分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2021-04-08 22:50:11 2021-04-08 22:52:19 128 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 菠扫号PC v130.0.1.exe
文件大小 9277440 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 08136abe82e6c61991d11a1016ed9268
SHA1 017a337c1adbba179994eb60a4b939e042201088
SHA256 faac12314500069ea5c7172f10d9cf5828e53be5be0c249e7805858e924e4b79
SHA512 cd7acfdfaab97225e969651756d4513a01380a902424c63e893481e1fb572960a69acba80562b62ae9bd77129cb2f97b67610744368c4bb93b6551fd7060e9ec
CRC32 7CAFB617
Ssdeep 196608:sRh+/pjtwAcixzOi2O2wxvVoV0JVp07X8l/sWEIf:sRhwLVxzOn5wxvV9DmWEq
Yara
  • Looks for advapi API functions
  • Spotted potential abnormal behaviors, like logging and network communications
  • Spotted potential mallicious behaviors like logging and network communication
  • Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files
样本下载 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.baidu.com CNAME www.a.shifen.com
A 180.101.49.11
A 180.101.49.12
apipc.abc10010.cn CNAME apipc.abc10010.cn.cdn.dnsv1.com
A 60.174.59.174
A 122.228.0.143
CNAME 8p3ancjo.slt.sched.tdnsv8.com
A 122.246.6.14
A 117.68.66.28
A 60.167.222.35
A 180.96.32.88
A 60.174.156.19
A 180.96.32.89
A 117.68.66.27
A 58.216.107.24
A 122.228.0.170
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.202.48.81
A 23.202.48.32

摘要

C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\test\AppData\Local\Temp\ole32.DLL
C:\Windows\SysWOW64\msscript.ocx
C:\Users\test\AppData\Local\Temp\kernel32.dll
C:\Users\test\AppData\Local\Temp\advapi32.dll
C:\Windows\Fonts\staticcache.dat
C:\Users\test\AppData\Local\Temp\boluo.ini
C:\Users\test\AppData\Local\Temp\kernel32.DLL
C:\Users\test\AppData\Local\Temp\Wininet.DLL
C:\Users\test\AppData\Local\Temp\wininet.DLL
C:\Users\test\AppData\Local\Temp\Kernel32.DLL
C:\Users\test\AppData\Local\Temp\wininet.dll
C:\Users\test\AppData\Local\Temp\Ole32.DLL
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\SysWOW64\msscript.ocx
C:\Windows\Fonts\staticcache.dat
C:\Users\test\AppData\Local\Temp\boluo.ini
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\TypeLib
HKEY_CURRENT_USER\Software\Classes\TypeLib\{0E59F1D2-1FBE-11D0-8FF2-00A0D10038BC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0E59F1D2-1FBE-11D0-8FF2-00A0D10038BC}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0E59F1D2-1FBE-11D0-8FF2-00A0D10038BC}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0E59F1D2-1FBE-11D0-8FF2-00A0D10038BC}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0E59F1D2-1FBE-11D0-8FF2-00A0D10038BC}\1.0\0\win32\(Default)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_CURRENT_USER\Software\Classes\CLSID
