恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64	2016-06-19 23:54:37	2016-06-19 23:57:08	151 秒

魔盾分数

8.9

危险的

文件详细信息

文件名	azkspl.exe
文件大小	932352 字节
文件类型	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	f030c40d745451c4223b47b0fdaca2c3
SHA1	9bdfcba20842bb27a69b4e98f2d5077e468956b9
SHA256	7e3e0771c098552085b6ee3f164481078ac2ace9826c570a6c6abbab7f2f8db6
SHA512	9b2038ff64a61f5d11fdf672948eafd657070437616e3df0a66ba75ab5c89958a001ba3e01e819ac6e2883b3a94718a608b2c9aacf61d672bbca930146cd3668
CRC32	606D2D2B
Ssdeep	24576:th3y1cucJj3YcRY407uIhVSWIsuD8D5N2l0Hbkp29bl:th0cuczXIjHuDWo0Hop2Bl
Yara	登录查看Yara规则
	样本下载提交误报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
dns.msftncsi.com	未知	A 131.107.255.255
dns.msftncsi.com	未知	AAAA fd3e:4f5a:5b81::1

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x004012a0
声明校验值	0x00000000
实际校验值	0x000f2956
最低操作系统版本要求	4.0
编译时间	1987-12-08 21:34:56
图标
图标精确哈希值	54b939f59e3be3111195e58073531a92
图标相似性哈希值	d20e7513026bc66f80531019eb144803
导出DLL库名称	Depletion.exe

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
satellites
orders
OriginalFilename
sashes
Translation

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x0007db3c	0x0007dc00	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_ALIGN_16BYTES	6.18
.data	0x0007f000	0x000044d4	0x00004600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE\|IMAGE_SCN_ALIGN_64BYTES	5.85
.rdata	0x00084000	0x0000aa34	0x0000ac00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_ALIGN_64BYTES	4.85
.eh_fram	0x0008f000	0x00001510	0x00001600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_ALIGN_4BYTES	4.80
.bss	0x00091000	0x00006e80	0x00000000	IMAGE_SCN_CNT_UNINITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE\|IMAGE_SCN_ALIGN_64BYTES	0.00
.edata	0x00098000	0x00000046	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_ALIGN_4BYTES	0.68
.idata	0x00099000	0x000010dc	0x00001200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE\|IMAGE_SCN_ALIGN_4BYTES	5.13
.CRT	0x0009b000	0x0000001c	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE\|IMAGE_SCN_ALIGN_4BYTES	0.16
.tls	0x0009c000	0x00000020	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE\|IMAGE_SCN_ALIGN_4BYTES	0.22
.reloc	0x0009d000	0x00004588	0x00004600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_ALIGN_4BYTES	6.66
.24rrg	0x000a2000	0x0004f2d8	0x0004f400	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	7.20

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_BITMAP	0x000d8750	0x00000c36	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.55	data
RT_ICON	0x000f0890	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_UK	5.30	GLS_BINARY_LSB_FIRST
RT_ICON	0x000f0890	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_UK	5.30	GLS_BINARY_LSB_FIRST
RT_ICON	0x000f0890	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_UK	5.30	GLS_BINARY_LSB_FIRST
RT_ICON	0x000f0890	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_UK	5.30	GLS_BINARY_LSB_FIRST
RT_ICON	0x000f0890	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_UK	5.30	GLS_BINARY_LSB_FIRST
RT_ICON	0x000f0890	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_UK	5.30	GLS_BINARY_LSB_FIRST
RT_RCDATA	0x000f0d0c	0x00000064	LANG_NEUTRAL	SUBLANG_DEFAULT	6.00	VAX COFF executable not stripped - version 20303
RT_RCDATA	0x000f0d0c	0x00000064	LANG_NEUTRAL	SUBLANG_DEFAULT	6.00	VAX COFF executable not stripped - version 20303
RT_GROUP_ICON	0x000f0d70	0x0000005a	LANG_ENGLISH	SUBLANG_ENGLISH_UK	2.90	MS Windows icon resource - 6 icons, 96x96, 256-colors
RT_VERSION	0x000f0dcc	0x0000038c	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.34	DOS executable (COM)
RT_MANIFEST	0x000f1158	0x0000017d	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.91	XML 1.0 document text

导入

库: KERNEL32.dll:

• 0x499304 AddAtomA

• 0x499308 CloseHandle

• 0x49930c CreateEventA

• 0x499310 CreateMutexA

• 0x499314 CreateSemaphoreA

• 0x499318 DeleteCriticalSection

• 0x49931c DuplicateHandle

• 0x499320 EnterCriticalSection

• 0x499324 ExitProcess

• 0x499328 FindAtomA

• 0x49932c GetAtomNameA

• 0x499330 GetCommandLineA

• 0x499334 GetCurrentProcess

• 0x499338 GetCurrentThread

• 0x49933c GetCurrentThreadId

• 0x499340 GetDiskFreeSpaceExW

• 0x499344 GetHandleInformation

• 0x499348 GetLastError

• 0x49934c GetLocalTime

• 0x499350 GetModuleHandleA

• 0x499354 GetProcAddress

• 0x499358 GetProcessAffinityMask

• 0x49935c GetStartupInfoA

• 0x499360 GetStdHandle

• 0x499364 GetThreadContext

• 0x499368 GetThreadPriority

• 0x49936c InitializeCriticalSection

• 0x499370 InterlockedDecrement

• 0x499374 InterlockedExchange

• 0x499378 InterlockedExchangeAdd

• 0x49937c InterlockedIncrement

• 0x499380 IsDBCSLeadByteEx

• 0x499384 LeaveCriticalSection

• 0x499388 MultiByteToWideChar

• 0x49938c ReleaseMutex

• 0x499390 ReleaseSemaphore

• 0x499394 ResetEvent

• 0x499398 ResumeThread

• 0x49939c SetCriticalSectionSpinCount

• 0x4993a0 SetEvent

• 0x4993a4 SetLastError

• 0x4993a8 SetProcessAffinityMask

• 0x4993ac SetThreadContext

• 0x4993b0 SetThreadPriority

• 0x4993b4 SetUnhandledExceptionFilter

• 0x4993b8 Sleep

• 0x4993bc SuspendThread

• 0x4993c0 TlsAlloc

• 0x4993c4 TlsGetValue

• 0x4993c8 TlsSetValue

• 0x4993cc TryEnterCriticalSection

• 0x4993d0 VirtualAlloc

• 0x4993d4 VirtualProtect

• 0x4993d8 VirtualQuery

• 0x4993dc WaitForMultipleObjects

• 0x4993e0 WaitForSingleObject

• 0x4993e4 WideCharToMultiByte

• 0x4993e8 WriteConsoleW

库: msvcrt.dll:

• 0x4993f0 _fdopen

• 0x4993f4 _read

• 0x4993f8 _write

库: msvcrt.dll:

• 0x499400 __getmainargs

• 0x499404 __mb_cur_max

• 0x499408 __p__environ

• 0x49940c __p__fmode

• 0x499410 __set_app_type

• 0x499414 _beginthreadex

• 0x499418 _cexit

• 0x49941c _endthreadex

• 0x499420 _errno

• 0x499424 _filelengthi64

• 0x499428 _fstati64

• 0x49942c _ftime

• 0x499430 _iob

• 0x499434 _lseeki64

• 0x499438 _onexit

• 0x49943c _setjmp

• 0x499440 _setmode

• 0x499444 abort

• 0x499448 atexit

• 0x49944c atoi

• 0x499450 calloc

• 0x499454 exit

• 0x499458 fclose

• 0x49945c fflush

• 0x499460 fgetpos

• 0x499464 fopen

• 0x499468 fprintf

• 0x49946c fputc

• 0x499470 fputs

• 0x499474 fread

• 0x499478 free

• 0x49947c fsetpos

• 0x499480 fwrite

• 0x499484 getc

• 0x499488 getenv

• 0x49948c getwc

• 0x499490 iswctype

• 0x499494 localeconv

• 0x499498 longjmp

• 0x49949c malloc

• 0x4994a0 memchr

• 0x4994a4 memcmp

• 0x4994a8 memcpy

• 0x4994ac memmove

• 0x4994b0 memset

• 0x4994b4 printf

• 0x4994b8 putc

• 0x4994bc putwc

• 0x4994c0 realloc

• 0x4994c4 setlocale

• 0x4994c8 setvbuf

• 0x4994cc signal

• 0x4994d0 sprintf

• 0x4994d4 strchr

• 0x4994d8 strcmp

• 0x4994dc strcoll

• 0x4994e0 strerror

• 0x4994e4 strftime

• 0x4994e8 strlen

• 0x4994ec strtod

• 0x4994f0 strxfrm

• 0x4994f4 towlower

• 0x4994f8 towupper

• 0x4994fc ungetc

• 0x499500 ungetwc

• 0x499504 vfprintf

• 0x499508 wcscoll

• 0x49950c wcsftime

• 0x499510 wcslen

• 0x499514 wcsxfrm

• 0x499518 wprintf

库: USER32.dll:

• 0x499520 AppendMenuW

• 0x499524 CheckMenuItem

• 0x499528 CheckMenuRadioItem

• 0x49952c CreateMenu

• 0x499530 CreateWindowExW

• 0x499534 DefWindowProcW

• 0x499538 DispatchMessageA

• 0x49953c GetMenuState

• 0x499540 GetMessageA

• 0x499544 GetSysColorBrush

• 0x499548 GetWindowRect

• 0x49954c LoadCursorA

• 0x499550 MessageBeep

• 0x499554 PostQuitMessage

• 0x499558 RegisterClassW

• 0x49955c SendMessageA

• 0x499560 SetMenu

• 0x499564 SetWindowTextW

• 0x499568 ShowWindow

• 0x49956c TranslateMessage

库: COMCTL32.dll:

• 0x499574 None

导出

序列	地址	名称
1	0x47f000	Sweep

.text
P`.data
.rdata
0@.bss
.edata
0@.idata
.reloc
0B.24rrg
D$|$@H
D$`m4@
D$@KQ@
D$@x\@
D$Pz_@
D$@Ia@
D$@dk@
D$@kp@
|$`@(I
|$`@2I
@$$}H
@$$}H
@ &}H
@(&}H
@ &}H
@(&}H
D$, sI
D$P;CC
@ =0<C
|$(0<C
D$@Z^E
D$@kkE
D$P-"F
D$PeTF
D$@fYF
D$@w[F
D$@F]F
D$@FjF
D$@$vF
D$@t~F
D$@GWG
D$@'XG
D$@7ZG
D$@W]G
D$@gaG
D$@GdG
D$@WfG
N`YmRYFv_WJrA
libgcj-13.dll
_Jv_RegisterClasses
ios_base::_M_grow_words is not valid
ios_base::_M_grow_words allocation failed
basic_ios::clear
__gnu_cxx::__concurrence_lock_error
__gnu_cxx::__concurrence_unlock_error
__gnu_cxx::__concurrence_lock_error
__gnu_cxx::__concurrence_unlock_error
locale::_S_normalize_category category not found
locale::_Impl::_M_replace_facet
std::exception
std::bad_exception
eh_globals
__gnu_cxx::__concurrence_lock_error
__gnu_cxx::__concurrence_unlock_error
std::future_error
POSIX
%s: __pos (which is %zu) > this->size() (which is %zu)
basic_string::at: __n (which is %zu) >= this->size() (which is %zu)
basic_string::copy
basic_string::compare
basic_string::_S_create
basic_string::erase
basic_string::_M_replace_aux
basic_string::insert
basic_string::replace
basic_string::assign
basic_string::append
basic_string::resize
basic_string::_S_construct null not valid
basic_string::basic_string
basic_string::substr
basic_string::_S_construct null not valid
POSIX
basic_string::erase
%s: __pos (which is %zu) > this->size() (which is %zu)
%.*Lf
%m/%d/%y
%H:%M
%H:%M:%S
basic_string::_S_construct null not valid
POSIX
basic_string::erase
%s: __pos (which is %zu) > this->size() (which is %zu)
%.*Lf
%m/%d/%y
%H:%M
%H:%M:%S
__gnu_cxx::__concurrence_lock_error
__gnu_cxx::__concurrence_unlock_error
__gnu_cxx::__concurrence_broadcast_error
__gnu_cxx::__concurrence_wait_error
false
%s: __pos (which is %zu) > this->size() (which is %zu)
basic_string::at: __n (which is %zu) >= this->size() (which is %zu)
basic_string::copy
basic_string::compare
basic_string::_S_create
basic_string::erase
basic_string::_M_replace_aux
basic_string::insert
basic_string::replace
basic_string::assign
basic_string::append
basic_string::resize
basic_string::_S_construct null not valid
basic_string::basic_string
basic_string::substr
locale::facet::_S_create_c_locale name not valid
LC_CTYPE
LC_NUMERIC
LC_TIME
LC_COLLATE
LC_MONETARY
LC_MESSAGES
basic_filebuf::underflow codecvt::max_length() is not valid
basic_filebuf::underflow incomplete character in file
basic_filebuf::underflow invalid byte sequence in file
basic_filebuf::underflow error reading the file
basic_filebuf::xsgetn error reading the file
basic_filebuf::_M_convert_to_external conversion error
__terminate_handler_sh
__unexpected_handler_sh
std::bad_alloc
std::bad_cast
std::bad_typeid
generic
system
*N12_GLOBAL__N_122generic_error_categoryE
*N12_GLOBAL__N_121system_error_categoryE
future
Broken promise
Future already retrieved
Promise already satisfied
No associated state
Unknown error
*N12_GLOBAL__N_121future_error_categoryE
bad_function_call
regex_error
POSIX
space
print
cntrl
upper
lower
alpha
