分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2024-04-18 14:22:12 | 2024-04-18 14:22:52 | 40 秒 |
魔盾分数
10.0
危险的
文件详细信息
| 文件名 | Utilman.exe |
|---|---|
| 文件大小 | 1402880 字节 |
| 文件类型 | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 32c5ee55eadfc071e57851e26ac98477 |
| SHA1 | 8f8d0aee344e152424143da49ce2c7badabb8f9d |
| SHA256 | 7ca90616e68bc851f14658a366d80f21ddb7a7dd8a866049e54651158784a9ea |
| SHA512 | e0943efa81f3087c84a5909c72a436671ee8cc3cc80154901430e83ec7966aac800ad4b26f4a174a0071da617c0982ceda584686c6e2056e1a83e864aca6c975 |
| CRC32 | A759AAFA |
| Ssdeep | 12288:OfZpLFc6AYSYZrQLvhxjmNnqltWRC/Ny+zphFKeuM4CKB7u:OfZRAY9lQFkNqi0cKphF0CKB |
| Yara | 登录查看Yara规则 |
| 找不到该样本 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x100000000 |
|---|---|
| 入口地址 | 0x10000a910 |
| 声明校验值 | 0x00162279 |
| 实际校验值 | 0x00162279 |
| 最低操作系统版本要求 | 6.1 |
| PDB路径 | Utilman.pdb |
| 编译时间 | 2009-07-14 08:33:49 |
| 载入哈希 | 9d074048728c033fac31a335161e445c |
| 图标 |  |
| 图标精确哈希值 | dd12b375b19f86bde19ad97548917842 |
| 图标相似性哈希值 | 4e04232c1a0cbdc847b154db9744f8a8 |
版本信息
| LegalCopyright | |
|---|---|
| InternalName | |
| FileVersion | |
| CompanyName | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| OriginalFilename | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x0000d30c | 0x0000d400 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.23 |
| .data | 0x0000f000 | 0x00000c38 | 0x00000600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 1.77 |
| .pdata | 0x00010000 | 0x000006cc | 0x00000800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 3.92 |
| .rsrc | 0x00011000 | 0x00147660 | 0x00147800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.52 |
| .reloc | 0x00159000 | 0x000009cc | 0x00000a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 1.17 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| MUI | 0x00158580 | 0x000000e0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.73 | data |
| UIFILE | 0x00156858 | 0x00001871 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.22 | HTML document, ASCII text, with CRLF line terminators |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00156260 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.50 | GLS_BINARY_LSB_FIRST |
| RT_GROUP_ICON | 0x00121e30 | 0x0000018e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.59 | MS Windows icon resource - 28 icons, 96x96, 16 colors |
| RT_GROUP_ICON | 0x00121e30 | 0x0000018e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.59 | MS Windows icon resource - 28 icons, 96x96, 16 colors |
| RT_GROUP_ICON | 0x00121e30 | 0x0000018e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.59 | MS Windows icon resource - 28 icons, 96x96, 16 colors |
| RT_GROUP_ICON | 0x00121e30 | 0x0000018e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.59 | MS Windows icon resource - 28 icons, 96x96, 16 colors |
| RT_GROUP_ICON | 0x00121e30 | 0x0000018e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.59 | MS Windows icon resource - 28 icons, 96x96, 16 colors |
| RT_GROUP_ICON | 0x00121e30 | 0x0000018e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.59 | MS Windows icon resource - 28 icons, 96x96, 16 colors |
| RT_GROUP_ICON | 0x00121e30 | 0x0000018e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.59 | MS Windows icon resource - 28 icons, 96x96, 16 colors |
