Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: f9c02e74840e1c8deda1704cdc0e3741 --

Hashes
MD5: f9c02e74840e1c8deda1704cdc0e3741
SHA1: 85594c9559acf2a91c2edce71a004f0b9035255f
SHA256: 2b47c3f9ad347678d8fd9ffb3e17f06945b532dd983f304aafda843185bdef5a
SSDEEP: 6144:7sjIHbHtpFvkIPrU2rFWewHDbqb8DvYHXrKWguyr/3duEhISBjphj:7scbHzWpGrkdzBjPj
Details
File Type: PE32+
Yara Hits
YRP/IsPE64 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/network_tcp_socket | YRP/Str_Win32_Winsock2_Library |
Parent Files
3cfb5ac298abec347907f1e1b310ad0e
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
uKHcD$0H
IHcD$0H
9D$0~:
9D$0~:
9D$0~2H
9D$0}R
}KHcD$0H
HcL$0H
HcD$ Hi
ukHcD$ Hi
HcD$ Hi
HcD$@Hi
HcD$@Hi
HcD$@Hi
D$THcD$@Hi
HcD$@Hi
HcL$THi
HcD$@Hi
HcL$THi
tsHcD$@Hi
HcL$THi
t;HcD$@Hi
HcL$THi
vMHcD$@Hi
HcL$THi
8HcD$@Hi
HcL$THi
uQHcD$@Hi
9D$@u1L
SUVWATAUAVAWH
A_A^A]A\_^][
HcD$0Hi
HcD$0Hi
u+HcD$0Hi
HcD$0Hi
D$@HcD$0Hi
HcD$0Hi
HcL$@Hi
HcD$0Hi
HcL$@Hi
tsHcD$0Hi
HcL$@Hi
t;HcD$0Hi
HcL$@Hi
vMHcD$0Hi
HcL$@Hi
8HcD$0Hi
HcL$@Hi
uAHcD$0Hi
9D$0u,L
           
	                                                                                                      
      
         
D$09D$4
D$09D$4
D$09D$4u
D$09D$4
D$49D$8
D$09D$4
D$09D$4
D$89D$<
D$89D$<
9D$ }U
HcL$ H
D$09D$4
D$09D$4
D$49D$8
HcD$0H
SUVWATAUAVAWH
A_A^A]A\_^][
D$09D$4
D$09D$4
D$09D$4
D$09D$4
D$09D$4
D$49D$8
HcD$0H
D$09D$4
D$09D$4
D$ 9D$$
D$ HcD$(H
HcD$@H
D$09D$4
D$09D$4u
D$09D$4
D$09D$4u
D$0H9D$Xt
Hc@(Hk
|$ @}MHcD$ 
HcD$ Hi
HcD$ Hi
D$(HcD$ Hi
D$$HcD$ Hi
HcD$ Hi
HcD$ Hi
HcD$ Hi
<$@}OHc
<$@}oHc
}hHcD$ Hi
tIHcD$ Hi
HcD$ Hi
HcD$ Hi
u_HcD$ Hi
HcD$ Hi
HcD$ Hi
D$ 9D$$
@HcD$$Hi
D$ 9D$$u
H9D$0|pH
|$x0u+H
HcD$ Hi
HcL$ Hi
uXHcD$ Hi
HcD$ Hi
HHcL$ Hi
tXHcD$ Hi
HcD$ H
D$(HcL$ H
D$ HcD$ H
D$,HcL$ H
9D$ }qHcD$ Hi
HcL$ Hi
}HHcD$
~"HcD$
1HcD$ H
 HcL$$
1HcD$ H
 HcL$$
D$X9D$(v
D$p9D$,v
D$h9D$8v
D$89D$ s5
D$P9D$ s2A
WATAUH
 A]A\_
LcA<E3
bad allocation
iscsistatus.txt
localhost
VER1.0)(-=+|!$#%*S!$#%*T!$#%*O!$#%*R!$#%*I#M(A!x
c:\development\IMA\current\src\output\x64\Release\iscmccmlib.pdb
HBA_FreeLibrary
HBA_GetAdapterPortAttributes
HBA_CloseAdapter
HBA_GetAdapterAttributes
HBA_OpenAdapter
HBA_GetAdapterName
HBA_GetNumberOfAdapters
HBA_LoadLibrary
HBAAPI.dll
WS2_32.dll
GetShortPathNameW
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
KERNEL32.dll
CloseEventLog
BackupEventLogW
OpenEventLogW
ADVAPI32.dll
SANbridgeCleanup
SANbridgeDisconnect
SANbridgeGetVersion
SANConsoleGetServerInfoInt
SANbridgeGetBridgeInfo
SANbridgeConnect
SANbridgeAddClient
SANbridgeStartup
SANbridgeGetName
SANbridgeGetServerInfoNoConn
SANbridgeAddDomainClient
SANbridgeGetProtocolList
SANbridgeGetServerFeature
SANbridgeSetFCProperties
