分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2024-11-29 20:46:23 2024-11-29 20:48:44 141 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 MobaXterm_Personal_22.1.exe
文件大小 16858760 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 982fcd11879e007bbadf758f1ef4e420
SHA1 3387efd93c98cc5a607bf1297354bbb4d52d2ae5
SHA256 8f77f5a7531bb72a1a1a8b2e6414e536989005ebafcc39587757a92808069442
SHA512 df53d844d51da68a630a325f7efcad66c84ac90571af763d3c7ea5690e5364626e4d61ba01907710ddb39115edb9cbe99097abbb685cdd56800950737418f1ca
CRC32 E74440CD
Ssdeep 393216:TPE1qVnSP7nulrASNUIb+tQNRZ4uem+vNl:ziDnuSe6CRZIm+vNl
Yara 登录查看Yara规则
找不到该样本 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00aeb718
声明校验值 0x01017206
实际校验值 0x01017206
最低操作系统版本要求 4.0
编译时间 2022-06-05 08:00:00
载入哈希 16c92e8818cd97a23d61eafeef3da7eb
图标
图标精确哈希值 6a9c6c5cd423b81f60f565d5c50b6b76
图标相似性哈希值 72ff804fd382dc2bcf20303edcdb8a96

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
LegalTrademarks
Comments
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
CODE 0x00001000 0x006ed4c4 0x006ed600 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.60
DATA 0x006ef000 0x00091b90 0x00091c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.18
BSS 0x00781000 0x00029fe1 0x00000000 IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.idata 0x007ab000 0x00004c3a 0x00004e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.03
.tls 0x007b0000 0x00000040 0x00000000 IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.rdata 0x007b1000 0x00000018 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ 0.17
.reloc 0x007b2000 0x00062254 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ 0.00
.rsrc 0x00815000 0x0088d476 0x0088d600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ 7.94