| RT_VERSION | 0x00013400 | 0x0000038c | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.56 | DOS executable (COM) |
| RT_MANIFEST | 0x001580d0 | 0x000004b0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.75 | XML 1.0 document text |
导入
库: ADVAPI32.dll:
• 0x100001000 GetTraceLoggerHandle
• 0x100001008 GetTraceEnableLevel
• 0x100001010 GetTraceEnableFlags
• 0x100001018 RegisterTraceGuidsW
• 0x100001020 UnregisterTraceGuids
• 0x100001028 TraceMessage
• 0x100001030 AllocateAndInitializeSid
• 0x100001038 CheckTokenMembership
• 0x100001040 FreeSid
• 0x100001048 RegCloseKey
• 0x100001050 RegOpenKeyExW
• 0x100001058 RegQueryValueExW
• 0x100001060 RegSetValueExW
• 0x100001068 EventRegister
• 0x100001070 EventWrite
• 0x100001078 RegEnumValueW
• 0x100001080 EventUnregister
• 0x100001088 RegLoadMUIStringW
• 0x100001090 RegCreateKeyExW
• 0x100001098 RegEnumKeyExW
库: KERNEL32.dll:
• 0x1000013a0 ExpandEnvironmentStringsW
• 0x1000013a8 FindResourceExW
• 0x1000013b0 FindResourceW
• 0x1000013b8 LoadResource
• 0x1000013c0 GetThreadUILanguage
• 0x1000013c8 DeleteFileW
• 0x1000013d0 GetFileAttributesW
• 0x1000013d8 UnhandledExceptionFilter
• 0x1000013e0 TerminateProcess
• 0x1000013e8 GetSystemTimeAsFileTime
• 0x1000013f0 GetCurrentThreadId
• 0x1000013f8 GetTickCount
• 0x100001400 QueryPerformanceCounter
• 0x100001408 SetUnhandledExceptionFilter
• 0x100001410 GetStartupInfoW
• 0x100001418 GetLastError
• 0x100001420 MultiByteToWideChar
• 0x100001428 HeapSize
• 0x100001430 HeapReAlloc
• 0x100001438 HeapFree
• 0x100001440 HeapDestroy
• 0x100001448 GetVersionExA
• 0x100001450 DeleteCriticalSection
• 0x100001458 InitializeCriticalSection
• 0x100001460 LeaveCriticalSection
• 0x100001468 EnterCriticalSection
• 0x100001470 RaiseException
• 0x100001478 lstrlenW
• 0x100001480 K32EnumProcesses
• 0x100001488 GetCurrentProcessId
• 0x100001490 ProcessIdToSessionId
• 0x100001498 OpenProcess
• 0x1000014a0 K32EnumProcessModules
• 0x1000014a8 K32GetModuleBaseNameW
• 0x1000014b0 CloseHandle
• 0x1000014b8 Sleep
• 0x1000014c0 HeapSetInformation
• 0x1000014c8 IsProcessInJob
• 0x1000014d0 GetCurrentProcess
• 0x1000014d8 HeapAlloc
• 0x1000014e0 GetProcessHeap
• 0x1000014e8 LockResource
• 0x1000014f0 GetModuleHandleW
• 0x1000014f8 SizeofResource
库: USER32.dll:
• 0x100001518 GetKeyState
• 0x100001520 SendInput
• 0x100001528 LoadIconW
• 0x100001530 SetWindowPos
• 0x100001538 KillTimer
• 0x100001540 SetWindowTextW
• 0x100001548 PostMessageW
• 0x100001550 SetTimer
• 0x100001558 SetCursor
• 0x100001560 LoadCursorW
• 0x100001568 SendMessageTimeoutW
• 0x100001570 UnregisterClassA
• 0x100001578 SystemParametersInfoW
库: msvcrt.dll:
• 0x100001588 memcpy_s
• 0x100001590 wcsstr
• 0x100001598 memmove_s
• 0x1000015a0 memset
• 0x1000015a8 __C_specific_handler
• 0x1000015b0 calloc
• 0x1000015b8 ??_V@YAXPEAX@Z
• 0x1000015c0 __wgetmainargs
• 0x1000015c8 _XcptFilter
• 0x1000015d0 _exit
• 0x1000015d8 _cexit
• 0x1000015e0 free
• 0x1000015e8 _wcmdln
• 0x1000015f0 _initterm
• 0x1000015f8 _amsg_exit
• 0x100001600 __setusermatherr
• 0x100001608 _commode
• 0x100001610 _fmode
• 0x100001618 __set_app_type
• 0x100001620 _unlock
• 0x100001628 __dllonexit
• 0x100001630 _lock
• 0x100001638 _onexit
• 0x100001640 ?terminate@@YAXXZ
• 0x100001648 memcpy
• 0x100001650 __CxxFrameHandler3
• 0x100001658 ??1type_info@@UEAA@XZ
• 0x100001660 wcschr