SANbridgeSetIscsiProperties
SANbridgeSetIscsiPropertiesEx
SANbridgeAddClientByConn
SANbridgeResetIscsiPassword
SANbridgeAllocDisk
SANbridgeAllocDiskForPeer
SANbridgeAllocDiskForApp
SANbridgeAllocDiskForAppEx_2
SANbridgeGetClientDeviceInfosForIMA
SANbridgeDeleteClientDeviceForIMA
SANbridgeIsLicensed3ForAgent
SANConsoleCCMClientCall
SANbridgeCheckAuthenticationDomain
SANbridgeCheckAuthentication
SANbridgeCreateSnapshotGroup
SANbridgeDeleteSnapshotGroup
SANbridgeGetSnapshotGroup
SANbridgeJoinSnapshotGroup
SANbridgeLeaveSnapshotGroup
SANbridgeEnableResourceTimemark
SANbridgeAddUserACL
SANbridgeEnableSnapshotGroupTimeMark
SANbridgeDisableSnapshotGroupTimeMark
SANbridgeGetStoragePools
SANbridgeVSSAssignToClient
SANbridgeVSSAssignToClientBySerialNumber
SANbridgeGetVSSTimeViewInquiry
SANConsoleLogout
SANConsoleAddEventLog
SANConsoleLogin
SANbridgeSetSANClientOption
SANbridgeGetSANClientOption
SANbridgeAssignDiskToClient
SANConsoleCheckLic4
emptySANLicKeycodeSumRes
SANConsoleGetServerLic4Summary
ISSvrRPC.dll
ISCMbridgeCleanup
ISCMbridgeAddClient
ISCMbridgeFindIPAddress
ISCMbridgeStartup
ISCMbridgeDisconnect
ISCMbridgeTestConnection
ISCMbridgeConnect
ISCMbridgeGetName
ISCMbridgeInitAction
ISCMbridgePeerRegisterClient
ISCMbridgePeerRegisterClient2
ISCMbridgePeerRegisterProtocol
ISCMbridgePeerGetServerList
ISCMbridgePeerRescanDisk
ISCMbridgePeerGetHostNameByIP
ISCMbridgePeerCopyFile
ISCMbridgePeerDelFile
ISCMbridgePeerResetIscsiPassword
ISCMbridgeLocalhostNotify
ISCMSvrRPC.dll
AL_iscm_util_SetProfileString
AL_sprintf
AL_iscm_util_get_cfg_path
AL_s_destroy
AL_log_write_another_file_i
AL_iscm_util_GetProfileString
AL_iscm_util_GetProfileInt
AL_iscm_util_IsFileExist
AL_strlen
AL_strcpy
AL_stricmp
AL_strdup
AL_delete_file
AL_free
AL_enum_dir_end
AL_enum_dir_next
AL_strcmp
AL_enum_dir_get
AL_enum_dir_begin
AL_malloc
AL_iscm_util_substring_list_t_free
AL_atoi
AL_iscm_util_get_substring_list_1
AL_iscm_util_QuietRunAndWait
AL_iscm_util_LaunchAppWithBuf
AL_registry_getstring
AL_strrchr
AL_strchr
AL_lock_process_close
AL_registry_putint
AL_atoi64
AL_time
AL_lock_process_unlock
AL_lock_process_lock_timeout
AL_s_arr_destroy
AL_s_append_n
AL_s_arr_get_at
AL_s_arr_parse_token
AL_get_windows_dir
AL_iscm_util_GetIMAPath
AL_system
AL_path_attributes
AL_lock_process_open
AL_registry_getint
AL_s_sprintf_i
AL_s_assign_s
AL_registry_putstring
AL_iscm_util_encrypt_string
AL_registry_putbinary
AL_strncpy
AL_resolve_address
AL_iscm_util_string2ip
AL_hostinfo_t_free
AL_get_host_info
AL_snprintf
AL_iscm_util_decrypt_string
AL_registry_getbinary
AL_strlwr
AL_registry_delvalue
AL_iscm_util_DecryptString_Old
AL_thread_wait_for_termination
AL_thread_create
AL_rescan_system_devices