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{F414C260-6AC0-11CF-B6D1-00AA00BBBB58}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\COM+Enabled
HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings\JITDebug
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client\DisabledByDefault
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\DisabledByDefault
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\\xe5\xbe\xae\xe8\xbd\xaf\xe9\x9b\x85\xe9\xbb\x91
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\_________PC v130.0.1.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableImprovedZoneCheck
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0E59F1D2-1FBE-11D0-8FF2-00A0D10038BC}\1.0\0\win32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\COM+Enabled
HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings\JITDebug
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableImprovedZoneCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client\DisabledByDefault
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\DisabledByDefault
kernel32.dll.IsProcessorFeaturePresent
cryptbase.dll.SystemFunction036
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
ole32.dll.CoInitialize
sxs.dll.SxsOleAut32RedirectTypeLibrary
advapi32.dll.RegOpenKeyW
advapi32.dll.RegQueryValueW
sxs.dll.SxsOleAut32MapConfiguredClsidToReferenceClsid
advapi32.dll.RegQueryValueExA
advapi32.dll.RegCloseKey
ole32.dll.CoGetObjectContext
ole32.dll.CoCreateInstance
advapi32.dll.RegCreateKeyA
kernel32.dll.OpenEventA
kernel32.dll.CreateEventA
advapi32.dll.RegOpenKeyA
kernel32.dll.RegCloseKey
advapi32.dll.RegSetValueExA
comctl32.dll.RegisterClassNameW
uxtheme.dll.EnableThemeDialogTexture
uxtheme.dll.OpenThemeData
imm32.dll.ImmIsIME
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
gdi32.dll.GetTextFaceAliasW
advapi32.dll.RegEnumValueW
advapi32.dll.RegQueryValueExW
advapi32.dll.RegEnumKeyExW
gdi32.dll.GetTextExtentExPointWPri
gdi32.dll.GetFontAssocStatus
ole32.dll.CoInitializeEx
ole32.dll.CoUninitialize
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoRevokeInitializeSpy
uxtheme.dll.BufferedPaintInit
uxtheme.dll.BeginBufferedPaint
gdi32.dll.GdiIsMetaPrintDC
uxtheme.dll.EndBufferedPaint
kernel32.dll.GetProcessHeap
wininet.dll.InternetOpenA
wininet.dll.InternetSetOptionA
kernel32.dll.HeapAlloc
wininet.dll.InternetConnectA
wininet.dll.HttpOpenRequestA
wininet.dll.HttpSendRequestA
rasapi32.dll.RasConnectionNotificationW
sechost.dll.OpenServiceA
sechost.dll.NotifyServiceStatusChangeA
wininet.dll.HttpQueryInfoA
wininet.dll.InternetReadFile
kernel32.dll.RtlMoveMemory
kernel32.dll.HeapReAlloc
wininet.dll.InternetCloseHandle
kernel32.dll.HeapFree
wininet.dll.InternetTimeToSystemTime
oleaut32.dll.#500
Local\MSCTF.Asm.MutexDefault1

