分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2020-09-25 17:18:52 2020-09-25 17:19:54 62 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 Hash_new_163_0918.exe
文件大小 9789440 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 21c6608dc2f49980566a3940a6c40005
SHA1 8322fce46a3c4d636102fc748f04cfeb11deee02
SHA256 6162c0635443a489509fce87e4d56a70af1452f63d8a70b20476d196422f3133
SHA512 7c07b5648f08d30673bd2a00403d0a29a1523dcd6740147f52b253d3474b797884c15a66c27bd6e94dd80e6b9ee84a69667d92b178d7fc130f177837021edaf4
CRC32 14FF9C7D
Ssdeep 196608:KqZWwUE8GEZmlJTK9bjcKxnC9bUljtDyHMdYBroqD7/FKA3wfwlWeUiZw:KqZW3EKZmlklxC9bUlBLdY8g5lwfwlWx
Yara
  • Create or check mutex
  • Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files
样本下载 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
A 104.99.238.89
CNAME a1983.dscd.akamai.net
A 104.99.238.98

摘要

C:\Windows\Fonts\staticcache.dat
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\test\AppData\Local\Temp\imageres.dll
C:\Windows\System32\imageres.dll
C:\Windows\System32\zh-CN\imageres.dll.mui
C:\Windows\sysnative\zh-CN\imageres.dll.mui
C:\Windows\System32\zh-Hans\imageres.dll.mui
C:\Windows\System32\zh\imageres.dll.mui
C:\Windows\System32\en-US\imageres.dll.mui
\Device\KsecDD
C:\Windows\Fonts\staticcache.dat
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\System32\imageres.dll
C:\Windows\System32\zh-CN\imageres.dll.mui
C:\Windows\sysnative\zh-CN\imageres.dll.mui
C:\Windows\System32\zh-Hans\imageres.dll.mui
C:\Windows\System32\zh\imageres.dll.mui
C:\Windows\System32\en-US\imageres.dll.mui
\Device\KsecDD
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\Hash_new_163_0918.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_CURRENT_USER\Software\Microsoft\CTF\LayoutIcon\0804\00000804
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
gdi32.dll.GetTextFaceAliasW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
advapi32.dll.RegQueryValueExA
advapi32.dll.RegEnumKeyExW
gdi32.dll.GetTextExtentExPointWPri
comctl32.dll.RegisterClassNameW
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
uxtheme.dll.EnableThemeDialogTexture
uxtheme.dll.OpenThemeData
ole32.dll.CoInitializeEx
ole32.dll.CoUninitialize
cryptbase.dll.SystemFunction036
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoRevokeInitializeSpy
oleaut32.dll.SysAllocString
oleaut32.dll.SysStringLen
oleaut32.dll.SysFreeString
oleaut32.dll.#500
Local\MSCTF.Asm.MutexDefault1

PE 信息

初始地址 0x00400000
入口地址 0x00dd6e21
声明校验值 0x00000000
实际校验值 0x009597a6
最低操作系统版本要求 5.0
编译时间 2020-09-18 14:08:51
载入哈希 270113278c13aa86cf8c3e1418166bf8
导出DLL库名称 \x37\x39\x31

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000b6e96 0x00000000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 0.00
.rdata 0x000b8000 0x005495c8 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 0.00
.data 0x00602000 0x0005eaa8 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.vmp0 0x00661000 0x0023b694 0x00000000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 0.00
.vmp1 0x0089d000 0x00950740 0x00951000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 7.98
.rsrc 0x011ee000 0x000087aa 0x00004000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.10

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_BITMAP 0x011f4920 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x011f4920 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x011f4920 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x011f4920 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x011f4920 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x011f4920 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x011f4920 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x011f4920 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x011f4920 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x011f4920 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x011f4920 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x011f4920 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x011f4920 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x011f4920 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x011f4920 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x011f4920 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_MENU 0x011f4a70 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_MENU 0x011f4a70 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x011f5cb8 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x011f5cb8 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x011f5cb8 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x011f5cb8 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x011f5cb8 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x011f5cb8 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x011f5cb8 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x011f5cb8 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x011f5cb8 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x011f5cb8 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x011f6700 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x011f6700 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x011f6700 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x011f6700 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x011f6700 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x011f6700 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x011f6700 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x011f6700 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x011f6700 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x011f6700 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x011f6700 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_GROUP_CURSOR 0x011f6788 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_GROUP_CURSOR 0x011f6788 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_GROUP_CURSOR 0x011f6788 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_GROUP_CURSOR 0x011f6788 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_GROUP_CURSOR 0x011f6788 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_GROUP_CURSOR 0x011f6788 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None

