Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: ef011345f38a14dfa5b20d4bcb4dadf2 --

Hashes
MD5: ef011345f38a14dfa5b20d4bcb4dadf2
SHA1: 470ca09eb73f1a388674cb5857f59dcecc2b4c0a
SHA256: 73da39c03d18579a99679121d1566a14b42c6e4c94022866df8f0fce0238d683
SSDEEP: 384:ZH/AaJwft5pG6KqTC41ViWxoB18oDQQlzrzJPGFJ6Nh3LA9yHm1mwJtUk54EwPE8:kft9CaViL18MzrFPw0w2aRLQn8qBIu
Details
File Type: PE32+
Yara Hits
YRP/IsPE64 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/anti_dbg |
Parent Files
3cfb5ac298abec347907f1e1b310ad0e
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
D$8H9D$0t
D$PH9D$ s
H9D$8sRH
D$8H9D$0t
WATAUH
 A]A\_
LcA<E3
bad allocation
c:\development\IMA\current\src\output\x64\Release\ccmhostpublic.pdb
?get_uid_hash@ch_trans_connection_rpc@@QEAAEVAL_string@@PEAE@Z
?execute_remote_api@ch_trans_connection_rpc@@UEAA?AVch_base_error@@AEBVAL_string@@PEAV3@@Z
?connect@ch_trans_connection_rpc@@QEAA?AVch_base_error@@AEBVAL_string@@@Z
?connect@ch_trans_connection_rpc@@QEAA?AVch_base_error@@XZ
??1ch_trans_connection_rpc@@UEAA@XZ
??0ch_trans_connection_rpc@@QEAA@XZ
?shutdown@ch_trans_module@@SAXXZ
?init@ch_trans_module@@SAXXZ
ccmhosttrans.dll
AL_s_swap
AL_s_arr_count
AL_log2_format_message_args
AL_s_assign_s
AL_atomic_inc_32
AL_s_bin2hex
AL_s_append_n
AL_malloc
AL_log2_set_level
AL_hex2bin
AL_shutdown
AL_xml_create
AL_log2_format_message_another_file_args
AL_log2_get_level
AL_init
AL_strcmp
AL_s_append_sprintf_i
AL_s_arr_get_at
AL_s_clear
AL_log2_is_trace_function_included
AL_atomic_dec_32
AL_free
AL_s_destroy
AL_log2_write
AL_xml_parse_str
AL_s_arr_destroy
AL_s_arr_reserve
AL_s_arr_append
AL_stricmp
AL_registry_get_uint32
AL_strlen
al_lib_ima.dll
?shutdown@ch_config_module@@SAXXZ
?set_server@ch_config_conf@@QEAA?AVch_base_error@@AEBVch_config_server@@@Z
?init@ch_config_module@@SAXXZ
?get_server@ch_config_conf@@QEBA?AVch_base_error@@PEAVch_config_server@@@Z
?set_host_id@ch_config_conf@@QEAA?AVch_base_error@@AEBVAL_string@@@Z
?get_host_id@ch_config_conf@@QEBA?AVch_base_error@@PEAVAL_string@@@Z
??1ch_config_server@@UEAA@XZ
?get_instance@ch_config_conf@@SAPEBV1@XZ
?clear@ch_config_server@@QEAAXXZ
??0ch_config_server@@QEAA@XZ
ccmhostconfig.dll
?log_instance@ch_base_module@@SAPEAXXZ
?shutdown@ch_base_module@@SAXXZ
?init@ch_base_module@@SAXXZ
?to_xml@ch_base_object_xml@@QEBA?AVAL_string@@I@Z
?to_str@ch_base_object@@QEBA?AVAL_string@@XZ
?to_str@ch_base_error@@QEBA?AVAL_string@@XZ
??4ch_base_error@@QEAAAEAV0@AEBV0@@Z
??4ch_base_error@@QEAAAEAV0@H@Z
?get_error_msg@ch_base_error@@QEBA?AVAL_string@@XZ
?get_error_code@ch_base_error@@QEBAHXZ
?set_ok@ch_base_error@@QEAAAEAV1@XZ
?is_ok@ch_base_error@@QEBA_NXZ
??0ch_base_error@@QEAA@AEBV0@@Z
??0ch_base_error@@QEAA@H@Z
ccmhostbase.dll
?call_client_appctrl@ch_private_host_service@@QEAAXV?$AL_smart_ptr_share@VAL_xml_node@@@@V2@@Z
?delete_client_policy@ch_private_host_service@@QEAAXV?$AL_smart_ptr_share@VAL_xml_node@@@@V2@@Z
?set_client_policy@ch_private_host_service@@QEAAXV?$AL_smart_ptr_share@VAL_xml_node@@@@V2@@Z
?stop_service@ch_private_host_service@@QEAA?AVch_base_error@@XZ
?start_service@ch_private_host_service@@QEAA?AVch_base_error@@XZ
?get_instance@ch_private_host_service@@SAPEBV1@XZ
?stop_rerfesh_thread@ch_private_data_center@@QEAA?AVch_base_error@@XZ
?start_refresh_thread@ch_private_data_center@@QEAA?AVch_base_error@@XZ
?get_instance@ch_private_data_center@@SAPEBV1@XZ
?parse_reply_error@ch_private_module@@SA?AVch_base_error@@AEBVAL_string@@PEAHPEAV3@@Z
?delete_client_xml@ch_private_module@@SA?AVch_base_error@@PEAVAL_string@@@Z
?pack_request_xml@ch_private_module@@SA?AVch_base_error@@AEBVAL_string@@0PEAV3@@Z
?parse_set_client_output@ch_private_module@@SA?AVch_base_error@@AEBVAL_string@@PEAV3@PEAVch_config_server@@@Z
?pack_set_deployment_status@ch_private_module@@SA?AVch_base_error@@AEBVAL_string@@PEAV3@@Z
?pack_send_report_raw_data@ch_private_module@@SA?AVch_base_error@@AEBVAL_string@@0PEAV3@@Z
?get_client_info@ch_private_module@@SA?AVch_base_error@@PEAVAL_string@@@Z
?shutdown@ch_private_module@@SAXXZ
?init@ch_private_module@@SAXXZ
ccmhostprivate.dll
memcmp
memset
MSVCR80.dll
_encode_pointer
_malloc_crt
_initterm
_initterm_e
_encoded_null
_decode_pointer
_amsg_exit
__C_specific_handler
__CppXcptFilter
__crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_onexit
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
KERNEL32.dll
__CxxFrameHandler3
ccmhostpublic.dll
ch_public_destroy_al_string_t
ch_public_execute_api
ch_public_free_memory
ch_public_get_host_id
ch_public_get_secret_by_server_address
ch_public_get_secret_by_session_hash
ch_public_get_server
ch_public_init
ch_public_register_server
ch_public_send_report_raw_data
ch_public_set_deployment_status
ch_public_set_verbose_mode
ch_public_shutdown
ch_public_start_host_service
ch_public_stop_host_service
ch_public_unregister_server
ch_public_upgrade_ccm_client
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.762" processorArchitecture="amd64" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
    </dependentAssembly>
  </dependency>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
130405000000Z
160603235959Z0
New York1
Melville1
Falconstor Software1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
Falconstor Software0
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
AI9/wUe
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
140812045809Z0#