PE 信息

初始地址 0x00400000
入口地址 0x00551559
声明校验值 0x00000000
实际校验值 0x008e7987
最低操作系统版本要求 4.0
编译时间 2021-04-08 09:45:38
载入哈希 8f752e1a183ad17d1718a889e746af10
图标
图标精确哈希值 6b5faf674d7981efe27193e4c51a83d9
图标相似性哈希值 0d02bfa406f7771c93143a765894c749

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x001b54ea 0x001b6000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.65
.rdata 0x001b7000 0x0039ca72 0x0039d000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.76
.data 0x00554000 0x00134c91 0x000ca000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.59
.vmp0 0x00689000 0x002a14d0 0x002a2000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 7.87
.rsrc 0x0092b000 0x0001867d 0x00019000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.57

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x0092bfac 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x0092bfac 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x0092bfac 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
WAVE 0x0092c100 0x00001448 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.35 RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 Hz
RT_CURSOR 0x0092de68 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_CURSOR 0x0092de68 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_CURSOR 0x0092de68 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_CURSOR 0x0092de68 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_CURSOR 0x0092de68 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_CURSOR 0x0092de68 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_CURSOR 0x0092de68 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_CURSOR 0x0092de68 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_CURSOR 0x0092de68 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_BITMAP 0x00930760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00930760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00930760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00930760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00930760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00930760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00930760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00930760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00930760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00930760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00930760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00930760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00930760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00930760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00930760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00930760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_ICON 0x00930cb4 0x00010828 LANG_NEUTRAL SUBLANG_NEUTRAL 3.56 data
RT_ICON 0x00930cb4 0x00010828 LANG_NEUTRAL SUBLANG_NEUTRAL 3.56 data
RT_ICON 0x00930cb4 0x00010828 LANG_NEUTRAL SUBLANG_NEUTRAL 3.56 data