• 0x100001668 _wcslwr_s
• 0x100001670 ??_U@YAPEAX_K@Z
• 0x100001678 wcscspn
• 0x100001680 wcsspn
• 0x100001688 wcsrchr
• 0x100001690 _ltow_s
• 0x100001698 malloc
• 0x1000016a0 _purecall
• 0x1000016a8 ??2@YAPEAX_K@Z
• 0x1000016b0 _vsnwprintf
• 0x1000016b8 _wcsicmp
• 0x1000016c0 ??3@YAXPEAX@Z
• 0x1000016c8 exit
• 0x1000016d0 _wtoi
库: ntdll.dll:
• 0x1000016e0 RtlVirtualUnwind
• 0x1000016e8 RtlLookupFunctionEntry
• 0x1000016f0 RtlCaptureContext
• 0x1000016f8 WinSqmAddToStream
• 0x100001700 WinSqmIsOptedIn
库: ole32.dll:
• 0x100001710 CoInitialize
• 0x100001718 CoUninitialize
• 0x100001720 CoCreateInstance
库: COMCTL32.dll:
• 0x1000010a8 None
库: SHELL32.dll:
• 0x100001508 ShellExecuteW
库: DUI70.dll:
• 0x1000010d8 ?Insert@Element@DirectUI@@QEAAJPEAV12@I@Z
• 0x1000010e0 ?SetClass@Element@DirectUI@@QEAAJPEBG@Z
• 0x1000010e8 ?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
• 0x1000010f0 ?Create@Element@DirectUI@@SAJIPEAV12@PEAKPEAPEAV12@@Z
• 0x100001100 ?SetSelected@Element@DirectUI@@QEAAJ_N@Z
• 0x100001108 ?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
• 0x100001110 ?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
• 0x100001118 StrToID
• 0x100001120 ?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
• 0x100001128 ?Click@Button@DirectUI@@SA?AVUID@@XZ
• 0x100001130 ?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
• 0x100001148 ??0HWNDElement@DirectUI@@QEAA@XZ
• 0x100001150 ?WndProc@HWNDElement@DirectUI@@UEAA_JPEAUHWND__@@I_K_J@Z
• 0x100001160 ?CanSetFocus@HWNDElement@DirectUI@@UEAA_NXZ
• 0x100001168 ?OnCompositionChanged@HWNDElement@DirectUI@@UEAAXXZ
• 0x100001170 ?Release@Value@DirectUI@@QEAAXXZ
• 0x100001190 ?GetHWND@HWNDElement@DirectUI@@UEAAPEAUHWND__@@XZ
• 0x1000011b0 ?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
• 0x1000011b8 ?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
• 0x1000011c0 ?DefaultAction@Element@DirectUI@@UEAAJXZ
• 0x1000011d8 ?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
• 0x1000011f8 ?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
• 0x100001200 ?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
• 0x100001210 ?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
• 0x100001220 ?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
• 0x100001228 ?SetKeyFocus@Element@DirectUI@@UEAAXXZ
• 0x100001230 ?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
• 0x100001240 ?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
• 0x100001248 ?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
• 0x100001250 ?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
• 0x100001268 ?OnDestroy@HWNDElement@DirectUI@@UEAAXXZ
• 0x100001270 ?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
• 0x100001278 ?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
• 0x100001280 ?OnInput@HWNDElement@DirectUI@@UEAAXPEAUInputEvent@2@@Z
• 0x100001288 ?OnGroupChanged@HWNDElement@DirectUI@@UEAAXH_N@Z
• 0x1000012b8 ?IsContentProtected@Element@DirectUI@@UEAA_NXZ
• 0x1000012c0 ?IsRTLReading@Element@DirectUI@@UEAA_NXZ
• 0x1000012c8 ?DestroyWindow@NativeHWNDHost@DirectUI@@QEAAXXZ
• 0x1000012d0 ?OnEvent@HWNDElement@DirectUI@@UEAAXPEAUEvent@2@@Z
• 0x1000012d8 ?Add@Element@DirectUI@@QEAAJPEAV12@@Z
• 0x1000012e0 ?LoadFromResource@DUIFactory@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG1PEAVElement@2@PEAKPEAPEAV42@1@Z
