03cd3b27290
SHA1: e89b357f444158e263e848ab79b0e6996c14a9b2
SHA256: a9b3444a435068ed3fbd59624f4147814fdd290738c3531c8c6cba756dc80449
SSDEEP: 768:ye28JWvv4xuCSj3H4/xD1vBroMle4lIIgJytzI5d8Ix0uOpfTcE8Y9mk:ye2qiH6PBcMHlIIgJytU/8IWuOpfTLZl
Details
File Type: PE32+
Yara Hits
YRP/IsPE64 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_registry |
Parent Files
3cfb5ac298abec347907f1e1b310ad0e
Strings
		!This program cannot be run in DOS mode.
*+Rich
`.rdata
@.data
.pdata
@.rsrc
@.reloc
D$8H9D$0t
H9D$8sRH
D$8H9D$0
L$ H9A
D$PH9D$ s
D$8H9D$0t
SVWATH
\$`fff
8A\_^[
WATAUH
 A]A\_
LcA<E3
bad allocation
bad allocation
c:\development\IMA\current\src\output\x64\Release\ccmhostconfig.pdb
RegCloseKey
RegSetValueExW
RegOpenKeyExW
ADVAPI32.dll
AL_strlen
AL_atomic_inc_32
AL_shutdown
AL_s_assign_s
AL_s_append_n
AL_log2_get_level
AL_log2_format_message_args
AL_s_clear
AL_s_destroy
AL_free
AL_init
AL_s_arr_destroy
AL_s_append_sprintf_i
AL_log2_is_trace_function_included
AL_log2_format_message_another_file_args
AL_s_arr_count
AL_atomic_dec_32
AL_lock_thread_init
AL_lock_thread_lock
AL_is_full_path
AL_stat64_ex
AL_lock_file_lock
AL_s_arr_get_at
AL_registry_get_str
AL_lock_thread_unlock
AL_s_arr_reserve
AL_lock_file_unlock
AL_s_arr_append
AL_xml_parse_file
AL_malloc
AL_lock_thread_destroy
AL_xml_create
al_lib_ima.dll
?to_str_i@ch_base_object_xml@@EEBA?AVAL_string@@XZ
??4ch_base_object_xml@@QEAAAEAV0@AEBV0@@Z
??0ch_base_object_xml@@QEAA@AEBVAL_string@@@Z
?log_instance@ch_base_module@@SAPEAXXZ
??0ch_base_object_xml@@QEAA@AEBV0@@Z
?shutdown@ch_base_module@@SAXXZ
?init@ch_base_module@@SAXXZ
?assert_ok_i@ch_base_object@@EEBA_NXZ
??1ch_base_object_xml@@UEAA@XZ
??0ch_base_error@@QEAA@H@Z
?to_str@ch_base_object@@QEBA?AVAL_string@@XZ
??1ch_base_object@@UEAA@XZ
??0ch_base_object@@QEAA@XZ
?get_attr@ch_base_module@@SA?AVAL_string@@W4ch_base_attr_id_t@@@Z
?to_xml@ch_base_object_xml@@QEBAXV?$AL_smart_ptr_share@VAL_xml_node@@@@I@Z
?to_str@ch_base_error@@QEBA?AVAL_string@@XZ
?from_xml@ch_base_object_xml@@QEAA_NV?$AL_smart_ptr_share@VAL_xml_node@@@@@Z
??4ch_base_error@@QEAAAEAV0@AEBV0@@Z
?get_node_type@ch_base_object_xml@@QEBAAEBVAL_string@@XZ
??4ch_base_error@@QEAAAEAV0@H@Z
?set_ok@ch_base_error@@QEAAAEAV1@XZ
?is_ok@ch_base_error@@QEBA_NXZ
??0ch_base_error@@QEAA@AEBV0@@Z
ccmhostbase.dll
memset
memcmp
?terminate@@YAXXZ
__C_specific_handler
??3@YAXPEAX@Z
MSVCR80.dll
_encode_pointer
_malloc_crt
_initterm
_initterm_e
_encoded_null
_decode_pointer
_amsg_exit
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_onexit
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
KERNEL32.dll
__CxxFrameHandler3
ccmhostconfig.dll
??0ch_config_conf@@AEAA@XZ
??0ch_config_host@@QEAA@AEBV0@@Z
??0ch_config_host@@QEAA@XZ
??0ch_config_host_param@@QEAA@AEBV0@@Z
??0ch_config_host_param@@QEAA@XZ
??0ch_config_server@@QEAA@AEBV0@@Z
??0ch_config_server@@QEAA@XZ
??1ch_config_conf@@EEAA@XZ
??1ch_config_host@@UEAA@XZ
??1ch_config_host_param@@UEAA@XZ
??1ch_config_server@@UEAA@XZ
??4ch_config_host@@QEAAAEAV0@AEBV0@@Z
??4ch_config_host_param@@QEAAAEAV0@AEBV0@@Z
??4ch_config_module@@QEAAAEAV0@AEBV0@@Z