RT_MENU 0x009414e8 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_MENU 0x009414e8 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_DIALOG 0x00942730 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00942730 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00942730 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00942730 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00942730 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00942730 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00942730 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00942730 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00942730 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00942730 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_STRING 0x00943178 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00943178 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00943178 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00943178 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00943178 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00943178 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00943178 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00943178 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00943178 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00943178 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00943178 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_GROUP_CURSOR 0x00943228 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x00943228 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x00943228 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x00943228 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x00943228 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x00943228 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x00943228 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x00943228 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON 0x00943274 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x00943274 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x00943274 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION 0x00943288 0x00000228 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.16 data
RT_MANIFEST 0x009434b0 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL 5.08 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: WINMM.dll:
0x5b7798 PlaySoundA
0x5b779c waveOutOpen
0x5b77a4 midiStreamOpen
0x5b77a8 midiStreamProperty
0x5b77b0 midiStreamOut
0x5b77b4 midiStreamStop
0x5b77b8 midiOutReset
0x5b77bc waveOutGetNumDevs
0x5b77c0 waveOutClose
0x5b77c4 waveOutReset
0x5b77c8 waveOutPause
0x5b77cc waveOutWrite
0x5b77d8 midiStreamClose
0x5b77dc midiStreamRestart
库: WS2_32.dll:
0x5b77f4 shutdown
0x5b77f8 getservbyname
0x5b77fc inet_addr
0x5b7800 inet_ntoa
0x5b7804 gethostbyname
0x5b7808 WSAStartup
0x5b780c WSACleanup
0x5b7810 WSAGetLastError
0x5b7814 ntohs
0x5b7818 accept
0x5b781c recv
0x5b7820 connect
0x5b7824 ioctlsocket
0x5b7828 recvfrom
0x5b782c getpeername
0x5b7830 setsockopt
0x5b7834 socket
0x5b7838 htons
0x5b783c WSAAsyncSelect
0x5b7840 closesocket
0x5b7844 send
库: MSVFW32.dll:
0x5b7458 DrawDibDraw
库: AVIFIL32.dll:
0x5b7020 AVIStreamInfoA
0x5b7024 AVIStreamGetFrame
库: KERNEL32.dll:
0x5b71e0 LocalFree
0x5b71e4 FormatMessageA
0x5b71f0 lstrcpynA
0x5b71f4 DuplicateHandle
0x5b71f8 MapViewOfFile
0x5b71fc LockFile
0x5b7200 UnlockFile
0x5b7204 SetEndOfFile
0x5b7208 GetStringTypeExA
0x5b720c GetThreadLocale
0x5b7210 lstrcmpiA