• 0x1000012e8 ?OnWmThemeChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
• 0x1000012f0 ?Destroy@Layout@DirectUI@@QEAAXXZ
• 0x1000012f8 ?SetLayout@Element@DirectUI@@QEAAJPEAVLayout@2@@Z
• 0x100001300 ?Create@FillLayout@DirectUI@@SAJPEAPEAVLayout@2@@Z
• 0x100001308 InitProcessPriv
• 0x100001310 InitThread
• 0x100001320 ?EndDefer@Element@DirectUI@@QEAAXK@Z
• 0x100001328 ?ShowWindow@NativeHWNDHost@DirectUI@@QEAAXH@Z
• 0x100001330 StartMessagePump
• 0x100001338 ?Destroy@NativeHWNDHost@DirectUI@@QEAAXXZ
• 0x100001340 UnInitThread
• 0x100001348 UnInitProcessPriv
• 0x100001350 ??1HWNDElement@DirectUI@@UEAA@XZ
• 0x100001358 ??1DUIFactory@DirectUI@@QEAA@XZ
• 0x100001360 ?Destroy@Element@DirectUI@@QEAAJ_N@Z
• 0x100001368 ?Register@HWNDElement@DirectUI@@SAJXZ
• 0x100001378 ?SetVisible@Element@DirectUI@@QEAAJ_N@Z
• 0x100001380 ?SetAccessible@Element@DirectUI@@QEAAJ_N@Z
• 0x100001388 ?Host@NativeHWNDHost@DirectUI@@QEAAXPEAVElement@2@@Z
• 0x100001390 ?DoubleBuffered@Element@DirectUI@@QEAAX_N@Z
.text
`.data
.pdata
@.rsrc
@.reloc
ADVAPI32.dll
ntdll.DLL
KERNEL32.dll
USER32.dll
msvcrt.dll
ole32.dll
COMCTL32.dll
SHELL32.dll
DUI70.dll
Delete
NoRemove
ForceRemove
Utilman.pdb
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
EventRegister
EventWrite
RegEnumValueW
EventUnregister
ADVAPI32.dll
RaiseException
lstrlenW
K32EnumProcesses
GetCurrentProcessId
ProcessIdToSessionId
OpenProcess
K32EnumProcessModules
K32GetModuleBaseNameW
CloseHandle
Sleep
HeapSetInformation
IsProcessInJob
GetCurrentProcess
HeapAlloc
GetProcessHeap
ExpandEnvironmentStringsW
GetModuleHandleW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
KERNEL32.dll
GetKeyState
SendInput
LoadIconW
SetWindowPos
KillTimer
SetWindowTextW
PostMessageW
SetTimer
SetCursor
LoadCursorW
USER32.dll
??3@YAXPEAX@Z
_wcsicmp
_vsnwprintf
??2@YAPEAX_K@Z
_purecall
malloc
memcpy_s
wcsstr
memmove_s
memset
__C_specific_handler
calloc
??_V@YAXPEAX@Z
__wgetmainargs
_XcptFilter
_exit
_cexit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
msvcrt.dll
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmIsOptedIn
WinSqmAddToStream
ntdll.dll
CoCreateInstance
CoInitialize
CoUninitialize
ole32.dll
COMCTL32.dll
ShellExecuteW
SHELL32.dll
InitProcessPriv
InitThread
?Create@NativeHWNDHost@DirectUI@@SAJPEBGPEAUHWND__@@PEAUHICON__@@HHHHHHIPEAPEAV12@@Z
?EndDefer@Element@DirectUI@@QEAAXK@Z
?ShowWindow@NativeHWNDHost@DirectUI@@QEAAXH@Z
StartMessagePump
?Destroy@NativeHWNDHost@DirectUI@@QEAAXXZ
UnInitThread
UnInitProcessPriv
??1HWNDElement@DirectUI@@UEAA@XZ
??1DUIFactory@DirectUI@@QEAA@XZ
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?Register@HWNDElement@DirectUI@@SAJXZ
?Initialize@HWNDElement@DirectUI@@QEAAJPEAUHWND__@@_NIPEAVElement@2@PEAK@Z
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?SetAccessible@Element@DirectUI@@QEAAJ_N@Z
?Host@NativeHWNDHost@DirectUI@@QEAAXPEAVElement@2@@Z
?DoubleBuffered@Element@DirectUI@@QEAAX_N@Z
?Create@FillLayout@DirectUI@@SAJPEAPEAVLayout@2@@Z
?SetLayout@Element@DirectUI@@QEAAJPEAVLayout@2@@Z
?Destroy@Layout@DirectUI@@QEAAXXZ
?LoadFromResource@DUIFactory@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG1PEAVElement@2@PEAKPEAPEAV42@1@Z
?Add@Element@DirectUI@@QEAAJPEAV12@@Z
?OnEvent@HWNDElement@DirectUI@@UEAAXPEAUEvent@2@@Z