AL_stat64
AL_enable_disk_cache
AL_bring_disk_online_by_diskno
AL_find_disk_by_wwid
AL_sleep
AL_iscm_util_Unicode2ANSI
AL_char_2_wchar
AL_registry_renkey
AL_registry_delkey
AL_printf
AL_iscm_util_packagefiles_t_free
AL_iscm_util_packagefiles
AL_registry_registry2file
AL_get_volume_root
AL_get_system_dir
AL_iscm_util_QuietRunAndWaitEx
AL_current_user_is_admin
AL_s_append_sprintf
AL_s_clear
AL_get_base_path
AL_format_full_path_string
AL_host_get_netbiosname
AL_attrstr_set_u32
AL_attrstr_set_str
AL_write_time_t
AL_attrstr_destroy
AL_attrstr_new
AL_attrstr_parse
AL_attrstr_save
AL_iscm_err_set_last
AL_free_bitset
AL_bitset_size
AL_bitset_odd_size
AL_clear_bit
AL_test_bit
AL_new_bitset
AL_shutdown
AL_iscm_util_str_replace_char
AL_host_get_fullname
AL_log_set_output
AL_log_add_level
AL_init
AL_close_file
AL_read_file
AL_seek_file
AL_tell_file
AL_write_file
AL_open_file
AL_realloc
al_lib_ima.dll
iSCSIMgmt_GetInitiatorName
iSCSIMgmt_IsInitiatorInstalled
iSCSIMgmt_SetMutualCHAPSecretEx
iSCSIMgmt_FreeTargetList
iSCSIMgmt_RefreshSessionStatus
iSCSIMgmt_AddTarget
iSCSIMgmt_GetPortals
iSCSIMgmt_RescanSessions
iSCSIMgmt_LoginTargetAll
iSCSIMgmt_FreePortals
iSCSIMgmt_GetTargetList
iSCSIMgmt_IsISCSIIsRunning
iSCSIMgmt_RemoveIScsiPersistentTarget
iSCSIMgmt_RemoveTarget
iSCSIMgmt_LogoutTarget
iSCSIMgmt_InitInstance
iSCSIMgmt_ExitInstance
iSCSIMgmt.dll
memcpy
memset
__CxxFrameHandler3
memcmp
strcat
strlen
strerror
_errno
printf
_snwprintf
strcpy
sprintf
_stricmp
tolower
malloc
MSVCR80.dll
_encode_pointer
_malloc_crt
_initterm
_initterm_e
_encoded_null
_decode_pointer
_amsg_exit
__C_specific_handler
__CppXcptFilter
__clean_type_info_names_internal
_unlock
__dllonexit
_onexit
DisableThreadLibraryCalls
iscmccmlib.dll
ccm_ap_appctrl_action
ccm_ap_appctrl_add_unit
ccm_ap_appctrl_add_unit_ex
ccm_ap_appctrl_clean
ccm_ap_appctrl_get_entry
ccm_ap_appctrl_get_list
ccm_ap_appctrl_get_unit_ex
ccm_ap_appctrl_get_unit_info
ccm_ap_appctrl_register
ccm_ap_appctrl_remove_unit
ccm_ap_appctrl_set_unit_info
ccm_ap_appctrl_snapshot_action
ccm_ap_appctrl_snapshot_action_with_sn
ccm_ap_get_appctrl_path
ccm_i_SNMP_send_message
ccm_i_add_user_acl
ccm_i_allocdisk
ccm_i_allocdisk_for_application
ccm_i_allocdisk_for_application_ex
ccm_i_allocdisk_for_application_ex_1
ccm_i_allocdisk_for_application_ex_2
ccm_i_allocdisk_for_peer
ccm_i_assign_disk_to_client
ccm_i_ccmcall_test
ccm_i_check_authentication
ccm_i_check_prodcut_lic4_from_server
ccm_i_create_snapshot_group
ccm_i_delete_client_devices
ccm_i_delete_snapshot_group
ccm_i_disable_snapshot_group_timeMark
ccm_i_discover_servers
ccm_i_enable_resource_timemark
ccm_i_enable_snapshot_group_timeMark
ccm_i_get_client_cluster_prop