0x5b7214 GlobalDeleteAtom
0x5b7218 GlobalFindAtomA
0x5b721c GlobalAddAtomA
0x5b7220 GlobalGetAtomNameA
0x5b7224 lstrcmpA
0x5b7228 LocalAlloc
0x5b722c TlsAlloc
0x5b7230 GlobalHandle
0x5b7234 TlsFree
0x5b7238 TlsSetValue
0x5b723c LocalReAlloc
0x5b7240 TlsGetValue
0x5b7244 GetFileTime
0x5b7248 GetCurrentThread
0x5b724c GlobalFlags
0x5b7250 SetErrorMode
0x5b7254 GetProcessVersion
0x5b7258 GetCPInfo
0x5b725c GetOEMCP
0x5b7260 GetStartupInfoA
0x5b7264 RtlUnwind
0x5b7268 RaiseException
0x5b726c GetSystemTime
0x5b7270 GetLocalTime
0x5b7274 HeapSize
0x5b7278 GetACP
0x5b7290 SetHandleCount
0x5b7294 GetStdHandle
0x5b7298 GetFileType
0x5b72a0 HeapDestroy
0x5b72a4 HeapCreate
0x5b72a8 VirtualFree
0x5b72b4 LCMapStringA
0x5b72b8 LCMapStringW
0x5b72bc VirtualAlloc
0x5b72c0 IsBadWritePtr
0x5b72c8 GetStringTypeA
0x5b72cc GetStringTypeW
0x5b72d0 CompareStringA
0x5b72d4 CompareStringW
0x5b72d8 IsBadReadPtr
0x5b72dc IsBadCodePtr
0x5b72e0 IsValidLocale
0x5b72e4 IsValidCodePage
0x5b72e8 EnumSystemLocalesA
0x5b72ec SetStdHandle
0x5b72f0 GetLocaleInfoW
0x5b72f8 WaitNamedPipeA
0x5b72fc OpenFileMappingA
0x5b7300 OpenEventA
0x5b7304 UnmapViewOfFile
0x5b7308 GetVersion
0x5b730c GetLocaleInfoA
0x5b7314 SetLastError
0x5b7318 GetSystemDirectoryA
0x5b7320 TerminateProcess
0x5b7324 GetCurrentProcess
0x5b7328 GetFileSize
0x5b732c SetFilePointer
0x5b7330 CreateSemaphoreA
0x5b7334 ResumeThread
0x5b7338 ReleaseSemaphore
0x5b7344 GetProfileStringA
0x5b7348 WriteFile
0x5b7350 CreateFileA
0x5b7354 SetEvent
0x5b7358 FindResourceA
0x5b735c LoadResource
0x5b7360 LockResource
0x5b7364 ReadFile
0x5b7368 lstrlenW
0x5b736c GetModuleFileNameA
0x5b7370 WideCharToMultiByte
0x5b7374 MultiByteToWideChar
0x5b7378 GetCurrentThreadId
0x5b737c ExitProcess
0x5b7380 GlobalSize
0x5b7384 GlobalFree
0x5b7390 lstrcatA
0x5b7394 lstrlenA
0x5b7398 WinExec
0x5b739c lstrcpyA
0x5b73a0 FindNextFileA
0x5b73a4 GetDriveTypeA
0x5b73a8 GlobalReAlloc
0x5b73ac HeapFree
0x5b73b0 HeapReAlloc
0x5b73b4 GetProcessHeap
0x5b73b8 HeapAlloc
0x5b73bc GetUserDefaultLCID
0x5b73c0 GetFullPathNameA
0x5b73c4 FreeLibrary
0x5b73c8 LoadLibraryA
0x5b73cc GetLastError
0x5b73d0 GetVersionExA
0x5b73dc CreateThread
0x5b73e0 CreateEventA
0x5b73e4 Sleep
0x5b73e8 GlobalAlloc
0x5b73ec GlobalLock
0x5b73f0 GlobalUnlock
0x5b73f4 GetTempPathA
0x5b73f8 FindFirstFileA
0x5b73fc FindClose
0x5b7400 GetFileAttributesA
0x5b7404 DeleteFileA
0x5b7408 CreateDirectoryA
0x5b7418 GetModuleHandleA
0x5b741c GetProcAddress
0x5b7420 MulDiv
0x5b7424 GetCommandLineA
0x5b7428 GetTickCount
0x5b742c WaitForSingleObject
0x5b7430 CloseHandle
0x5b7434 InterlockedExchange
0x5b7438 VirtualProtect
0x5b743c VirtualQuery
0x5b7440 GetSystemInfo
0x5b7448 FlushFileBuffers
库: USER32.dll:
0x5b74dc MapDialogRect
0x5b74e4 CharNextA
0x5b74e8 GetSysColorBrush
0x5b74ec LoadStringA
0x5b74f4 SetMenuItemBitmaps
0x5b74f8 CheckMenuItem
0x5b74fc IsDialogMessageA
0x5b7500 ScrollWindowEx
0x5b7504 SendDlgItemMessageA
0x5b7508 MapWindowPoints
0x5b750c AdjustWindowRectEx
0x5b7510 ScrollWindow
0x5b7514 GetScrollInfo
0x5b7518 SetScrollInfo
0x5b751c ShowScrollBar
0x5b7520 GetScrollPos
0x5b7524 RegisterClassA
0x5b7528 CreateWindowExA
0x5b752c GetClassLongA
0x5b7530 RemovePropA
0x5b7534 GetMessageTime
0x5b7538 GetLastActivePopup
0x5b7540 GetWindowPlacement
0x5b7544 EndDialog