覆盖

偏移量 0x01011c00
大小 0x00002288

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
EXEFILE 0x00b8b890 0x004317ad LANG_ENGLISH SUBLANG_ENGLISH_US 8.00 data
EXEFILE 0x00b8b890 0x004317ad LANG_ENGLISH SUBLANG_ENGLISH_US 8.00 data
EXEFILE 0x00b8b890 0x004317ad LANG_ENGLISH SUBLANG_ENGLISH_US 8.00 data
EXEFILE 0x00b8b890 0x004317ad LANG_ENGLISH SUBLANG_ENGLISH_US 8.00 data
EXEFILE 0x00b8b890 0x004317ad LANG_ENGLISH SUBLANG_ENGLISH_US 8.00 data
EXEFILE 0x00b8b890 0x004317ad LANG_ENGLISH SUBLANG_ENGLISH_US 8.00 data
EXEFILE 0x00b8b890 0x004317ad LANG_ENGLISH SUBLANG_ENGLISH_US 8.00 data
EXEFILE 0x00b8b890 0x004317ad LANG_ENGLISH SUBLANG_ENGLISH_US 8.00 data
EXEFILE 0x00b8b890 0x004317ad LANG_ENGLISH SUBLANG_ENGLISH_US 8.00 data
EXEFILE 0x00b8b890 0x004317ad LANG_ENGLISH SUBLANG_ENGLISH_US 8.00 data
EXEFILE 0x00b8b890 0x004317ad LANG_ENGLISH SUBLANG_ENGLISH_US 8.00 data
EXEFILE 0x00b8b890 0x004317ad LANG_ENGLISH SUBLANG_ENGLISH_US 8.00 data
EXEFILE 0x00b8b890 0x004317ad LANG_ENGLISH SUBLANG_ENGLISH_US 8.00 data
EXEFILE 0x00b8b890 0x004317ad LANG_ENGLISH SUBLANG_ENGLISH_US 8.00 data
EXEFILE 0x00b8b890 0x004317ad LANG_ENGLISH SUBLANG_ENGLISH_US 8.00 data
EXEFILE 0x00b8b890 0x004317ad LANG_ENGLISH SUBLANG_ENGLISH_US 8.00 data
EXEFILE 0x00b8b890 0x004317ad LANG_ENGLISH SUBLANG_ENGLISH_US 8.00 data
EXEFILE 0x00b8b890 0x004317ad LANG_ENGLISH SUBLANG_ENGLISH_US 8.00 data
EXEFILE 0x00b8b890 0x004317ad LANG_ENGLISH SUBLANG_ENGLISH_US 8.00 data
EXEFILE 0x00b8b890 0x004317ad LANG_ENGLISH SUBLANG_ENGLISH_US 8.00 data
EXEFILE 0x00b8b890 0x004317ad LANG_ENGLISH SUBLANG_ENGLISH_US 8.00 data
EXEFILE 0x00b8b890 0x004317ad LANG_ENGLISH SUBLANG_ENGLISH_US 8.00 data
RT_CURSOR 0x00fc7bc8 0x000010ac LANG_NEUTRAL SUBLANG_NEUTRAL 1.96 Hitachi SH big-endian COFF object, not stripped
RT_CURSOR 0x00fc7bc8 0x000010ac LANG_NEUTRAL SUBLANG_NEUTRAL 1.96 Hitachi SH big-endian COFF object, not stripped
RT_CURSOR 0x00fc7bc8 0x000010ac LANG_NEUTRAL SUBLANG_NEUTRAL 1.96 Hitachi SH big-endian COFF object, not stripped
RT_CURSOR 0x00fc7bc8 0x000010ac LANG_NEUTRAL SUBLANG_NEUTRAL 1.96 Hitachi SH big-endian COFF object, not stripped
RT_CURSOR 0x00fc7bc8 0x000010ac LANG_NEUTRAL SUBLANG_NEUTRAL 1.96 Hitachi SH big-endian COFF object, not stripped
RT_CURSOR 0x00fc7bc8 0x000010ac LANG_NEUTRAL SUBLANG_NEUTRAL 1.96 Hitachi SH big-endian COFF object, not stripped
RT_CURSOR 0x00fc7bc8 0x000010ac LANG_NEUTRAL SUBLANG_NEUTRAL 1.96 Hitachi SH big-endian COFF object, not stripped
RT_CURSOR 0x00fc7bc8 0x000010ac LANG_NEUTRAL SUBLANG_NEUTRAL 1.96 Hitachi SH big-endian COFF object, not stripped
RT_CURSOR 0x00fc7bc8 0x000010ac LANG_NEUTRAL SUBLANG_NEUTRAL 1.96 Hitachi SH big-endian COFF object, not stripped
RT_CURSOR 0x00fc7bc8 0x000010ac LANG_NEUTRAL SUBLANG_NEUTRAL 1.96 Hitachi SH big-endian COFF object, not stripped
RT_CURSOR 0x00fc7bc8 0x000010ac LANG_NEUTRAL SUBLANG_NEUTRAL 1.96 Hitachi SH big-endian COFF object, not stripped
RT_CURSOR 0x00fc7bc8 0x000010ac LANG_NEUTRAL SUBLANG_NEUTRAL 1.96 Hitachi SH big-endian COFF object, not stripped
RT_CURSOR 0x00fc7bc8 0x000010ac LANG_NEUTRAL SUBLANG_NEUTRAL 1.96 Hitachi SH big-endian COFF object, not stripped
RT_CURSOR 0x00fc7bc8 0x000010ac LANG_NEUTRAL SUBLANG_NEUTRAL 1.96 Hitachi SH big-endian COFF object, not stripped
RT_CURSOR 0x00fc7bc8 0x000010ac LANG_NEUTRAL SUBLANG_NEUTRAL 1.96 Hitachi SH big-endian COFF object, not stripped
RT_BITMAP 0x00fcaaa4 0x00000328 LANG_FRENCH SUBLANG_FRENCH 0.86 GLS_BINARY_LSB_FIRST
RT_BITMAP 0x00fcaaa4 0x00000328 LANG_FRENCH SUBLANG_FRENCH 0.86 GLS_BINARY_LSB_FIRST
RT_BITMAP 0x00fcaaa4 0x00000328 LANG_FRENCH SUBLANG_FRENCH 0.86 GLS_BINARY_LSB_FIRST
RT_BITMAP 0x00fcaaa4 0x00000328 LANG_FRENCH SUBLANG_FRENCH 0.86 GLS_BINARY_LSB_FIRST
RT_BITMAP 0x00fcaaa4 0x00000328 LANG_FRENCH SUBLANG_FRENCH 0.86 GLS_BINARY_LSB_FIRST
RT_BITMAP 0x00fcaaa4 0x00000328 LANG_FRENCH SUBLANG_FRENCH 0.86 GLS_BINARY_LSB_FIRST
RT_BITMAP 0x00fcaaa4 0x00000328 LANG_FRENCH SUBLANG_FRENCH 0.86 GLS_BINARY_LSB_FIRST
RT_BITMAP 0x00fcaaa4 0x00000328 LANG_FRENCH SUBLANG_FRENCH 0.86 GLS_BINARY_LSB_FIRST
RT_BITMAP 0x00fcaaa4 0x00000328 LANG_FRENCH SUBLANG_FRENCH 0.86 GLS_BINARY_LSB_FIRST
RT_ICON 0x01010444 0x00000468 LANG_FRENCH SUBLANG_FRENCH 4.01 GLS_BINARY_LSB_FIRST
RT_ICON 0x01010444 0x00000468 LANG_FRENCH SUBLANG_FRENCH 4.01 GLS_BINARY_LSB_FIRST
RT_ICON 0x01010444 0x00000468 LANG_FRENCH SUBLANG_FRENCH 4.01 GLS_BINARY_LSB_FIRST
RT_ICON 0x01010444 0x00000468 LANG_FRENCH SUBLANG_FRENCH 4.01 GLS_BINARY_LSB_FIRST
RT_DIALOG 0x010108ac 0x00000052 LANG_NEUTRAL SUBLANG_NEUTRAL 2.56 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x01020bfc 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_RCDATA 0x010a15ac 0x00000300 LANG_NEUTRAL SUBLANG_NEUTRAL 5.56 Delphi compiled form 'TsPopupCalendar'
RT_GROUP_CURSOR 0x010a19c4 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x010a19c4 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x010a19c4 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x010a19c4 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x010a19c4 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x010a19c4 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x010a19c4 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x010a19c4 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x010a19c4 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x010a19c4 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x010a19c4 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x010a19c4 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x010a19c4 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x010a19c4 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x010a19c4 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_ICON 0x010a19d8 0x0000003e LANG_FRENCH SUBLANG_FRENCH 2.43 MS Windows icon resource - 4 icons, 256x256
RT_VERSION 0x010a1a18 0x00000394 LANG_ENGLISH SUBLANG_ENGLISH_US 3.41 data
RT_MANIFEST 0x010a1dac 0x000006ca LANG_ENGLISH SUBLANG_ENGLISH_US 5.03 XML 1.0 document, ASCII text, with CRLF line terminators

