Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: b03c62c9f11a07a8c25f669d8f2951ea --

Hashes
MD5: b03c62c9f11a07a8c25f669d8f2951ea
SHA1: f885a8440fd07107c497a997590c19168134f20b
SHA256: 81fecc911e32ba04746bd1a60580280f3ac00ea64df66bddea6b1dd5ecdd28fd
SSDEEP: 384:BeA50vjMkwpb2eIIf3GaDSjNDI38OtC6hWzSlRWx/G2RByojMxnZ+dSQRmHo6wDU:4A5SGJLfkOtC6QzSfWxgHpvgz5EJUI
Details
File Type: PE32+
Yara Hits
YRP/IsPE64 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 |
Parent Files
3cfb5ac298abec347907f1e1b310ad0e
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
9D$ }(HcD$ H
9D$(}~HcD$(H
9D$8}+HcD$8H
9D$ }THcD$ H
HcD$ H
HcD$ H
HcD$ H
9D$(}lHcD$(H
9D$8}#HcD$8H
9D$ s"
D$09D$ 
D$@9D$0
HcD$0H
D$09D$$}kH
HcD$$H
HcD$$H
|$ zu'
L$PHc	H
L$PHc	H
|$ ATH
WATAUH
 A]A\_
LcA<E3
bad allocation
c:\development\IMA\current\src\output\x64\Release\iSCSIMgmt.pdb
FormatMessageW
GetModuleHandleW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
KERNEL32.dll
fsReportActiveIScsiTargetMappings
fsGetIScsiSessionList
fsGetIScsiTargetInformation
fsLoginIScsiTarget
fsLogoutIScsiTarget
ISCMSCSI_InitInstance
ISCMSCSI_ExitInstance
fsReportIScsiSendTargetPortals
fsAddIScsiSendTargetPortal
fsRemoveIScsiSendTargetPortal
fsReportIScsiTargets
fsSetIScsiInitiatorCHAPSharedSecret
fsGetIScsiInitiatorNodeName
fsSetIScsiInitiatorNodeName
fsIsInitiatorInstalled
fsQueryIScsiInitiatorDesc
fsReportIScsiInitiatorList
fsRefreshSessions
fsRemoveIScsiPersistentTarget
ISCMSCSI.dll
AL_delete_file
AL_fclose
AL_printf
AL_fopen
AL_iscm_util_QuietRunAndWait
AL_system
AL_free
AL_sprintf
AL_stricmp
AL_malloc
AL_strcpy
AL_strlen
AL_strncpy
AL_init
AL_shutdown
AL_resolve_address
AL_wchar_2_char
AL_s_trim_right
AL_s_trim_left
AL_s_append_n
AL_s_clear
AL_NT_service_get_state
AL_strdup
al_lib_ima.dll
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@PEB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBAPEB_WXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@AEBV10@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@PEB_W@Z
Z	?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_KXZ
MSVCP80.dll
memset
fwrite
strlen
memcpy
strcpy
__CxxFrameHandler3
MSVCR80.dll
_encode_pointer
_malloc_crt
_initterm
_initterm_e
_encoded_null
_decode_pointer
_amsg_exit
__C_specific_handler
__CppXcptFilter
__clean_type_info_names_internal
_unlock
__dllonexit
_onexit
iSCSIMgmt.dll
iSCSIMgmt_AddTarget
iSCSIMgmt_ExitInstance
iSCSIMgmt_FreePortals
iSCSIMgmt_FreeTargetList
iSCSIMgmt_FreeiSCSIHBAs
iSCSIMgmt_GetInitiatorName
iSCSIMgmt_GetPortals
iSCSIMgmt_GetTargetList
iSCSIMgmt_GetTargetStatus
iSCSIMgmt_GetiSCSIHBAs
iSCSIMgmt_InitInstance
iSCSIMgmt_IsISCSIIsRunning
iSCSIMgmt_IsInitiatorInstalled
iSCSIMgmt_LoginTarget
iSCSIMgmt_LoginTargetAll
iSCSIMgmt_LogoutTarget
iSCSIMgmt_RefreshSessionStatus
iSCSIMgmt_RefreshTargetList
iSCSIMgmt_RemoveIScsiPersistentTarget
iSCSIMgmt_RemoveTarget
iSCSIMgmt_RescanSessions
iSCSIMgmt_SetInitiatorName
iSCSIMgmt_SetMutualCHAPSecret
iSCSIMgmt_SetMutualCHAPSecretEx
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.762" processorArchitecture="amd64" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
    </dependentAssembly>
  </dependency>
</assembly>PAPADDINGX
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
130405000000Z
160603235959Z0
New York1
Melville1
Falconstor Software1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
Falconstor Software0
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
AI9/wUe
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
5`Ey-C?
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
140812045749Z0#