?DestroyWindow@NativeHWNDHost@DirectUI@@QEAAXXZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@HWNDElement@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnGroupChanged@HWNDElement@DirectUI@@UEAAXH_N@Z
?OnInput@HWNDElement@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnDestroy@HWNDElement@DirectUI@@UEAAXXZ
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?UpdateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?ActivateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@K@Z
?RemoveTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?GetClassInfoW@HWNDElement@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?GetAccessibleImpl@HWNDElement@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?GetHWND@HWNDElement@DirectUI@@UEAAPEAUHWND__@@XZ
?OnThemeChanged@HWNDElement@DirectUI@@UEAAXPEAUThemeChangedEvent@2@@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UEAAXPEAUKeyboardEvent@2@@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UEAAXPEAUtagMSG@@PEA_J@Z
?OnWmThemeChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnCompositionChanged@HWNDElement@DirectUI@@UEAAXXZ
?CanSetFocus@HWNDElement@DirectUI@@UEAA_NXZ
?CreateStyleParser@HWNDElement@DirectUI@@UEAAJPEAPEAVDUIXmlParser@2@@Z
?WndProc@HWNDElement@DirectUI@@UEAA_JPEAUHWND__@@I_K_J@Z
??0HWNDElement@DirectUI@@QEAA@XZ
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?Click@Button@DirectUI@@SA?AVUID@@XZ
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
StrToID
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?SetSelected@Element@DirectUI@@QEAAJ_N@Z
?GetKeyFocusedElement@HWNDElement@DirectUI@@SAPEAVElement@2@XZ
?Create@Element@DirectUI@@SAJIPEAV12@PEAKPEAPEAV12@@Z
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?SetClass@Element@DirectUI@@QEAAJPEBG@Z
?Insert@Element@DirectUI@@QEAAJPEAV12@I@Z
?GetClassInfoPtr@CCPushButton@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?RemoveListener@Element@DirectUI@@QEAAXPEAUIElementListener@2@@Z
?AddListener@Element@DirectUI@@QEAAJPEAUIElementListener@2@@Z
?Release@Value@DirectUI@@QEAAXXZ
DUI70.dll
RegEnumKeyExW
RegCreateKeyExW
RegLoadMUIStringW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
MultiByteToWideChar
GetLastError
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
GetFileAttributesW
DeleteFileW
GetThreadUILanguage
UnregisterClassA
SendMessageTimeoutW
SystemParametersInfoW
_wtoi
_ltow_s
wcsrchr
wcsspn
wcscspn
??_U@YAPEAX_K@Z
_wcslwr_s
wcschr
??1type_info@@UEAA@XZ
__CxxFrameHandler3
memcpy
.?AVCAtlException@ATL@@
wwwwwp
l|gow
wwwwx
QJOSiiSOJQ
OLd_CHG=YdLO
QJOSiiSOJQ
sst]sst*
jjk`jjk%
jjk`jjk%
xwxxxp
xwxwxw
|||||||||||||||||y
<NULL>
utilman.exe
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session
Configuration
Microsoft.EaseOfAccessCenter
/restart
System\Setup
OOBEInProgress
Software\Microsoft\Windows NT\CurrentVersion\AccessibilityTemp
%SystemRoot%\System32\Sethc.exe
/AccessibilitySoundAgent
narrator
magnifierpane
highcontrast
stickykeys
filterkeys
apply
cancel
ExpandoButton
statusarea
Narrator
screenreader
status
SystemSetting
ExpandoArea
Software\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs
(null)
StartList::Synchronize
StartList::SaveSettings
StartList::SaveSessionKey
Software\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\
StartList::CreateATProcess
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Startup
\On-Screen Keyboard.lnk
\Narrator.lnk