导入

库: KERNEL32.dll:
0xdb2000 GetCurrentThreadId
0xdb2004 WaitForSingleObject
0xdb2008 GetTickCount
0xdb200c GetCommandLineA
0xdb2010 MulDiv
0xdb2014 SetStdHandle
0xdb2018 IsBadCodePtr
0xdb201c IsBadReadPtr
0xdb2020 CompareStringW
0xdb2024 CompareStringA
0xdb202c GetStringTypeW
0xdb2030 GetStringTypeA
0xdb2034 IsBadWritePtr
0xdb2038 VirtualAlloc
0xdb203c LCMapStringW
0xdb2040 LCMapStringA
0xdb2048 VirtualFree
0xdb204c HeapCreate
0xdb2050 HeapDestroy
0xdb2058 GetFileType
0xdb205c GetStdHandle
0xdb2060 SetHandleCount
0xdb2078 GetACP
0xdb207c HeapSize
0xdb2080 TerminateProcess
0xdb2084 RaiseException
0xdb2088 GetLocalTime
0xdb208c GetSystemTime
0xdb2094 RtlUnwind
0xdb2098 GetStartupInfoA
0xdb209c GetOEMCP
0xdb20a0 GetCPInfo
0xdb20a4 GetProcessVersion
0xdb20a8 SetErrorMode
0xdb20ac GlobalFlags
0xdb20b0 GetCurrentThread
0xdb20b4 GetFileTime
0xdb20b8 GetFileSize
0xdb20bc TlsGetValue
0xdb20c0 LocalReAlloc
0xdb20c4 TlsSetValue
0xdb20c8 TlsFree
0xdb20cc GlobalHandle
0xdb20d0 TlsAlloc
0xdb20d4 LocalAlloc
0xdb20d8 lstrcmpA
0xdb20dc GetVersion
0xdb20e0 GlobalGetAtomNameA
0xdb20e4 GlobalAddAtomA
0xdb20e8 GlobalFindAtomA
0xdb20ec GlobalDeleteAtom
0xdb20f0 lstrcmpiA
0xdb20f4 SetEndOfFile
0xdb20f8 UnlockFile
0xdb20fc LockFile
0xdb2100 FlushFileBuffers
0xdb2104 SetFilePointer
0xdb2108 DuplicateHandle
0xdb210c lstrcpynA
0xdb2110 SetLastError
0xdb211c LocalFree
0xdb2128 GetProcAddress
0xdb212c GetModuleHandleA
0xdb2138 DeleteFileA
0xdb213c GetFileAttributesA
0xdb2140 FindClose
0xdb2144 FindFirstFileA
0xdb2148 GetTempPathA
0xdb214c GlobalUnlock
0xdb2150 GlobalLock
0xdb2154 GlobalAlloc
0xdb2158 Sleep
0xdb215c CreateEventA
0xdb2160 CreateThread
0xdb2168 GetVersionExA
0xdb216c GetLastError
0xdb2170 LoadLibraryA
0xdb2174 FreeLibrary
0xdb2178 GetFullPathNameA
0xdb217c HeapAlloc
0xdb2180 GetProcessHeap
0xdb2184 HeapReAlloc
0xdb2188 HeapFree
0xdb218c GlobalReAlloc
0xdb2190 FindNextFileA
0xdb2194 lstrcpyA
0xdb2198 WinExec
0xdb219c lstrlenA
0xdb21a0 SuspendThread
0xdb21a4 TerminateThread
0xdb21a8 ReleaseMutex
0xdb21ac CreateMutexA
0xdb21b0 WideCharToMultiByte
0xdb21b4 MultiByteToWideChar
0xdb21b8 GetCurrentProcess
0xdb21c0 GetSystemDirectoryA
0xdb21c4 CreateSemaphoreA
0xdb21c8 ResumeThread
0xdb21cc ReleaseSemaphore
0xdb21d8 GetProfileStringA
0xdb21dc WriteFile
0xdb21e4 lstrcatA
0xdb21f0 GlobalFree
0xdb21f4 GlobalSize
0xdb21f8 ExitProcess
0xdb21fc CloseHandle
0xdb2200 GetModuleFileNameA
0xdb2204 ReadFile
0xdb2208 LockResource
0xdb220c LoadResource
0xdb2210 FindResourceA
0xdb2214 SetEvent
0xdb2218 CreateFileA
库: USER32.dll:
0xdb2220 UnregisterClassA
0xdb2224 wsprintfA
0xdb2228 CloseClipboard
0xdb222c GetClipboardData
0xdb2230 OpenClipboard
0xdb2234 SetClipboardData
0xdb2238 EmptyClipboard
0xdb223c GetSystemMetrics
0xdb2240 GetCursorPos
0xdb2244 MessageBoxA
0xdb2248 SetWindowPos
0xdb224c SendMessageA
0xdb2250 DestroyCursor
