Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: b67ec5dc9996ba30930f7ec4f0f74f14 --

Hashes
MD5: b67ec5dc9996ba30930f7ec4f0f74f14
SHA1: 7af2d494114e8c0304d47584a95651601bae82ec
SHA256: 956dba9b97fc90b2d0bb83cac557c2b7e1ed5084949183ecf74258d68a004c47
SSDEEP: 1536:4o/2Lhvl+q+u9k3diT4C3LNwwBKVARd4iMdsEnWs54XT/WKqP8:l2dl4diTNNh9CtR3CaKqP
Details
File Type: PE32
Yara Hits
YRP/ASPack_v2001_Alexey_Solodovnikov | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/ASPack_v10804_additional | YRP/ASPack_v10804_Hint_WIN_EP | YRP/ASPack_v2000 | YRP/ASPack_v2001 | YRP/ASPackv2001AlexeySolodovnikov | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/suspicious_packer_section |
Source
http://103.68.190.250/Sources//Advance/WndRec/output/RecvFiles/bktest070AF94CB6AC85282/CBankClient/SYSTEM/cr_msapi.dll
Strings
		This program must be run under Win32
.idata
.edata
.reloc
.aspack
:AbID. 
H*A$dV
Y29~v?:
+6%"Zu
]4E| :
M>30-%
lkK{N"x
|0wb5{
M+DpI=
vePhn.
B7HKaJl
%fT"HHdO
+o3EZ\
wjJzeI
Dpe9krC]
NVV+IQ
u"5Jr9
]d2Zu7
TJ9g^x
J0o6'9
U!o_6W
_.7? r:
L[CUmt
'c^?]2
{"sJ!Rw'%
Wn(+H$
02_/uk	
SaEwQJR0
t{nHA=
;c#aHQ1j
P}EE)x
Lgf3'qT
R%ys:"k
9wiQREs
GUC#Cg
ZD(a99
(%Y}]@b
0"{$q5
` -vgi)
k}R}y4
m60G,f
5mK.oL
P4+u&o%
g),tv:C
2_Z;fL
Ku8f;hjd
`5n(I+
0*PHG@
E	@*HT
JL#Fwnn:
:xfL,d
db3"u&C /`
\g.\~r|:
pm~x=7=
) 6!i lb
QhLf2g
"!66*C
kH#_G$
X`+|'c
juBR;DV
7kBO<~A
f"ectD
wAZ $_-
oI6gn1J
^,BM9E
iAvYR|k
[U(pVH
A-4?o,
o2j81j
tP"Pec
mAy{9D
m?fKs,
7;2{#jZv
w<j""i
E8wEco
U"^EW	
8+cqLpaW7Lqy>
l(jzn.
P?'}TQF;
,fOqCA?
+coyVE
!*j%R%
rsXLJua
vH'$e=
ds8zTJx
7Q/4?>
4i|,!N
oW5 "a{
4(^2ua
Bj_LTn
p	7q	*
aOWnenm?9
KW(2@*(F
(o\m_K
URNQT	T
>"H\8k
Y 2jX.
>X?be,wm
g^TlVNo
>~G?s[
vmX/cc
SPVG'aik
V@v@'T
[b/{@9
yM?Vn\
lUMx`	
Y<G'Mz\
3h24vRF
,erQ&Q
l;XvS<T
.||dD.x
:KRbDm
Yp^BJe
O9\R?V
g6`F`H
?Vv*tck86
LdF(bS
Lw[:>>}
,ev f~
pUt< p
1{sT-'
Im brT
Z8=9aK
(`*:`?
P{&bREX~}F
lcs/Lq
a5"	j[
QTUq{$jF(Md
cr_msapi.dll
AddSign
CertAndRequestTransferMatch
ClearCash
ConvertTransferToSignedRequest
CreateDirStructure
DecodeData
DoneEngine
EncodeData
ExcludeSelfPublicKeyTransfer
GenerateNewSEK
GenerateNewSSK
GetCryptObj
GetCryptoErrorString
GetCryptoParamName
GetCryptoParamNumber
GetCryptoParamValue
GetCurrentUserUID
GetEncodeUIDBySignUID
GetLastErrorMessage
GetMaxAdditionEx
GetMaxCryptoParamNameLength
GetMaxCryptoParamValueLength
GetMaxEncodeAddition
GetMaxErrorStringLength
GetMaxFilePathLength
GetMaxPasswordLength
GetMaxPublicKeyPropertiesLength
GetMaxPublicKeyTransferSize
GetMaxReportSize
GetMaxSignAddition
GetMaxSignatureLength
GetMaxUIDLength
GetParamInfo
GetPublicKeyProperties
GetPublicKeyPropertiesByFile
GetPublicKeyPropertiesByTransfer
GetPublicKeyTransfer
GetPublicKeyTransferByFile
GetPureSign
GetRemoteGenType
GetReport
GetUIDByCertIdent
GetUIDByPublicKeyTransfer
HashData
IncludeCACertificateFromTransfer
IncludeCRL
IncludePublicEncodeKey
IncludePublicKey
IncludePublicKeyTransfer
InstallCertsInMyStore
IsDifferentKeys
RegisterOIDInfo
RemoteGenerateFinish
RemoteGenerateFinishEx
RemoteGenerateStart
RemoteGenerateStartEx
RemoveCertificate
RemoveSign
RemoveSignaturesFromFile
SavePublicKeyFromTransfer
SaveSignedDataToFile
SetCryptoParamValue
SetPasswordRequestFunc
SetRemoteGeneratePath
SetRootPath
SetTMRequestFunc
ShowCertificate
SignData
SignFile
TransPrivateKeyFromFileToTM
TransSignatureFromFileToTM
UpdateCertificateCash
VerifyData
VerifyFile
VerifySignWOCheckValidity
!	t'tL	0
gzEY%r
+ZQIx)\G
H.NWnA
u	4=D=
xv33p#
[I(d/n`
7Yj^Qo
'rd=UzB
Q(Zjyf
4BR	I%-
:	Vc.Hwo3<
m[XQjq
19N7mzx
Ba"[r8
 (08@P`p
kernel32.dll
VirtualAlloc
VirtualFree
VirtualProtect
ExitProcess
user32.dll
MessageBoxA
wsprintfA
LOADER ERROR
The procedure entry point %s could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
kernel32.dll
GetProcAddress
GetModuleHandleA
LoadLibraryA
user32.dll
advapi32.dll
oleaut32.dll
user32.dll
GetKeyboardType
RegQueryValueExA
VariantChangeTypeEx
MessageBoxA