\Magnifier.lnk
,Narrator
,magnifierpane
ApplicationName
Description
StartExe
StartParams
SimpleProfile
Profile
ATExe
windowarranging
showsounds
minimumhitradius
messageduration
windowtrackingtimeout
windowtrackingzorder
windowtracking
animations
audiodescription
overlappedcontent
keyboardpref
keyboardcues
caretwidth
focusborderwidth
focusborderheight
togglekeys
soundsentry
mousekeys
language=%x
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Voices
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility
Configuration
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Utility Manager
FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)
InternalName
utilman2.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
utilman2.exe
ProductName
Operating System
ProductVersion
6.1.7600.16385
VarFileInfo
Translation
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 104.114.76.144 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 104.114.76.144 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 16.959 seconds )
- 11.008 Suricata
- 2.665 NetworkAnalysis
- 1.645 Static
- 0.797 BehaviorAnalysis
- 0.5 TargetInfo
- 0.313 peid
- 0.017 Strings
- 0.01 AnalysisInfo
- 0.002 Memory
- 0.002 config_decoder
Signatures ( 2.031 seconds )
- 1.385 proprietary_url_bl
- 0.172 antiav_detectreg
- 0.056 infostealer_ftp
- 0.04 api_spamming
- 0.034 infostealer_im
- 0.033 stealth_decoy_document
- 0.033 antianalysis_detectreg
- 0.031 stealth_timeout
- 0.02 antivm_generic_scsi
- 0.018 infostealer_mail
- 0.01 injection_createremotethread
- 0.009 antivm_generic_services
- 0.009 kibex_behavior
- 0.009 geodo_banking_trojan
- 0.009 proprietary_domain_bl
- 0.008 anormaly_invoke_kills
- 0.008 antivm_parallels_keys
- 0.008 antivm_xen_keys
- 0.008 darkcomet_regkeys
- 0.006 betabot_behavior
- 0.006 injection_runpe
- 0.006 antiav_detectfile
- 0.006 antivm_generic_diskreg
- 0.006 recon_fingerprint
- 0.005 injection_explorer
- 0.005 anomaly_persistence_autorun
- 0.004 antisandbox_productid
- 0.004 infostealer_bitcoin
- 0.004 ransomware_extensions
- 0.004 ransomware_files
- 0.003 tinba_behavior
- 0.003 mimics_filetime
- 0.003 antivm_generic_system
- 0.003 antivm_xen_keys
- 0.003 antivm_vmware_keys
- 0.003 proprietary_anomaly_invoke_vb_vba
- 0.003 network_http
- 0.002 bootkit
- 0.002 rat_nanocore
- 0.002 stealth_file
- 0.002 reads_self
- 0.002 antivm_generic_disk
- 0.002 virus
- 0.002 hancitor_behavior
- 0.002 bypass_firewall
- 0.002 antivm_generic_bios
- 0.002 antivm_generic_cpu
- 0.002 antivm_hyperv_keys
- 0.002 antivm_vbox_acpi
- 0.002 antivm_vbox_files
- 0.002 antivm_vbox_keys
- 0.002 antivm_vpc_keys
- 0.002 browser_security
- 0.002 disables_browser_warn
- 0.002 packer_armadillo_regkey
- 0.002 recon_programs
- 0.001 antiemu_wine_func
- 0.001 shifu_behavior
- 0.001 infostealer_browser_password
- 0.001 cerber_behavior
- 0.001 kovter_behavior
- 0.001 antidbg_devices
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 modify_proxy
- 0.001 codelux_behavior
- 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
- 0.001 proprietary_bad_drop
- 0.001 network_cnc_http
- 0.001 stealth_modify_uac_prompt
Reporting ( 0.623 seconds )
- 0.515 ReportHTMLSummary
- 0.108 Malheur
| Task ID | 744084 |
|---|---|
| Mongo ID | 6620bc797e769a7c1c1705bd |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号