0xdb2254 SetParent
0xdb2258 IsWindow
0xdb225c PostMessageA
0xdb2260 GetTopWindow
0xdb2264 GetParent
0xdb2268 GetFocus
0xdb226c GetClientRect
0xdb2270 InvalidateRect
0xdb2274 ValidateRect
0xdb2278 UpdateWindow
0xdb227c EqualRect
0xdb2280 GetWindowRect
0xdb2284 SetForegroundWindow
0xdb2288 DestroyMenu
0xdb228c TrackPopupMenu
0xdb2290 IsChild
0xdb2294 ReleaseDC
0xdb2298 IsRectEmpty
0xdb229c FillRect
0xdb22a0 GetDC
0xdb22a4 SetCursor
0xdb22a8 LoadCursorA
0xdb22ac SetCursorPos
0xdb22b0 SetActiveWindow
0xdb22b4 GetSysColor
0xdb22b8 SetWindowLongA
0xdb22bc GetWindowLongA
0xdb22c0 RedrawWindow
0xdb22c4 EnableWindow
0xdb22c8 IsWindowVisible
0xdb22cc OffsetRect
0xdb22d0 PtInRect
0xdb22d4 DestroyIcon
0xdb22d8 IntersectRect
0xdb22dc InflateRect
0xdb22e0 GetForegroundWindow
0xdb22e4 GetWindowTextA
0xdb22e8 SetWindowTextA
0xdb22ec GetMenuItemCount
0xdb22f0 GetMenuItemID
0xdb22f4 GetMenuStringA
0xdb22f8 GetMenuState
0xdb2300 DrawStateA
0xdb2304 GrayStringA
0xdb2308 TabbedTextOutA
0xdb230c WindowFromDC
0xdb2310 EnumChildWindows
0xdb2314 GetWindowDC
0xdb2318 UnhookWindowsHookEx
0xdb231c CallNextHookEx
0xdb2320 SetWindowsHookExA
0xdb2324 FrameRect
0xdb2328 GetPropA
0xdb232c MoveWindow
0xdb2330 CallWindowProcA
0xdb2334 SetPropA
0xdb2338 DrawTextA
0xdb233c GetCursor
0xdb2340 LoadIconA
0xdb2344 TranslateMessage
0xdb2348 DrawFrameControl
0xdb234c DrawEdge
0xdb2350 DrawFocusRect
0xdb2354 WindowFromPoint
0xdb2358 GetMessageA
0xdb235c DispatchMessageA
0xdb2360 SetRectEmpty
0xdb2370 DrawIconEx
0xdb2374 CreatePopupMenu
0xdb2378 AppendMenuA
0xdb237c ModifyMenuA
0xdb2380 CreateMenu
0xdb2388 GetDlgCtrlID
0xdb238c GetSubMenu
0xdb2390 EnableMenuItem
0xdb2394 ClientToScreen
0xdb239c LoadImageA
0xdb23a4 ShowWindow
0xdb23a8 IsWindowEnabled
0xdb23b0 GetKeyState
0xdb23b8 PostQuitMessage
0xdb23bc IsZoomed
0xdb23c0 GetClassInfoA
0xdb23c4 DefWindowProcA
0xdb23c8 GetSystemMenu
0xdb23cc DeleteMenu
0xdb23d0 GetMenu
0xdb23d4 SetMenu
0xdb23d8 PeekMessageA
0xdb23dc IsIconic
0xdb23e0 SetFocus
0xdb23e4 GetActiveWindow
0xdb23e8 GetWindow
0xdb23f0 SetWindowRgn
0xdb23f4 GetMessagePos
0xdb23f8 ScreenToClient
0xdb2400 CopyRect
0xdb2404 LoadBitmapA
0xdb2408 WinHelpA
0xdb240c KillTimer
0xdb2410 SetTimer
0xdb2418 CharUpperA
0xdb241c BeginPaint
0xdb2420 EndPaint
0xdb2424 GetDlgItem
0xdb2428 DestroyWindow
0xdb2430 EndDialog
0xdb2434 GetNextDlgTabItem
0xdb2438 GetWindowPlacement
0xdb2440 GetLastActivePopup
0xdb2444 GetMessageTime
0xdb2448 RemovePropA
0xdb244c GetClassLongA
0xdb2450 CreateWindowExA
0xdb2454 RegisterClassA
0xdb2458 GetScrollPos
0xdb245c AdjustWindowRectEx
0xdb2460 MapWindowPoints
0xdb2464 SendDlgItemMessageA
0xdb2468 ScrollWindowEx
0xdb246c IsDialogMessageA
0xdb2470 CheckMenuItem
0xdb2474 SetMenuItemBitmaps
0xdb247c GetClassNameA
0xdb2480 GetDesktopWindow
0xdb2484 LoadStringA
0xdb2488 GetSysColorBrush
0xdb248c ReleaseCapture