??4ch_config_server@@QEAAAEAV0@AEBV0@@Z
??_7ch_config_conf@@6B@
??_7ch_config_host@@6B@
??_7ch_config_host_param@@6B@
??_7ch_config_server@@6B@
?clear@ch_config_host@@QEAAXXZ
?clear@ch_config_host_param@@QEAAXXZ
?clear@ch_config_server@@QEAAXXZ
?create_instance@ch_config_conf@@CAXXZ
?destroy_instance@ch_config_conf@@CAXXZ
?file_was_changed@ch_config_conf@@AEBA_NPEAUAL_stat64_ex_t@@@Z
?from_xml_i@ch_config_host@@EEAA_NV?$AL_smart_ptr_share@VAL_xml_node@@@@@Z
?from_xml_i@ch_config_host_param@@EEAA_NV?$AL_smart_ptr_share@VAL_xml_node@@@@@Z
?from_xml_i@ch_config_server@@EEAA_NV?$AL_smart_ptr_share@VAL_xml_node@@@@@Z
?get_host_id@ch_config_conf@@QEBA?AVch_base_error@@PEAVAL_string@@@Z
?get_host_id_from_reg@ch_config_conf@@AEBA?AVch_base_error@@PEAVAL_string@@@Z
?get_host_parm@ch_config_conf@@QEBA?AVch_base_error@@PEAVch_config_host_param@@@Z
?get_instance@ch_config_conf@@SAPEBV1@XZ
?get_pull_policy_interval@ch_config_host_param@@QEAAHXZ
?get_query_system_info_interval@ch_config_host_param@@QEAAHXZ
?get_server@ch_config_conf@@QEBA?AVch_base_error@@PEAVch_config_server@@@Z
?get_update_last_access_interval@ch_config_host_param@@QEAAHXZ
?init@ch_config_module@@SAXXZ
?init_i@ch_config_module@@CAXXZ
?is_valid@ch_config_conf@@AEBA_NXZ
?load@ch_config_conf@@AEAAXXZ
?reload_data@ch_config_conf@@AEBAXXZ
?reload_file_if_changed@ch_config_conf@@AEBAHXZ
?save@ch_config_conf@@AEAA?AVch_base_error@@XZ
?set_host_id@ch_config_conf@@QEAA?AVch_base_error@@AEBVAL_string@@@Z
?set_host_id_i@ch_config_conf@@AEAA?AVch_base_error@@AEBVAL_string@@@Z
?set_host_id_to_reg@ch_config_conf@@AEAA?AVch_base_error@@AEBVAL_string@@@Z
?set_host_parm@ch_config_conf@@QEAA?AVch_base_error@@AEBVch_config_host_param@@@Z
?set_host_parm_i@ch_config_conf@@AEAA?AVch_base_error@@AEBVch_config_host_param@@@Z
?set_server@ch_config_conf@@QEAA?AVch_base_error@@AEBVch_config_server@@@Z
?set_server_i@ch_config_conf@@AEAA?AVch_base_error@@AEBVch_config_server@@@Z
?shutdown@ch_config_module@@SAXXZ
?shutdown_i@ch_config_module@@CAXXZ
?st_init_times@ch_config_module@@0HC
?st_instance@ch_config_conf@@0PEAV1@EA
?to_str_i@ch_config_conf@@EEBA?AVAL_string@@XZ
?to_xml_i@ch_config_host@@EEBAXV?$AL_smart_ptr_share@VAL_xml_node@@@@I@Z
?to_xml_i@ch_config_host_param@@EEBAXV?$AL_smart_ptr_share@VAL_xml_node@@@@I@Z
?to_xml_i@ch_config_server@@EEBAXV?$AL_smart_ptr_share@VAL_xml_node@@@@I@Z
.?AVtype_info@@
.?AVch_config_server@@
.?AVch_config_host@@
.?AVAL_new_operator@@
.?AVch_base_object@@
.?AVch_base_object_xml@@
.?AVch_config_host_param@@
.?AVch_config_conf@@
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.762" processorArchitecture="amd64" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
    </dependentAssembly>
  </dependency>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
130405000000Z
160603235959Z0
New York1
Melville1
Falconstor Software1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
Falconstor Software0
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
AI9/wUe
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
140812045811Z0#
D+CP"i
rW:yID
(Ez?%8