导入

库: kernel32.dll:
0xbab308 VirtualFree
0xbab30c VirtualAlloc
0xbab310 LocalFree
0xbab314 LocalAlloc
0xbab318 GetTickCount
0xbab320 GetVersion
0xbab324 GetCurrentThreadId
0xbab330 VirtualQuery
0xbab334 WideCharToMultiByte
0xbab33c MultiByteToWideChar
0xbab340 lstrlenA
0xbab344 lstrcpynA
0xbab348 LoadLibraryExA
0xbab34c GetThreadLocale
0xbab350 GetStartupInfoA
0xbab354 GetProcAddress
0xbab358 GetModuleHandleA
0xbab35c GetModuleFileNameA
0xbab360 GetLocaleInfoA
0xbab364 GetLastError
0xbab36c GetCommandLineA
0xbab370 FreeLibrary
0xbab374 FindFirstFileA
0xbab378 FindClose
0xbab37c ExitProcess
0xbab380 ExitThread
0xbab384 CreateThread
0xbab388 WriteFile
0xbab390 SetFilePointer
0xbab394 SetEndOfFile
0xbab398 RtlUnwind
0xbab39c ReadFile
0xbab3a0 RaiseException
0xbab3a4 GetStdHandle
0xbab3a8 GetFileSize
0xbab3ac GetFileType
0xbab3b0 DeleteFileA
0xbab3b4 CreateFileA
0xbab3b8 CloseHandle
库: user32.dll:
0xbab3c0 GetKeyboardType
0xbab3c4 LoadStringA
0xbab3c8 MessageBoxA
0xbab3cc CharNextA
库: advapi32.dll:
0xbab3d4 RegQueryValueExA
0xbab3d8 RegOpenKeyExA
0xbab3dc RegCloseKey
库: oleaut32.dll:
0xbab3e4 SysFreeString
0xbab3e8 SysReAllocStringLen
0xbab3ec SysAllocStringLen
库: kernel32.dll:
0xbab3f4 TlsSetValue
0xbab3f8 TlsGetValue
0xbab3fc LocalAlloc
0xbab400 GetModuleHandleA
库: advapi32.dll:
0xbab408 RegSetValueExA
0xbab40c RegQueryValueExA
0xbab410 RegQueryInfoKeyA
0xbab414 RegOpenKeyExA
0xbab418 RegFlushKey
0xbab41c RegEnumValueA
0xbab420 RegEnumKeyExA
0xbab424 RegDeleteValueA
0xbab428 RegDeleteKeyA
0xbab42c RegCreateKeyExA
0xbab430 RegCloseKey
0xbab434 ReadEventLogA
0xbab438 OpenProcessToken
0xbab43c OpenEventLogA
0xbab440 LookupAccountSidA
0xbab444 LookupAccountNameA
0xbab448 LogonUserA
0xbab44c IsValidSid
0xbab450 InitializeAcl
0xbab454 GetUserNameA
0xbab458 GetTokenInformation
0xbab460 GetSidSubAuthority
0xbab46c FreeSid
0xbab470 CloseEventLog
库: kernel32.dll:
0xbab47c lstrlenA
0xbab480 lstrcpyA
0xbab484 lstrcmpA
0xbab488 WriteProcessMemory
0xbab48c WriteFile
0xbab490 WinExec
0xbab494 WideCharToMultiByte
0xbab498 WaitForSingleObject
0xbab4a0 VirtualQuery
0xbab4a4 VirtualFreeEx
0xbab4a8 VirtualFree
0xbab4ac VirtualAllocEx
0xbab4b0 VirtualAlloc
0xbab4b4 VerLanguageNameA
0xbab4b8 UnmapViewOfFile
0xbab4bc TerminateProcess
0xbab4c4 SuspendThread
0xbab4c8 Sleep
0xbab4cc SizeofResource
0xbab4d0 SetThreadPriority
0xbab4d4 SetThreadLocale
0xbab4d8 SetLastError
0xbab4dc SetFileTime
0xbab4e0 SetFilePointer
0xbab4e4 SetFileAttributesA
0xbab4e8 SetEvent
0xbab4ec SetErrorMode
0xbab4f8 SetEndOfFile
0xbab500 ResumeThread
0xbab504 ResetEvent
0xbab508 RemoveDirectoryA
0xbab50c ReleaseSemaphore
0xbab510 ReleaseMutex
0xbab514 ReadProcessMemory
0xbab518 ReadFile
0xbab524 OutputDebugStringA
0xbab528 OpenProcess
0xbab52c MultiByteToWideChar
0xbab530 MulDiv
0xbab534 MoveFileExA
0xbab538 MoveFileA
0xbab53c MapViewOfFile
0xbab540 LockResource
0xbab544 LocalFree
0xbab548 LoadResource
0xbab54c LoadLibraryA
0xbab554 IsValidLocale
0xbab558 IsBadReadPtr
0xbab560 GlobalUnlock
0xbab564 GlobalSize
0xbab568 GlobalReAlloc
0xbab56c GlobalHandle
0xbab570 GlobalLock
0xbab574 GlobalFree
0xbab578 GlobalFindAtomA
0xbab57c GlobalDeleteAtom
0xbab580 GlobalAlloc
0xbab584 GlobalAddAtomA
0xbab590 GetVersionExA
0xbab594 GetVersion
0xbab59c GetTickCount
0xbab5a0 GetThreadLocale
0xbab5a4 GetTempPathA
0xbab5a8 GetTempFileNameA
0xbab5ac GetSystemTime
0xbab5b0 GetSystemInfo
0xbab5b4 GetSystemDirectoryA
0xbab5bc GetStringTypeExA
0xbab5c0 GetStdHandle
0xbab5c4 GetShortPathNameW
0xbab5c8 GetShortPathNameA
0xbab5cc GetProfileStringA
0xbab5d0 GetProfileIntA
0xbab5d4 GetProcAddress
0xbab5d8 GetModuleHandleA
0xbab5dc GetModuleFileNameW
0xbab5e0 GetModuleFileNameA
0xbab5e4 GetLocaleInfoA
0xbab5e8 GetLocalTime
0xbab5ec GetLastError
0xbab5f0 GetFullPathNameA
0xbab5f4 GetFileSize
0xbab5f8 GetFileAttributesA
0xbab5fc GetExitCodeThread
0xbab600 GetExitCodeProcess
0xbab608 GetDriveTypeA
0xbab60c GetDiskFreeSpaceA
0xbab610 GetDateFormatA
0xbab614 GetCurrentThreadId
0xbab618 GetCurrentProcessId
0xbab61c GetCurrentProcess
0xbab624 GetComputerNameW
0xbab628 GetComputerNameA
0xbab62c GetCPInfo