0xdb2490 GetCapture
0xdb2494 SetCapture
0xdb2498 GetScrollRange
0xdb249c SetScrollRange
0xdb24a0 SetScrollPos
0xdb24a4 SetRect
库: GDI32.dll:
0xdb24ac ExtSelectClipRgn
0xdb24b0 LineTo
0xdb24b4 GetViewportExtEx
0xdb24b8 GetTextMetricsA
0xdb24bc MoveToEx
0xdb24c0 ExcludeClipRect
0xdb24c4 GetClipBox
0xdb24c8 ScaleWindowExtEx
0xdb24cc SetWindowExtEx
0xdb24d0 SetPolyFillMode
0xdb24d4 SetROP2
0xdb24d8 SetMapMode
0xdb24dc SetViewportOrgEx
0xdb24e0 OffsetViewportOrgEx
0xdb24e4 SetViewportExtEx
0xdb24e8 CreateDIBitmap
0xdb24ec Escape
0xdb24f0 ExtTextOutA
0xdb24f4 TextOutA
0xdb24f8 RectVisible
0xdb24fc PtVisible
0xdb2500 CreatePenIndirect
0xdb2504 RestoreDC
0xdb2508 SaveDC
0xdb250c SetWindowOrgEx
0xdb2510 SetTextColor
0xdb2514 SetBkMode
0xdb2518 SetBkColor
0xdb2520 CreateDIBSection
0xdb2524 SetPixel
0xdb2528 ExtCreateRegion
0xdb252c SetStretchBltMode
0xdb2530 GetClipRgn
0xdb2534 CreatePolygonRgn
0xdb2538 SelectClipRgn
0xdb253c DeleteObject
0xdb2540 ScaleViewportExtEx
0xdb2548 CreatePalette
0xdb254c StretchBlt
0xdb2550 SelectPalette
0xdb2554 RealizePalette
0xdb2558 GetDIBits
0xdb255c GetWindowExtEx
0xdb2560 GetViewportOrgEx
0xdb2564 GetWindowOrgEx
0xdb2568 BeginPath
0xdb256c EndPath
0xdb2570 PathToRegion
0xdb2574 CreateEllipticRgn
0xdb2578 CreateRoundRectRgn
0xdb257c GetTextColor
0xdb2580 GetBkMode
0xdb2584 GetBkColor
0xdb2588 GetROP2
0xdb258c GetStretchBltMode
0xdb2590 GetPolyFillMode
0xdb2598 CreateDCA
0xdb259c CreateBrushIndirect
0xdb25a0 CreateBitmap
0xdb25a4 SelectObject
0xdb25a8 GetObjectA
0xdb25ac CreatePen
0xdb25b0 PatBlt
0xdb25b4 CombineRgn
0xdb25b8 CreateRectRgn
0xdb25bc FillRgn
0xdb25c0 CreateSolidBrush
0xdb25c4 GetStockObject
0xdb25c8 CreateFontIndirectA
0xdb25cc EndPage
0xdb25d0 EndDoc
0xdb25d4 DeleteDC
0xdb25d8 StartDocA
0xdb25dc StartPage
0xdb25e0 BitBlt
0xdb25e4 GetPixel
0xdb25e8 CreateCompatibleDC
0xdb25ec SetPixelV
0xdb25f0 Ellipse
0xdb25f4 Rectangle
0xdb25f8 LPtoDP
0xdb25fc DPtoLP
0xdb2600 GetCurrentObject
0xdb2604 RoundRect
0xdb260c GetDeviceCaps
库: WINMM.dll:
0xdb2614 midiStreamRestart
0xdb2618 midiStreamClose
0xdb261c midiOutReset
0xdb2620 midiStreamStop
0xdb2624 midiStreamOut
0xdb262c midiStreamProperty
0xdb2630 midiStreamOpen
0xdb2638 waveOutOpen
0xdb263c waveOutGetNumDevs
0xdb2640 waveOutClose
0xdb2644 waveOutReset
0xdb2648 waveOutPause
0xdb264c waveOutWrite
0xdb2658 waveOutRestart
库: MSIMG32.dll:
0xdb2660 GradientFill
库: WINSPOOL.DRV:
0xdb2668 ClosePrinter
0xdb266c DocumentPropertiesA
0xdb2670 OpenPrinterA
库: ADVAPI32.dll:
0xdb2678 RegCreateKeyExA
0xdb267c RegCloseKey
0xdb2680 RegOpenKeyExA
0xdb2684 RegSetValueExA
0xdb2688 RegQueryValueA
库: SHELL32.dll:
0xdb2694 Shell_NotifyIconA
0xdb2698 ShellExecuteA
库: ole32.dll:
0xdb26a0 OleInitialize
0xdb26a4 OleUninitialize
0xdb26a8 CLSIDFromString
库: OLEAUT32.dll:
0xdb26b0 LoadTypeLib
0xdb26b4 RegisterTypeLib