0x5b754c DestroyWindow
0x5b7550 EndPaint
0x5b7554 BeginPaint
0x5b7558 CharUpperA
0x5b7560 GetNextDlgTabItem
0x5b7564 GetForegroundWindow
0x5b7568 FindWindowExA
0x5b756c GetDlgItem
0x5b7570 FindWindowA
0x5b7574 GetClassNameA
0x5b7578 GetDesktopWindow
0x5b757c GetWindowTextA
0x5b7580 SetWindowTextA
0x5b7584 GetMenuItemCount
0x5b7588 GetMenuItemID
0x5b758c GetMenuStringA
0x5b7590 GetMenuState
0x5b7598 UnregisterClassA
0x5b759c GrayStringA
0x5b75a0 TabbedTextOutA
0x5b75a4 WindowFromDC
0x5b75a8 EnumChildWindows
0x5b75ac GetWindowDC
0x5b75b0 UnhookWindowsHookEx
0x5b75b4 CallNextHookEx
0x5b75b8 SetWindowsHookExA
0x5b75bc FrameRect
0x5b75c0 GetPropA
0x5b75c4 MoveWindow
0x5b75c8 CallWindowProcA
0x5b75cc SetPropA
0x5b75d0 DrawTextA
0x5b75d4 GetCursor
0x5b75d8 LoadIconA
0x5b75dc TranslateMessage
0x5b75e0 DrawFrameControl
0x5b75e4 DrawEdge
0x5b75e8 DrawFocusRect
0x5b75ec WindowFromPoint
0x5b75f0 GetMessageA
0x5b75f4 DispatchMessageA
0x5b75f8 PostThreadMessageA
0x5b7608 DrawIconEx
0x5b760c CreatePopupMenu
0x5b7610 AppendMenuA
0x5b7614 ModifyMenuA
0x5b7618 CreateMenu
0x5b7620 GetDlgCtrlID
0x5b7624 GetSubMenu
0x5b7628 EnableMenuItem
0x5b762c ClientToScreen
0x5b7634 LoadImageA
0x5b763c ShowWindow
0x5b7640 IsWindowEnabled
0x5b7648 GetKeyState
0x5b7650 PostQuitMessage
0x5b7654 IsZoomed
0x5b7658 GetClassInfoA
0x5b765c DefWindowProcA
0x5b7660 GetSystemMenu
0x5b7664 DeleteMenu
0x5b7668 GetMenu
0x5b766c SetMenu
0x5b7670 PeekMessageA
0x5b7674 IsIconic
0x5b7678 SetFocus
0x5b767c GetActiveWindow
0x5b7680 GetWindow
0x5b7688 SetWindowRgn
0x5b768c GetMessagePos
0x5b7690 ScreenToClient
0x5b7698 LoadBitmapA
0x5b769c WinHelpA
0x5b76a0 KillTimer
0x5b76a4 SetTimer
0x5b76a8 ReleaseCapture
0x5b76ac GetCapture
0x5b76b0 SetCapture
0x5b76b4 GetScrollRange
0x5b76b8 SetScrollRange
0x5b76bc SetScrollPos
0x5b76c0 SetRect
0x5b76c4 InflateRect
0x5b76c8 IntersectRect
0x5b76cc DestroyIcon
0x5b76d0 PtInRect
0x5b76d4 OffsetRect
0x5b76d8 IsWindowVisible
0x5b76dc EnableWindow
0x5b76e0 RedrawWindow
0x5b76e4 GetWindowLongA
0x5b76e8 SetWindowLongA
0x5b76ec GetSysColor
0x5b76f0 SetActiveWindow
0x5b76f4 SetCursorPos
0x5b76f8 LoadCursorA
0x5b76fc SetCursor
0x5b7700 GetDC
0x5b7704 FillRect
0x5b7708 IsRectEmpty
0x5b770c ReleaseDC
0x5b7710 IsChild
0x5b7714 TrackPopupMenu
0x5b7718 DestroyMenu
0x5b771c SetForegroundWindow
0x5b7720 GetWindowRect
0x5b7724 EqualRect
0x5b7728 UpdateWindow
0x5b772c ValidateRect
0x5b7730 InvalidateRect
0x5b7734 GetClientRect
0x5b7738 GetFocus
0x5b773c GetParent
0x5b7740 GetTopWindow
0x5b7744 PostMessageA
0x5b7748 IsWindow
0x5b774c SetParent
0x5b7750 DestroyCursor
0x5b7754 SendMessageA
0x5b7758 SetWindowPos
0x5b775c MessageBeep
0x5b7760 MessageBoxA
0x5b7764 GetCursorPos
0x5b7768 GetSystemMetrics
0x5b776c EmptyClipboard
0x5b7770 SetClipboardData
0x5b7774 OpenClipboard
0x5b7778 GetClipboardData
0x5b777c CloseClipboard
0x5b7780 wsprintfA
0x5b7784 GetNextDlgGroupItem
0x5b7788 SetRectEmpty
0x5b778c CopyRect
0x5b7790 DrawStateA
库: GDI32.dll:
0x5b7064 CreateBrushIndirect
0x5b7068 CreateDCA
0x5b7070 CreateBitmap
0x5b7074 GetPolyFillMode
0x5b7078 CreatePatternBrush
0x5b707c SelectObject
0x5b7080 CreatePen
0x5b7084 PatBlt
0x5b7088 CombineRgn
0x5b708c CreateRectRgn
0x5b7090 GetStretchBltMode
0x5b7094 FillRgn
0x5b7098 CreateSolidBrush