0xbab630 GetACP
0xbab634 FreeResource
0xbab63c InterlockedExchange
0xbab644 FreeLibrary
0xbab648 FormatMessageA
0xbab650 FlushFileBuffers
0xbab654 FindResourceA
0xbab658 FindNextFileA
0xbab660 FindFirstFileA
0xbab66c FindClose
0xbab67c EnumCalendarInfoA
0xbab684 DeleteFileA
0xbab68c CreateThread
0xbab690 CreateSemaphoreA
0xbab694 CreateProcessA
0xbab698 CreatePipe
0xbab69c CreateMutexA
0xbab6a0 CreateFileMappingA
0xbab6a4 CreateFileA
0xbab6a8 CreateEventA
0xbab6ac CreateDirectoryA
0xbab6b0 CopyFileA
0xbab6b4 CompareStringW
0xbab6b8 CompareStringA
0xbab6bc CloseHandle
库: gdi32.dll:
0xbab6c4 UnrealizeObject
0xbab6c8 StretchDIBits
0xbab6cc StretchBlt
0xbab6d0 StartPage
0xbab6d4 StartDocA
0xbab6d8 SetWindowOrgEx
0xbab6dc SetWindowExtEx
0xbab6e0 SetWinMetaFileBits
0xbab6e4 SetViewportOrgEx
0xbab6e8 SetViewportExtEx
0xbab6f0 SetTextColor
0xbab6f4 SetStretchBltMode
0xbab6f8 SetROP2
0xbab6fc SetPixelV
0xbab700 SetPixel
0xbab704 SetPaletteEntries
0xbab708 SetMapMode
0xbab70c SetEnhMetaFileBits
0xbab710 SetDIBColorTable
0xbab714 SetBrushOrgEx
0xbab718 SetBkMode
0xbab71c SetBkColor
0xbab720 SetBitmapBits
0xbab724 SetAbortProc
0xbab728 SelectPalette
0xbab72c SelectObject
0xbab730 SelectClipRgn
0xbab734 SaveDC
0xbab738 RoundRect
0xbab73c RestoreDC
0xbab740 ResizePalette
0xbab748 Rectangle
0xbab74c RectVisible
0xbab750 RealizePalette
0xbab754 Polyline
0xbab758 Polygon
0xbab75c PolyPolyline
0xbab760 PlayEnhMetaFile
0xbab764 Pie
0xbab768 PatBlt
0xbab76c MoveToEx
0xbab770 MaskBlt
0xbab774 LineTo
0xbab778 IntersectClipRect
0xbab77c GetWindowOrgEx
0xbab780 GetWinMetaFileBits
0xbab784 GetViewportOrgEx
0xbab788 GetTextMetricsA
0xbab78c GetTextExtentPointA
0xbab79c GetStockObject
0xbab7a0 GetPixel
0xbab7a4 GetPaletteEntries
0xbab7a8 GetObjectW
0xbab7ac GetObjectA
0xbab7bc GetEnhMetaFileBits
0xbab7c0 GetDeviceCaps
0xbab7c4 GetDIBits
0xbab7c8 GetDIBColorTable
0xbab7cc GetDCOrgEx
0xbab7d4 GetClipRgn
0xbab7d8 GetClipBox
0xbab7dc GetCharABCWidthsW
0xbab7e0 GetCharABCWidthsA
0xbab7e4 GetBrushOrgEx
0xbab7ec GetBitmapBits
0xbab7f0 GdiFlush
0xbab7f4 ExtTextOutW
0xbab7f8 ExtTextOutA
0xbab7fc ExtCreatePen
0xbab800 ExcludeClipRect
0xbab804 EnumFontFamiliesExA
0xbab808 EnumFontFamiliesA
0xbab80c EndPage
0xbab810 EndDoc
0xbab814 Ellipse
0xbab818 DeleteObject
0xbab81c DeleteEnhMetaFile
0xbab820 DeleteDC
0xbab824 CreateSolidBrush
0xbab828 CreateRectRgn
0xbab82c CreatePenIndirect
0xbab830 CreatePen
0xbab834 CreatePatternBrush
0xbab838 CreatePalette
0xbab83c CreateICA
0xbab844 CreateFontIndirectW
0xbab848 CreateFontIndirectA
0xbab84c CreateDIBitmap
0xbab850 CreateDIBSection
0xbab854 CreateDCA
0xbab858 CreateCompatibleDC
0xbab860 CreateBrushIndirect
0xbab864 CreateBitmap
0xbab868 CopyEnhMetaFileA
0xbab86c CombineRgn
0xbab870 BitBlt
库: user32.dll:
0xbab87c CreateWindowExA
0xbab880 keybd_event
0xbab884 WindowFromPoint
0xbab888 WindowFromDC
0xbab88c WinHelpA
0xbab890 WaitMessage
0xbab894 WaitForInputIdle
0xbab898 ValidateRect
0xbab89c UpdateLayeredWindow
0xbab8a0 UpdateWindow
0xbab8a4 UnregisterHotKey
0xbab8a8 UnregisterClassA
0xbab8ac UnionRect
0xbab8b0 UnhookWindowsHookEx
0xbab8b4 TranslateMessage
0xbab8bc TrackPopupMenu
0xbab8c8 ShowWindow
0xbab8cc ShowScrollBar
0xbab8d0 ShowOwnedPopups
0xbab8d4 ShowCursor
0xbab8d8 ShowCaret
0xbab8dc SetWindowRgn
0xbab8e0 SetWindowsHookExA
0xbab8e4 SetWindowTextA
0xbab8e8 SetWindowPos
0xbab8ec SetWindowPlacement
0xbab8f0 SetWindowLongW
0xbab8f4 SetWindowLongA
0xbab8f8 SetTimer
0xbab8fc SetScrollRange
0xbab900 SetScrollPos
0xbab904 SetScrollInfo
0xbab908 SetRect
0xbab90c SetPropA
0xbab910 SetParent
0xbab914 SetMenuItemInfoA
0xbab918 SetMenuInfo
0xbab91c SetMenu
0xbab920 SetKeyboardState
0xbab924 SetForegroundWindow
0xbab928 SetFocus
0xbab92c SetCursor
0xbab930 SetClipboardViewer
0xbab934 SetClipboardData
0xbab938 SetClassLongA
0xbab93c SetCaretPos
0xbab940 SetCapture
0xbab944 SetActiveWindow
0xbab948 SendMessageTimeoutW
0xbab94c SendMessageTimeoutA
0xbab950 SendMessageA
0xbab954 SendInput
0xbab958 ScrollWindowEx
0xbab95c ScrollWindow
0xbab960 ScreenToClient
0xbab964 ReplyMessage
0xbab968 RemovePropA
0xbab96c RemoveMenu