0xdb26b8 UnRegisterTypeLib
库: COMCTL32.dll:
0xdb26c0 ImageList_GetIcon
0xdb26d0 ImageList_Draw
0xdb26d4 _TrackMouseEvent
0xdb26d8 ImageList_AddMasked
0xdb26dc None
0xdb26e0 ImageList_Destroy
0xdb26e4 ImageList_Create
0xdb26e8 ImageList_Read
0xdb26f0 ImageList_Duplicate
库: WS2_32.dll:
0xdb26f8 accept
0xdb26fc getpeername
0xdb2700 recv
0xdb2704 ioctlsocket
0xdb2708 recvfrom
0xdb270c WSAAsyncSelect
0xdb2710 closesocket
0xdb2714 WSACleanup
0xdb2718 inet_ntoa
0xdb271c ntohl
库: comdlg32.dll:
0xdb2724 GetFileTitleA
0xdb2728 GetSaveFileNameA
0xdb272c GetOpenFileNameA
0xdb2730 ChooseColorA
库: WTSAPI32.dll:
0xdb2738 WTSSendMessageW
库: KERNEL32.dll:
0xdb2740 VirtualQuery
0xdb2748 GetModuleHandleA
0xdb274c CreateEventA
0xdb2750 GetModuleFileNameW
0xdb2754 LoadLibraryA
0xdb2758 TerminateProcess
0xdb275c GetCurrentProcess
0xdb2764 Thread32First
0xdb2768 GetCurrentProcessId
0xdb276c GetCurrentThreadId
0xdb2770 OpenThread
0xdb2774 Thread32Next
0xdb2778 CloseHandle
0xdb277c SuspendThread
0xdb2780 ResumeThread
0xdb2784 WriteProcessMemory
0xdb2788 GetSystemInfo
0xdb278c VirtualAlloc
0xdb2790 VirtualProtect
0xdb2794 VirtualFree
0xdb27a0 GetCurrentThread
0xdb27a8 Sleep
0xdb27ac FreeLibrary
0xdb27b0 GetTickCount
0xdb27bc GlobalFree
0xdb27c0 LocalAlloc
0xdb27c4 LocalFree
0xdb27c8 GetProcAddress
0xdb27cc ExitProcess
0xdb27e0 GetModuleHandleW
0xdb27e4 LoadResource
0xdb27e8 MultiByteToWideChar
0xdb27ec FindResourceExW
0xdb27f0 FindResourceExA
0xdb27f4 WideCharToMultiByte
0xdb27f8 GetThreadLocale
0xdb27fc GetUserDefaultLCID
0xdb2804 EnumResourceNamesA
0xdb2808 EnumResourceNamesW
0xdb2814 EnumResourceTypesA
0xdb2818 EnumResourceTypesW
0xdb281c CreateFileW
0xdb2820 LoadLibraryW
0xdb2824 GetLastError
0xdb2828 FlushFileBuffers
0xdb282c CreateFileA
0xdb2830 WriteConsoleW
0xdb2834 GetConsoleOutputCP
0xdb2838 WriteConsoleA
0xdb283c GetCommandLineA
0xdb2840 RaiseException
0xdb2844 RtlUnwind
0xdb2848 HeapFree
0xdb284c GetCPInfo
0xdb2858 GetACP
0xdb285c GetOEMCP
0xdb2860 IsValidCodePage
0xdb2864 TlsGetValue
0xdb2868 TlsAlloc
0xdb286c TlsSetValue
0xdb2870 TlsFree
0xdb2874 SetLastError
0xdb2880 IsDebuggerPresent
0xdb2884 HeapAlloc
0xdb2888 LCMapStringA
0xdb288c LCMapStringW
0xdb2890 SetHandleCount
0xdb2894 GetStdHandle
0xdb2898 GetFileType
0xdb289c GetStartupInfoA
0xdb28a0 GetModuleFileNameA
0xdb28b4 HeapCreate
0xdb28b8 HeapDestroy
0xdb28c0 HeapReAlloc
0xdb28c4 GetStringTypeA
0xdb28c8 GetStringTypeW
0xdb28cc GetLocaleInfoA
0xdb28d0 HeapSize
0xdb28d4 WriteFile
0xdb28d8 SetFilePointer
0xdb28dc GetConsoleCP
0xdb28e0 GetConsoleMode
0xdb28e8 SetStdHandle
库: USER32.dll:
0xdb28f8 CharUpperBuffW
0xdb28fc MessageBoxW
库: KERNEL32.dll:
0xdb2904 LocalAlloc
0xdb2908 LocalFree
0xdb290c GetModuleFileNameW
0xdb291c Sleep
0xdb2920 ExitProcess
0xdb2924 FreeLibrary
0xdb2928 LoadLibraryA
0xdb292c GetModuleHandleA
0xdb2930 GetProcAddress
库: USER32.dll:

.text
`.rdata
@.data
.vmp0
`.vmp1
`.rsrc
CreateEllipticRgn
LoadResource
GetDC
midiStreamProperty
WriteFile
WideCharToMultiByte
KERNEL32.dll
GetTickCount
GetCurrentObject
SetPolyFillMode
RaiseException
GetScrollRange
_TrackMouseEvent
SetParent
ExitProcess
GlobalGetAtomNameA
Q_Ej%S
GetEnvironmentStrings
GetFocus
CloseClipboard
GetLocaleInfoA
LockFile
WinExec
CreateBitmap
SetEvent
CheckMenuItem
SetViewportOrgEx
SHELL32.dll
GetClipboardData
TranslateMessage
EnumResourceTypesW
TlsSetValue
SetROP2
ExitProcess
WinHelpA
GetCapture
CreateFontIndirectA
waveOutClose
GetCurrentThread
GetFileAttributesA
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav W32.AIDetectVM.malware1 20200919
Elastic malicious (high confidence) 20200917
DrWeb 未发现病毒 20200920
MicroWorld-eScan Gen:Variant.Ursu.617261 20200919
CMC 未发现病毒 20200919
CAT-QuickHeal 未发现病毒 20200919
McAfee 未发现病毒 20200919
Cylance Unsafe 20200920
Zillya 未发现病毒 20200919
SUPERAntiSpyware 未发现病毒 20200918
Sangfor 未发现病毒 20200814
K7AntiVirus Unwanted-Program ( 004eb1401 ) 20200920
Alibaba 未发现病毒 20190527
K7GW Unwanted-Program ( 004eb1401 ) 20200920
Cybereason 未发现病毒 20190616
Invincea Generic ML PUA (PUA) 20200920
BitDefenderTheta Gen:NN.ZexaF.34254.@B0@a43sgSfH 20200918
Cyren 未发现病毒 20200920
Symantec ML.Attribute.HighConfidence 20200919
TotalDefense 未发现病毒 20200919
Zoner 未发现病毒 20200919
TrendMicro-HouseCall 未发现病毒 20200920
Avast 未发现病毒 20200920
Cynet Malicious (score: 100) 20200917
Kaspersky 未发现病毒 20200919
BitDefender Gen:Variant.Ursu.617261 20200920
NANO-Antivirus 未发现病毒 20200920
Paloalto 未发现病毒 20200920
ViRobot 未发现病毒 20200919
Tencent Win32.Trojan.Suspicious.Hqvm 20200920
Ad-Aware Gen:Variant.Ursu.617261 20200919
Comodo 未发现病毒 20200919
F-Secure Heuristic.HEUR/AGEN.1135703 20200920
Baidu 未发现病毒 20190318
VIPRE 未发现病毒 20200920
TrendMicro 未发现病毒 20200920
FireEye Generic.mg.21c6608dc2f49980 20200919
Sophos 未发现病毒 20200920
Ikarus Trojan.Win32.Krypt 20200919
Jiangmin 未发现病毒 20200919
eGambit Unsafe.AI_Score_99% 20200920
Avira HEUR/AGEN.1135703 20200920
MAX malware (ai score=89) 20200920
Antiy-AVL 未发现病毒 20200919
Kingsoft 未发现病毒 20200920
Microsoft Trojan:Win32/Wacatac.D6!ml 20200920
Arcabit Trojan.Ursu.D96B2D 20200919
AegisLab 未发现病毒 20200920
ZoneAlarm 未发现病毒 20200919
GData Gen:Variant.Ursu.617261 20200920
AhnLab-V3 未发现病毒 20200919
Acronis suspicious 20200917
ALYac Gen:Variant.Ursu.617261 20200919
TACHYON 未发现病毒 20200920
VBA32 未发现病毒 20200918
Malwarebytes 未发现病毒 20200919
APEX Malicious 20200919
ESET-NOD32 a variant of Win32/GenKryptik.DHCY 20200919
Rising Trojan.Generic@ML.100 (RDML:SbcRBW9gt7XadXlGtenkDw) 20200919
Yandex 未发现病毒 20200911
SentinelOne DFI - Malicious PE 20200724
MaxSecure Trojan.Malware.300983.susgen 20200919
Fortinet W32/GenKryptik.DLII!tr 20200920
Webroot 未发现病毒 20200920
AVG FileRepMalware 20200920
Panda 未发现病毒 20200919
CrowdStrike win/malicious_confidence_90% (W) 20190702
Qihoo-360 Generic/HEUR/QVM19.1.018A.Malware.Gen 20200920

