Sample details: a40ac2a73756a8a806e5fb0063ade535 --

Hashes
MD5: a40ac2a73756a8a806e5fb0063ade535
SHA1: 3eeff0fd738d65a57e56f165978318854425a929
SHA256: 99aad66843d9cfbfccf89bef3b326f89a90ee0b08fc6904358958d16e76aac45
SSDEEP: 1536:1vf07WQi4P9ZoX3aPDmtmJdQ0uGkZLwaHx49xx8jKsLuzgdfKXwqn:1v+VK8WYdQ0uGO0aHx4lUKCREX/
Details
File Type: PE32
Yara Hits
YRP/ASPack_v2001_Alexey_Solodovnikov | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/ASPack_v10804_additional | YRP/ASPack_v10804_Hint_WIN_EP | YRP/ASPack_v2000 | YRP/ASPack_v2001 | YRP/ASPackv2001AlexeySolodovnikov | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/suspicious_packer_section |
Source
http://103.68.190.250/Sources//Advance/WndRec/output/RecvFiles/bktest070AF94CB6AC85282/CBankClient/SYSTEM/cr_ossl.dll
Strings
		This program must be run under Win32
.idata
.edata
.reloc
.aspack
j@mnH*I
M%E>Z+
.2eT=~
fq#qKpS
Tc3]oq
n!iR3B
~h&4O5
9E,HDK)
%$FmACbU.
lb4;=J
VaVF3}
P2QFAy
t%4,T~
;:G5$d7
j\Vr-$3
*dOfL5F
.)r'	l
[>i)CY
[+12Ai_
wfeCXs
h+2,2BYIit
U#=ADr
D>Ze9l
jS{1"R
3$]da5As6@D 
WvD0_8u
oVx#J*@
(Bqb9u
+,c<?7
d(neXF}:
dK_BUu}
p,bx7r
M*fAq,
L;7a5d}
	e-0`%
Csk,~qK
"K7_TI
=`KZP"
EcmeiS
p$R:fe&N
7qK1Kh
ZuEUQ(9
}CSBI,
x/mpt]R
%\Iy	$
Z?u^Hs
/@W7=$<
=7	j6#55
wDQKKY
8&7f$y
*>qujWw
C5k{h*X
Vf*\+m
lZlJ?s
vJ^75C
Q}P)da
E'=pV\
wq`RV=3I
G%;T}P
Q/LoZQ
bofSDN2
R1Die2
Jl8fcYaF
A7`@MRK
K@uUlTYj
9%E[[\
jSm~}3
9\6_MT
@ Aj}BX\
g;a$9-DZX
!	#0L-Z
bVbT`i
s1>D/4
ph#?P3
si7<a-
< ~n9M:
[E	=FD
+"$|p0
))wT}=
1@_/NX
9oBne|z@8
_S903 
7oHp~n<
u*GtY7
V% RFY/b
C*($Pa
ydWmml
-/Ei*5KOh5uzA
3Z	jEn&
NdF9\c
.q=\=C
~Q1|*O
xrh8]a
acK ld.
*`(m}#
K<ikL 
mkTrC_
g.D^mL
T|zO`u
_n?wb0
q*e<=cW
$si*5R
n?Q.y&
	.GD"!
al<qn<
*R9i%LDN
PS=^j0
cr_ossl.dll
AddSign
CertAndRequestTransferMatch
ClearCash
ConvertTransferToSignedRequest
CreateDirStructure
DecodeData
DoneEngine
EncodeData
ExcludeSelfPublicKeyTransfer
GenerateNewSEK
GenerateNewSSK
GetCryptObj
GetCryptoErrorString
GetCryptoParamName
GetCryptoParamNumber
GetCryptoParamValue
GetCurrentUserUID
GetEncodeUIDBySignUID
GetLastErrorMessage
GetMaxAdditionEx
GetMaxCryptoParamNameLength
GetMaxCryptoParamValueLength
GetMaxEncodeAddition
GetMaxErrorStringLength
GetMaxFilePathLength
GetMaxPasswordLength
GetMaxPublicKeyPropertiesLength
GetMaxPublicKeyTransferSize
GetMaxReportSize
GetMaxSignAddition
GetMaxSignatureLength
GetMaxUIDLength
GetParamInfo
GetPublicKeyProperties
GetPublicKeyPropertiesByFile
GetPublicKeyPropertiesByTransfer
GetPublicKeyTransfer
GetPublicKeyTransferByFile
GetPureSign
GetRemoteGenType
GetReport
GetUIDByCertIdent
GetUIDByPublicKeyTransfer
HashData
IncludeCACertificateFromTransfer
IncludeCRL
IncludePublicEncodeKey
IncludePublicKey
IncludePublicKeyTransfer
InstallCertsInMyStore
IsDifferentKeys
RegisterOIDInfo
RemoteGenerateFinish
RemoteGenerateFinishEx
RemoteGenerateStart
RemoteGenerateStartEx
RemoveCertificate
RemoveSign
RemoveSignaturesFromFile
SavePublicKeyFromTransfer
SaveSignedDataToFile
SetCryptoParamValue
SetPasswordRequestFunc
SetRemoteGeneratePath
SetRootPath
SetTMRequestFunc
ShowCertificate
SignData
SignFile
TransPrivateKeyFromFileToTM
TransSignatureFromFileToTM
UpdateCertificateCash
VerifyData
VerifyFile
VerifySignWOCheckValidity
'ro'2w
MkeWwZ
KC-|[&
;[8)qo
+ZQIF% 
RAI5&T
2~w`?I
+oVm[!
7nY3M2F
:jM}`S
!v0kB4+0
Gx 'KQ
e#UFC{
! q*<_
 (08@P`p
kernel32.dll
VirtualAlloc
VirtualFree
VirtualProtect
ExitProcess
user32.dll
MessageBoxA
wsprintfA
LOADER ERROR
The procedure entry point %s could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
kernel32.dll
GetProcAddress
GetModuleHandleA
LoadLibraryA
user32.dll
advapi32.dll
oleaut32.dll
user32.dll
GetKeyboardType
RegQueryValueExA
VariantChangeTypeEx
MessageBoxA