0xbab970 ReleaseDC
0xbab974 ReleaseCapture
0xbab97c RegisterHotKey
0xbab984 RegisterClassA
0xbab988 RedrawWindow
0xbab98c PtInRect
0xbab990 PostThreadMessageA
0xbab994 PostQuitMessage
0xbab998 PostMessageW
0xbab99c PostMessageA
0xbab9a0 PeekMessageA
0xbab9a4 OpenClipboard
0xbab9a8 OffsetRect
0xbab9ac OemToCharA
0xbab9b4 MoveWindow
0xbab9b8 MessageBoxIndirectA
0xbab9bc MessageBoxA
0xbab9c0 MessageBeep
0xbab9c4 MapWindowPoints
0xbab9c8 MapVirtualKeyA
0xbab9cc LoadStringA
0xbab9d0 LoadKeyboardLayoutA
0xbab9d4 LoadIconA
0xbab9d8 LoadCursorA
0xbab9dc LoadBitmapA
0xbab9e0 KillTimer
0xbab9e4 IsZoomed
0xbab9e8 IsWindowVisible
0xbab9ec IsWindowUnicode
0xbab9f0 IsWindowEnabled
0xbab9f4 IsWindow
0xbab9f8 IsRectEmpty
0xbab9fc IsIconic
0xbaba00 IsDialogMessageA
0xbaba08 IsChild
0xbaba0c IsCharAlphaNumericA
0xbaba10 IsCharAlphaA
0xbaba14 InvalidateRect
0xbaba18 IntersectRect
0xbaba1c InsertMenuItemA
0xbaba20 InsertMenuA
0xbaba24 InflateRect
0xbaba28 HideCaret
0xbaba34 GetWindowTextW
0xbaba38 GetWindowTextA
0xbaba3c GetWindowRect
0xbaba40 GetWindowPlacement
0xbaba44 GetWindowLongW
0xbaba48 GetWindowLongA
0xbaba4c GetWindowDC
0xbaba50 GetUpdateRect
0xbaba54 GetTopWindow
0xbaba58 GetSystemMetrics
0xbaba5c GetSystemMenu
0xbaba60 GetSysColorBrush
0xbaba64 GetSysColor
0xbaba68 GetSubMenu
0xbaba6c GetScrollRange
0xbaba70 GetScrollPos
0xbaba74 GetScrollInfo
0xbaba78 GetPropA
0xbaba7c GetParent
0xbaba80 GetWindow
0xbaba84 GetMessageTime
0xbaba88 GetMessagePos
0xbaba8c GetMessageA
0xbaba90 GetMenuStringA
0xbaba94 GetMenuState
0xbaba98 GetMenuItemRect
0xbaba9c GetMenuItemInfoA
0xbabaa0 GetMenuItemID
0xbabaa4 GetMenuItemCount
0xbabaa8 GetMenu
0xbabaac GetLastActivePopup
0xbabab0 GetKeyboardState
0xbabab8 GetKeyboardLayout
0xbababc GetKeyState
0xbabac0 GetKeyNameTextA
0xbabac4 GetIconInfo
0xbabac8 GetForegroundWindow
0xbabacc GetFocus
0xbabad0 GetDoubleClickTime
0xbabad4 GetDlgItem
0xbabad8 GetDlgCtrlID
0xbabadc GetDesktopWindow
0xbabae0 GetDCEx
0xbabae4 GetDC
0xbabae8 GetCursorPos
0xbabaec GetCursor
0xbabaf4 GetClipboardData
0xbabaf8 GetClientRect
0xbabafc GetClassNameA
0xbabb00 GetClassLongA
0xbabb04 GetClassInfoA
0xbabb08 GetCaretPos
0xbabb0c GetCapture
0xbabb10 GetAsyncKeyState
0xbabb14 GetActiveWindow
0xbabb18 FrameRect
0xbabb1c FindWindowExA
0xbabb20 FindWindowA
0xbabb24 FillRect
0xbabb28 EqualRect
0xbabb2c EnumWindows
0xbabb30 EnumThreadWindows
0xbabb38 EnumChildWindows
0xbabb3c EndPaint
0xbabb40 EndDeferWindowPos
0xbabb44 EnableWindow
0xbabb48 EnableScrollBar
0xbabb4c EnableMenuItem
0xbabb50 EmptyClipboard
0xbabb54 DrawTextExA
0xbabb58 DrawTextW
0xbabb5c DrawTextA
0xbabb60 DrawMenuBar
0xbabb64 DrawIconEx
0xbabb68 DrawIcon
0xbabb6c DrawFrameControl
0xbabb70 DrawFocusRect
0xbabb74 DrawEdge
0xbabb78 DispatchMessageA
0xbabb7c DestroyWindow
0xbabb80 DestroyMenu
0xbabb84 DestroyIcon
0xbabb88 DestroyCursor
0xbabb8c DestroyCaret
0xbabb90 DeleteMenu
0xbabb94 DeferWindowPos
0xbabb98 DefWindowProcW
0xbabb9c DefWindowProcA
0xbabba0 DefMDIChildProcA
0xbabba4 DefFrameProcA
0xbabba8 CreatePopupMenu
0xbabbac CreateMenu
0xbabbb0 CreateIconIndirect
0xbabbb4 CreateIcon
0xbabbb8 CreateCaret
0xbabbbc CopyRect
0xbabbc0 CopyImage
0xbabbc4 CopyIcon
0xbabbc8 CloseClipboard
0xbabbcc ClipCursor
0xbabbd0 ClientToScreen
0xbabbd8 CheckMenuItem
0xbabbdc CharUpperBuffW
0xbabbe0 CharUpperW
0xbabbe4 CharLowerBuffW
0xbabbe8 CharLowerW
0xbabbf0 CallWindowProcA
0xbabbf4 CallNextHookEx
0xbabbf8 BringWindowToTop
0xbabbfc BeginPaint
0xbabc00 BeginDeferWindowPos
0xbabc04 AttachThreadInput
0xbabc08 CharNextA
0xbabc0c CharLowerBuffA
0xbabc10 CharLowerA
0xbabc14 CharUpperBuffA
0xbabc18 CharUpperA
0xbabc1c CharToOemBuffA
0xbabc20 CharToOemA
0xbabc24 AdjustWindowRectEx
库: ole32.dll:
0xbabc30 CLSIDFromString
库: kernel32.dll:
0xbabc38 Sleep
库: oleaut32.dll:
0xbabc40 SafeArrayPtrOfIndex
0xbabc44 SafeArrayPutElement
0xbabc48 SafeArrayGetElement
0xbabc50 SafeArrayAccessData
0xbabc54 SafeArrayGetUBound
0xbabc58 SafeArrayGetLBound
0xbabc5c SafeArrayCreate
0xbabc60 VariantChangeType
0xbabc64 VariantCopy
0xbabc68 VariantClear
0xbabc6c VariantInit
库: ole32.dll:
0xbabc7c ReleaseStgMedium