进程树


Hash_new_163_0918.exe, PID: 2480, 上一级进程 PID: 2168

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49158 104.99.238.98 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63282 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
A 104.99.238.89
CNAME a1983.dscd.akamai.net
A 104.99.238.98

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49158 104.99.238.98 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63282 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 48.942 seconds )

  • 26.974 Static
  • 15.456 Suricata
  • 2.663 TargetInfo
  • 2.184 VirusTotal
  • 0.97 NetworkAnalysis
  • 0.454 peid
  • 0.099 BehaviorAnalysis
  • 0.092 AnalysisInfo
  • 0.031 config_decoder
  • 0.016 Strings
  • 0.003 Memory

Signatures ( 2.019 seconds )

  • 1.847 md_url_bl
  • 0.026 antiav_detectreg
  • 0.023 md_domain_bl
  • 0.011 infostealer_ftp
  • 0.007 anomaly_persistence_autorun
  • 0.007 antiav_detectfile
  • 0.007 infostealer_im
  • 0.006 geodo_banking_trojan
  • 0.006 ransomware_files
  • 0.005 antianalysis_detectreg
  • 0.005 infostealer_bitcoin
  • 0.005 ransomware_extensions
  • 0.004 api_spamming
  • 0.004 infostealer_mail
  • 0.004 network_http
  • 0.003 tinba_behavior
  • 0.003 stealth_decoy_document
  • 0.003 stealth_timeout
  • 0.003 antivm_vbox_files
  • 0.003 disables_browser_warn
  • 0.003 network_torgateway
  • 0.002 rat_nanocore
  • 0.002 betabot_behavior
  • 0.002 cerber_behavior
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.002 md_bad_drop
  • 0.002 network_cnc_http
  • 0.001 mimics_filetime
  • 0.001 ursnif_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_network_blacklist
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.859 seconds )

  • 0.818 ReportHTMLSummary
  • 0.041 Malheur
Task ID 577668
Mongo ID 5f6db6802f8f2e0ab552cf61
Cuckoo release 1.4-Maldun