ccm_i_get_client_devices
ccm_i_get_client_persistent_reservation_prop
ccm_i_get_fc_properties
ccm_i_get_fc_wwpnsetting_in_registry
ccm_i_get_hostname
ccm_i_get_hostname_by_bridge
ccm_i_get_hostname_ex
ccm_i_get_hostname_for_iqn
ccm_i_get_ima_config_path
ccm_i_get_ima_path
ccm_i_get_ima_properties
ccm_i_get_ima_xray
ccm_i_get_initiatorname_in_registry
ccm_i_get_iscsi_extended_setting
ccm_i_get_iscsi_properties
ccm_i_get_iscsi_target_access_mode
ccm_i_get_prodcut_lic4_summary_from_server
ccm_i_get_server_extended_flag
ccm_i_get_server_feature
ccm_i_get_server_info
ccm_i_get_server_iscsihba
ccm_i_get_server_list
ccm_i_get_server_login_user_name
ccm_i_get_server_name
ccm_i_get_server_protocollist
ccm_i_get_server_secret
ccm_i_get_server_string_value_byname
ccm_i_get_server_version
ccm_i_get_serverlist_info
ccm_i_get_snapshot_group
ccm_i_get_storage_pools
ccm_i_get_vss_timeview_inquiry
ccm_i_iscsi_is_installed
ccm_i_iscsi_is_running
ccm_i_iscsi_reset_password
ccm_i_join_snapshot_group
ccm_i_leave_snapshot_group
ccm_i_local_notify
ccm_i_peer_alloc_disk
ccm_i_peer_alloc_disk_for_app
ccm_i_peer_copy_file
ccm_i_peer_delete_file
ccm_i_peer_get_server_list
ccm_i_peer_init_action
ccm_i_peer_register_client
ccm_i_peer_register_protocol
ccm_i_peer_reset_iscsi_password
ccm_i_peer_set_secret
ccm_i_peer_test_connection
ccm_i_refresh_server_list
ccm_i_register_client
ccm_i_register_client_ex
ccm_i_register_domain_client
ccm_i_register_protocol
ccm_i_remove_server
ccm_i_remove_server_ex
ccm_i_repairconnection
ccm_i_repairconnection_by_bridge
ccm_i_request_license
ccm_i_rescan_disk_by_bridge
ccm_i_reset_secret
ccm_i_set_bluestone_protocol
ccm_i_set_client_cluster_prop
ccm_i_set_client_persistent_reservation_prop
ccm_i_set_fc_wwpnsetting_in_registry
ccm_i_set_iscsi_extended_setting
ccm_i_set_iscsi_target_access_mode
ccm_i_set_server_extended_flag
ccm_i_set_server_iscsihba
ccm_i_set_server_string_value_byname
ccm_i_test_connection
ccm_i_upgrade_iscsi_params
ccm_i_upgrade_sanclient_params
ccm_i_vss_assign_to_client
ccm_i_vss_assign_to_client_by_serial
ccm_init
ccm_uninit
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.762" processorArchitecture="amd64" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
    </dependentAssembly>
  </dependency>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
130405000000Z
160603235959Z0
New York1
Melville1
Falconstor Software1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
Falconstor Software0
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
AI9/wUe
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
y7mQ*s
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
140812045759Z0#