0xbabc84 OleFlushClipboard
0xbabc88 OleGetClipboard
0xbabc8c OleSetClipboard
0xbabc90 DoDragDrop
0xbabc94 RevokeDragDrop
0xbabc98 RegisterDragDrop
0xbabc9c OleUninitialize
0xbabca0 OleInitialize
0xbabca4 CreateBindCtx
0xbabca8 MkParseDisplayName
0xbabcb0 CoTaskMemFree
0xbabcb4 CoTaskMemAlloc
0xbabcb8 CoCreateInstance
0xbabcc4 CoUninitialize
0xbabcc8 CoInitialize
0xbabccc IsEqualGUID
库: oleaut32.dll:
0xbabcd4 GetErrorInfo
0xbabcd8 SysFreeString
库: comctl32.dll:
0xbabce8 ImageList_Write
0xbabcec ImageList_Read
0xbabcfc ImageList_DragMove
0xbabd00 ImageList_DragLeave
0xbabd04 ImageList_DragEnter
0xbabd08 ImageList_EndDrag
0xbabd0c ImageList_BeginDrag
0xbabd10 ImageList_GetIcon
0xbabd14 ImageList_Remove
0xbabd18 ImageList_DrawEx
0xbabd1c ImageList_Replace
0xbabd20 ImageList_Draw
0xbabd30 ImageList_Add
0xbabd38 ImageList_Destroy
0xbabd3c ImageList_Create
0xbabd40 InitCommonControls
库: imm32.dll:
0xbabd5c ImmReleaseContext
0xbabd60 ImmGetContext
库: winspool.drv:
0xbabd68 OpenPrinterA
0xbabd6c EnumPrintersA
0xbabd70 DocumentPropertiesA
0xbabd74 ClosePrinter
库: shell32.dll:
0xbabd7c Shell_NotifyIconA
0xbabd80 ShellExecuteExA
0xbabd84 ShellExecuteA
0xbabd88 SHGetFileInfoA
0xbabd8c SHFileOperationA
0xbabd90 DragQueryPoint
0xbabd94 DragQueryFileW
0xbabd98 DragQueryFileA
0xbabd9c DragFinish
0xbabda0 DragAcceptFiles
库: shell32.dll:
0xbabdb8 SHGetMalloc
0xbabdbc SHGetDesktopFolder
库: comdlg32.dll:
0xbabdc4 PrintDlgA
0xbabdc8 ChooseColorA
0xbabdcc GetSaveFileNameA
0xbabdd0 GetOpenFileNameA
库: kernel32.dll:
0xbabdd8 MulDiv
库: advapi32.dll:
0xbabe0c CryptGenRandom
0xbabe10 CryptGenKey
0xbabe14 CryptDeriveKey
0xbabe18 CryptGetKeyParam
0xbabe1c CryptSetKeyParam
0xbabe20 CryptSetProvParam
0xbabe24 CryptGetProvParam
0xbabe28 CryptDestroyHash
0xbabe2c CryptSignHashA
0xbabe30 CryptGetHashParam
0xbabe34 CryptSetHashParam
0xbabe3c CryptHashData
0xbabe40 CryptCreateHash
0xbabe44 CryptImportKey
0xbabe48 CryptExportKey
0xbabe4c CryptReleaseContext
0xbabe50 CryptDestroyKey
0xbabe54 CryptGetUserKey
0xbabe58 CryptContextAddRef
0xbabe60 CryptDuplicateKey
0xbabe64 CryptEncrypt
0xbabe68 CryptDecrypt
库: ole32.dll:
0xbabe70 CoCreateGuid
库: wsock32.dll:
0xbabe78 __WSAFDIsSet
0xbabe7c WSACleanup
0xbabe80 WSAStartup
0xbabe84 WSASetLastError
0xbabe88 WSAGetLastError
0xbabe8c gethostbyname
0xbabe90 gethostbyaddr
0xbabe94 socket
0xbabe98 shutdown
0xbabe9c setsockopt
0xbabea0 sendto
0xbabea4 send
0xbabea8 select
0xbabeac recv
0xbabeb0 ntohs
0xbabeb4 listen
0xbabeb8 ioctlsocket
0xbabebc inet_ntoa
0xbabec0 inet_addr
0xbabec4 htons
0xbabec8 getsockopt
0xbabecc getsockname
0xbabed0 getpeername
0xbabed4 connect
0xbabed8 closesocket
0xbabedc bind
0xbabee0 accept
库: winmm.dll:
0xbabee8 timeGetTime
库: shell32.dll:
0xbabef0 None
库: netapi32.dll:
0xbabef8 NetLocalGroupEnum
0xbabefc NetUserEnum
库: gdiplus.dll:
0xbabf1c GdipMeasureString
0xbabf20 GdipDrawString
0xbabf24 GdipDeleteFont
0xbabf28 GdipCreateFont
0xbabf38 GdipGetClip
0xbabf3c GdipResetClip
0xbabf40 GdipSetClipRegion
0xbabf44 GdipSetClipPath
0xbabf48 GdipSetClipRect
0xbabf4c GdipDrawImageI
0xbabf50 GdipFillPath
0xbabf54 GdipFillEllipseI
0xbabf58 GdipFillPolygonI
0xbabf5c GdipDrawPolygonI
0xbabf60 GdipDrawEllipseI
0xbabf64 GdipDrawEllipse
0xbabf68 GdipDrawLineI
0xbabf74 GdipDeleteGraphics
0xbabf78 GdipCreateFromHDC
0xbabf88 GdipDisposeImage
0xbabf94 GdipDeletePen
0xbabf98 GdipCreatePen1
0xbabfb0 GdipSetLineBlend
0xbabfbc GdipDeleteBrush
0xbabfc0 GdipCloneBrush
0xbabfc4 GdipDeleteRegion
0xbabfc8 GdipCreateRegion
0xbabfcc GdipAddPathPolygonI
0xbabfd0 GdipAddPathEllipse
0xbabfd4 GdipDeletePath
0xbabfd8 GdipCreatePath
0xbabfdc GdiplusShutdown
0xbabfe0 GdiplusStartup
0xbabfe4 GdipFree
0xbabfe8 GdipAlloc
库: IPHLPAPI.DLL:
0xbabff0 GetIpAddrTable
0xbabff4 GetIfTable
库: Crypt32.dll:
0xbabffc CryptUnprotectData
0xbac000 CryptProtectData
库: wininet.dll:
0xbac008 InternetCloseHandle
0xbac00c InternetReadFile
0xbac010 HttpQueryInfoA
0xbac014 InternetOpenUrlA
0xbac018 InternetOpenA
库: user32.dll:
库: kernel32.dll:
0xbac028 GetLongPathNameA
0xbac02c GetProcessId
库: advapi32.dll:
库: shell32.dll:
0xbac03c ExtractIconExA
库: kernel32:

`DATA
.idata
.rdata
P.reloc
P.rsrc
Int64
Single
System
IInterface
Uh}+@
Uh1B@
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
Ph(I@
UhMN@
kernel32.dll
GetLongPathNameA
Software\Borland\Locales
Software\Borland\Delphi\Locales
UhWr@
Uhsw@
Uh6y@
UhA{@
Magellan MSWHEEL
MouseZ
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
FastMM4 (c) 2004 - 2011 Pierre le Riche / Professional Software Development
t'QRj
MM Operation after uninstall.
FastMM has detected a GetMem call after FastMM was uninstalled.
MM Operation after uninstall.
FastMM has detected a FreeMem call after FastMM was uninstalled.
MM Operation after uninstall.
FastMM has detected a ReallocMem call after FastMM was uninstalled.
Already installed.
FastMM4 is already installed.
Cannot install FastMM4 - Another memory manager is already installed
section of your project's .dpr file.
Cannot install FastMM4 - Memory has already been allocated
go into its configuration page and ensure that the FastMM4.pas unit is initialized before any other unit.
SysUtils
SWSVj
False
AM/PM
AM/PM
D$LPj
UhR A
Uh !A
Uh,#A
Uh0/A
m/d/yy
mmmm d, yyyy
AMPM
AMPM
:mm:ss
Uh[7A
m/d/yy
mmmm d, yyyy
AMPM
AMPM
:mm:ss
Uh/9A
DVCLAL
kernel32.dll
GetDiskFreeSpaceExA
UhSAA
Uh:BA
UhpGA
UhVHA
Uh.IA
UhhKA
QhPNA
oleaut32.dll
VariantChangeTypeEx
VarNeg
VarNot
VarAdd
VarSub
VarMul
VarDiv
VarIdiv
VarMod
VarAnd
VarOr
VarXor
VarCmp
VarI4FromStr
VarR4FromStr
VarR8FromStr
VarDateFromStr
VarCyFromStr
VarBoolFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromBool
TCustomVariantType@PA
Variants
EVariantBadVarTypeError
EVariantUnexpectedErrordUA
Uh.VA
UhrWA
UhbXA
UhfdA
Uh{hA
UhLnA
UhjsA
Uh@xA
Uh/yA
Uh9~A
Empty
Smallint
Integer
Single
Double
Currency
OleStr
Dispatch
Error
Boolean
Variant
Unknown
Decimal
ShortInt
LongWord
Int64
String
Array
ByRef
False
tagEXCEPINFO
TNotifyEvent
TObject
Classes
Classes
Classes
Classes
Classes
Classes
Classes
Classes
Classes
Classes
TThreadMethod
Classes
Classes
没有防病毒引擎扫描信息!