0x5b709c CreateFontIndirectA
0x5b70a0 GetROP2
0x5b70a4 GetStockObject
0x5b70a8 SetDIBitsToDevice
0x5b70b0 SetPolyFillMode
0x5b70b4 SetROP2
0x5b70b8 SetMapMode
0x5b70bc SetViewportOrgEx
0x5b70c0 OffsetViewportOrgEx
0x5b70c4 SetViewportExtEx
0x5b70c8 GetObjectA
0x5b70cc SetWindowExtEx
0x5b70d0 ScaleWindowExtEx
0x5b70d4 EndPage
0x5b70d8 ExcludeClipRect
0x5b70dc MoveToEx
0x5b70e0 LineTo
0x5b70e4 ExtSelectClipRgn
0x5b70e8 GetViewportExtEx
0x5b70ec GetTextMetricsA
0x5b70f0 GetMapMode
0x5b70f4 RestoreDC
0x5b70f8 SaveDC
0x5b70fc SetWindowOrgEx
0x5b7100 SetTextColor
0x5b7104 SetBkMode
0x5b7108 SetBkColor
0x5b7110 CreateDIBSection
0x5b7114 SetPixel
0x5b7118 SetStretchBltMode
0x5b711c GetClipRgn
0x5b7120 CreatePolygonRgn
0x5b7124 SelectClipRgn
0x5b7128 DeleteObject
0x5b712c CreateDIBitmap
0x5b7134 CreatePalette
0x5b7138 StretchBlt
0x5b713c SelectPalette
0x5b7140 RealizePalette
0x5b7144 GetDIBits
0x5b7148 GetWindowExtEx
0x5b714c GetViewportOrgEx
0x5b7150 GetWindowOrgEx
0x5b7154 BeginPath
0x5b7158 EndDoc
0x5b715c DeleteDC
0x5b7160 StartDocA
0x5b7164 StartPage
0x5b7168 BitBlt
0x5b716c GetPixel
0x5b7170 CreateCompatibleDC
0x5b7174 GetClipBox
0x5b7178 Escape
0x5b717c ExtTextOutA
0x5b7180 TextOutA
0x5b7184 RectVisible
0x5b7188 SetPixelV
0x5b718c Ellipse
0x5b7190 Rectangle
0x5b7194 LPtoDP
0x5b7198 DPtoLP
0x5b719c GetCurrentObject
0x5b71a0 RoundRect
0x5b71a4 PtVisible
0x5b71ac ScaleViewportExtEx
0x5b71b0 GetDeviceCaps
0x5b71b4 EndPath
0x5b71b8 PathToRegion
0x5b71bc CreateEllipticRgn
0x5b71c0 CreateRoundRectRgn
0x5b71c4 GetTextColor
0x5b71c8 GetBkMode
0x5b71cc GetBkColor
0x5b71d0 CreatePenIndirect
库: MSIMG32.dll:
0x5b7450 GradientFill
库: WINSPOOL.DRV:
0x5b77e4 ClosePrinter
0x5b77e8 DocumentPropertiesA
0x5b77ec OpenPrinterA
库: comdlg32.dll:
0x5b784c ChooseColorA
0x5b7850 ChooseFontA
0x5b7854 GetOpenFileNameA
0x5b7858 GetSaveFileNameA
0x5b785c GetFileTitleA
库: ADVAPI32.dll:
0x5b7000 RegCreateKeyExA
0x5b7004 RegQueryValueA
0x5b7008 RegSetValueExA
0x5b700c RegOpenKeyExA
0x5b7010 RegQueryValueExA
0x5b7014 RegCloseKey
0x5b7018 RegEnumValueA
库: SHELL32.dll:
0x5b74d0 Shell_NotifyIconA
0x5b74d4 ShellExecuteA
库: ole32.dll:
0x5b7864 CoRevokeClassObject
0x5b7868 OleFlushClipboard
0x5b7884 CoGetClassObject
0x5b7888 CoDisconnectObject
0x5b788c CoTaskMemFree
0x5b7890 CoTaskMemAlloc
0x5b7894 CLSIDFromProgID
0x5b7898 OleInitialize
0x5b789c OleUninitialize
0x5b78a0 CLSIDFromString
0x5b78a4 CoCreateInstance
0x5b78a8 OleRun
库: OLEAUT32.dll:
0x5b7460 SafeArrayDestroy
0x5b7464 SysAllocString
0x5b7468 VariantInit
0x5b746c VariantCopyInd
0x5b7470 SafeArrayGetElement
0x5b7474 SafeArrayAccessData
0x5b747c SafeArrayGetDim
0x5b7480 SafeArrayGetLBound
0x5b7484 SafeArrayGetUBound
0x5b7488 VariantChangeType
0x5b748c VariantClear
0x5b7490 VariantCopy
0x5b7494 UnRegisterTypeLib
0x5b749c LoadTypeLib
0x5b74a4 SafeArrayCreate
0x5b74a8 SafeArrayPutElement
0x5b74ac RegisterTypeLib
0x5b74b0 LHashValOfNameSys
0x5b74b4 SysFreeString
0x5b74c0 SysAllocStringLen
0x5b74c4 SysStringLen
库: COMCTL32.dll:
0x5b7030 ImageList_Read
0x5b7034 ImageList_Duplicate
0x5b7038 ImageList_Create
0x5b703c ImageList_Destroy
0x5b7040 ImageList_GetIcon
0x5b7050 ImageList_Draw
0x5b7054 _TrackMouseEvent
0x5b7058 ImageList_AddMasked
0x5b705c None
库: oledlg.dll:
0x5b78b0 None

.text
`.rdata
@.data
.vmp0
`.rsrc
bpCH;
_KT6#Jk
没有防病毒引擎扫描信息!

进程树


_________PC v130.0.1.exe, PID: 2612, 上一级进程 PID: 2248

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 180.101.49.12 www.baidu.com 80
192.168.122.201 50584 192.168.122.1 53
192.168.122.201 50586 23.202.48.32 acroipm.adobe.com 80
192.168.122.201 50585 60.174.156.19 apipc.abc10010.cn 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.baidu.com CNAME www.a.shifen.com
A 180.101.49.11
A 180.101.49.12
apipc.abc10010.cn CNAME apipc.abc10010.cn.cdn.dnsv1.com
A 60.174.59.174
A 122.228.0.143
CNAME 8p3ancjo.slt.sched.tdnsv8.com
A 122.246.6.14
A 117.68.66.28
A 60.167.222.35
A 180.96.32.88
A 60.174.156.19
A 180.96.32.89
A 117.68.66.27
A 58.216.107.24
A 122.228.0.170
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.202.48.81
A 23.202.48.32

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 180.101.49.12 www.baidu.com 80
192.168.122.201 50584 192.168.122.1 53
192.168.122.201 50586 23.202.48.32 acroipm.adobe.com 80
192.168.122.201 50585 60.174.156.19 apipc.abc10010.cn 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://www.baidu.com/
HEAD / HTTP/1.1
Accept: */*
Referer: http://www.baidu.com/
Accept-Language: zh-cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20100101 Firefox/18.0.1
Connection: Keep-Alive
Host: www.baidu.com
Content-Length: 0
Cache-Control: no-cache

URL专业沙箱检测 -> http://apipc.abc10010.cn/api.php?ace=mcq&acek=1660
POST /api.php?ace=mcq&acek=1660 HTTP/1.1
Accept: */*
Referer: http://apipc.abc10010.cn/api.php?ace=mcq&acek=1660
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-gb) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27
Content-Type: application/x-www-form-urlencoded
Accept-Language: zh-cn
Cookie: uti=373C3E353564
Content-Length: 73
Host: apipc.abc10010.cn
Cache-Control: no-cache

cctv=333735&mscctv=333735&tuci=3035353C20272B051800127A645F40B6B89387&yz=
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 24.034 seconds )

  • 10.724 Suricata
  • 5.736 Static
  • 3.03 NetworkAnalysis
  • 2.154 TargetInfo
  • 1.811 VirusTotal
  • 0.302 peid
  • 0.233 BehaviorAnalysis
  • 0.019 config_decoder
  • 0.012 AnalysisInfo
  • 0.011 Strings
  • 0.002 Memory

Signatures ( 43.439 seconds )

  • 41.921 network_http
  • 1.386 md_url_bl
  • 0.021 antiav_detectreg
  • 0.013 md_domain_bl
  • 0.009 infostealer_ftp
  • 0.008 api_spamming
  • 0.006 stealth_decoy_document
  • 0.006 stealth_timeout
  • 0.005 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.005 infostealer_im
  • 0.005 ransomware_files
  • 0.004 antianalysis_detectreg
  • 0.004 geodo_banking_trojan
  • 0.004 ransomware_extensions
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_mail
  • 0.002 tinba_behavior
  • 0.002 antivm_vbox_libs
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 network_torgateway
  • 0.001 rat_nanocore
  • 0.001 mimics_filetime
  • 0.001 antivm_generic_services
  • 0.001 betabot_behavior
  • 0.001 reads_self
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 exec_crash
  • 0.001 antidbg_windows
  • 0.001 cerber_behavior
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.549 seconds )

  • 0.543 ReportHTMLSummary
  • 0.006 Malheur
Task ID 628805
Mongo ID 606f18f17e769a06abeb2bed
Cuckoo release 1.4-Maldun