进程树


MobaXterm_Personal_22.1.exe, PID: 2640, 上一级进程 PID: 2292
XWin_MobaX.exe, PID: 2540, 上一级进程 PID: 2640

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49157 23.48.5.20 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49157 23.48.5.20 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 41.204 seconds )

  • 11.987 Suricata
  • 11.92 Static
  • 8.186 BehaviorAnalysis
  • 4.88 NetworkAnalysis
  • 3.771 TargetInfo
  • 0.392 peid
  • 0.042 config_decoder
  • 0.012 AnalysisInfo
  • 0.012 Strings
  • 0.002 Memory

Signatures ( 7.08 seconds )

  • 1.404 proprietary_url_bl
  • 0.805 mimics_filetime
  • 0.628 api_spamming
  • 0.5 stealth_timeout
  • 0.478 stealth_decoy_document
  • 0.248 injection_createremotethread
  • 0.218 reads_self
  • 0.208 stealth_file
  • 0.205 virus
  • 0.2 bootkit
  • 0.179 proprietary_anomaly_write_exe_and_obsfucate_extension
  • 0.175 antivm_generic_disk
  • 0.151 injection_runpe
  • 0.134 injection_explorer
  • 0.109 hancitor_behavior
  • 0.09 antiav_detectreg
  • 0.086 proprietary_anomaly_massive_file_ops
  • 0.084 antiav_detectfile
  • 0.066 proprietary_malicious_write_executeable_under_temp_to_regrun
  • 0.062 infostealer_ftp
  • 0.061 securityxploded_modules
  • 0.059 infostealer_bitcoin
  • 0.058 ransomware_extensions
  • 0.054 sets_autoconfig_url
  • 0.053 ransomware_message
  • 0.037 ipc_namedpipe
  • 0.036 infostealer_im
  • 0.033 ransomware_files
  • 0.031 antivm_vbox_files
  • 0.028 proprietary_anomaly_write_exe_and_dll_under_winroot_run
  • 0.027 disables_wfp
  • 0.025 disables_spdy
  • 0.025 infostealer_mail
  • 0.024 anomaly_persistence_autorun
  • 0.021 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.02 office_dl_write_exe
  • 0.019 antidbg_windows
  • 0.019 antidbg_devices
  • 0.018 vawtrak_behavior
  • 0.017 antianalysis_detectreg
  • 0.016 office_write_exe
  • 0.016 rat_luminosity
  • 0.014 proprietary_anomaly_terminated_process
  • 0.013 rat_pcclient
  • 0.011 removes_zoneid_ads
  • 0.011 network_tor
  • 0.01 betabot_behavior
  • 0.01 deletes_self
  • 0.01 antivm_generic_scsi
  • 0.01 process_needed
  • 0.009 upatre_behavior
  • 0.009 antivm_generic_services
  • 0.009 geodo_banking_trojan
  • 0.009 proprietary_domain_bl
  • 0.008 rat_nanocore
  • 0.008 kibex_behavior
  • 0.007 kovter_behavior
  • 0.006 antiemu_wine_func
  • 0.006 ransomware_dmalocker
  • 0.006 kazybot_behavior
  • 0.006 anormaly_invoke_kills
  • 0.006 antivm_vmware_files
  • 0.006 codelux_behavior
  • 0.005 tinba_behavior
  • 0.005 infostealer_browser_password
  • 0.005 disables_browser_warn
  • 0.005 stealth_web_history
  • 0.004 banker_prinimalka
  • 0.004 hawkeye_behavior
  • 0.004 antivm_vbox_libs
  • 0.004 anomaly_persistence_bootexecute
  • 0.004 anomaly_reset_winsock
  • 0.004 antivm_vbox_window
  • 0.004 kelihos_behavior
  • 0.004 creates_largekey
  • 0.004 sniffer_winpcap
  • 0.004 antivm_parallels_keys
  • 0.004 browser_security
  • 0.004 proprietary_anomaly_mismatch_mime_extension
  • 0.003 ransomeware_modifies_desktop_wallpaper
  • 0.003 shifu_behavior
  • 0.003 cerber_behavior
  • 0.003 antisandbox_script_timer
  • 0.003 pony_behavior
  • 0.003 antianalysis_detectfile
  • 0.003 antivm_vpc_files
  • 0.003 antivm_xen_keys
  • 0.003 banker_cridex
  • 0.003 modify_proxy
  • 0.003 darkcomet_regkeys
  • 0.003 malicous_targeted_flame
  • 0.003 network_http
  • 0.003 network_tor_service
  • 0.002 antiav_avast_libs
  • 0.002 dridex_behavior
  • 0.002 antisandbox_sleep
  • 0.002 antisandbox_sunbelt_libs
  • 0.002 exec_crash
  • 0.002 antivm_generic_diskreg
  • 0.002 browser_addon
  • 0.002 disables_system_restore
  • 0.002 proprietary_bad_drop
  • 0.002 stealth_hiddenreg
  • 0.002 stealth_hide_notifications
  • 0.002 stealth_modify_uac_prompt
  • 0.002 stealth_modify_security_center_warnings
  • 0.001 antivm_vmware_libs
  • 0.001 process_interest
  • 0.001 browser_needed
  • 0.001 ursnif_behavior
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 bypass_firewall
  • 0.001 spreading_autoruninf
  • 0.001 modifies_hostfile
  • 0.001 antisandbox_fortinet_files
  • 0.001 antisandbox_productid
  • 0.001 antisandbox_sunbelt_files
  • 0.001 antisandbox_threattrack_files
  • 0.001 antivm_xen_keys
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vbox_acpi
  • 0.001 antivm_vbox_devices
  • 0.001 antivm_vbox_keys
  • 0.001 antivm_vmware_keys
  • 0.001 antivm_vpc_keys
  • 0.001 bitcoin_opencl
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 disables_windows_defender
  • 0.001 proprietary_anomaly_invoke_vb_vba
  • 0.001 network_cnc_http
  • 0.001 office_security
  • 0.001 packer_armadillo_regkey
  • 0.001 ransomware_radamant
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 static_pe_anomaly
  • 0.001 stealth_hidden_extension

Reporting ( 1.597 seconds )

  • 1.152 ReportHTMLSummary
  • 0.445 Malheur
Task ID 764030
Mongo ID 6749b8817e769a640342dc88
Cuckoo release 1.4-Maldun