digit
punct
xdigit
alnum
graph
-+xX0123456789abcdef0123456789ABCDEF
-+xX0123456789abcdefABCDEF
-0123456789
%m/%d/%y
%H:%M:%S
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
terminate called after throwing an instance of '
  what():  
std::bad_array_new_length
std::bad_array_length
_GLOBAL_
(anonymous namespace)
[abi:
{default arg#
JArray
vtable for 
VTT for 
construction vtable for 
typeinfo for 
typeinfo name for 
typeinfo fn for 
non-virtual thunk to 
virtual thunk to 
covariant return thunk to 
java Class for 
guard variable for 
TLS init function for 
TLS wrapper function for 
reference temporary #
 for 
hidden alias for 
transaction clone for 
non-transaction clone for 
_Sat 
_Accum
_Fract
operator
operator 
false
java resource 
decltype (
{parm#
global constructors keyed to 
global destructors keyed to 
{lambda(
{unnamed type#
 [clone 
 restrict
 volatile
 const
complex 
imaginary 
 __vector(
string literal
std::allocator
allocator
std::basic_string
basic_string
std::string
std::basic_string<char, std::char_traits<char>, std::allocator<char> >
std::istream
std::basic_istream<char, std::char_traits<char> >
basic_istream
std::ostream
std::basic_ostream<char, std::char_traits<char> >
basic_ostream
std::iostream
std::basic_iostream<char, std::char_traits<char> >
basic_iostream
alignof 
const_cast
delete[] 
dynamic_cast
delete 
operator"" 
new[]
reinterpret_cast
static_cast
sizeof 
throw
throw 
signed char
boolean
double
long double
float
__float128
unsigned char
unsigned int
unsigned
unsigned long
__int128
unsigned __int128
short
unsigned short
wchar_t
long long
unsigned long long
decimal32
decimal64
decimal128
char16_t
char32_t
decltype(nullptr)
  VirtualQuery failed for %d bytes at address %p
use_fc_key
fc_key
sjlj_once
fc_static
alnum
alpha
cntrl
digit
graph
lower
print
punct
space
upper
xdigit
(null)
PRINTF_EXPONENT_DIGITS
inity
Infinity
ABCDEF
abcdef
0123456789
mutex_global_shmem
C:/crossdev/src/winpthreads-git20141130/src/mutex.c
(m_->valid == LIFE_MUTEX) && (m_->busy > 0)
mutex_global_static_shmem
mxattr_recursive_shmem
mxattr_errorcheck_shmem
idListCnt_shmem
idList_shmem
once_global_shmem
once_obj_shmem
idListMax_shmem
idListNextId_shmem
mtx_pthr_locked_shmem
pthr_root_shmem
pthr_last_shmem
_pthread_tls_shmem
_pthread_tls_once_shmem
_pthread_key_dest_shmem
_pthread_cancelling_shmem
_pthread_concur_shmem
_pthread_key_lock_shmem
_pthread_key_max_shmem
_pthread_key_sch_shmem
dummy_concurrency_level_shmem
cond_locked_shmem_cond
global_lock_spinlock
rwl_global_shmem
C:/crossdev/src/winpthreads-git20141130/src/rwlock.c
(((rwlock_t *)*rwl)->valid == LIFE_RWLOCK) && (((rwlock_t *)*rwl)->busy > 0)
cond_locked_shmem_rwlock
N10__cxxabiv115__forced_unwindE
N10__cxxabiv117__class_type_infoE
N10__cxxabiv119__foreign_exceptionE
N10__cxxabiv120__si_class_type_infoE
N10__cxxabiv121__vmi_class_type_infoE
N9__gnu_cxx13stdio_filebufIcSt11char_traitsIcEEE
N9__gnu_cxx13stdio_filebufIwSt11char_traitsIwEEE
N9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEEE
N9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEEE
N9__gnu_cxx24__concurrence_lock_errorE
N9__gnu_cxx24__concurrence_wait_errorE
N9__gnu_cxx26__concurrence_unlock_errorE
N9__gnu_cxx29__concurrence_broadcast_errorE
NSt13__future_base12_Result_baseE
NSt6locale5facetE
NSt8ios_base7failureE
St10bad_typeid
St10ctype_base
St10money_base
St10moneypunctIcLb0EE
St10moneypunctIcLb1EE
St10moneypunctIwLb0EE
St10moneypunctIwLb1EE
St11__timepunctIcE
St11__timepunctIwE
St11logic_error
St11range_error
St11regex_error
St12codecvt_base
St12ctype_bynameIcE
St12ctype_bynameIwE
St12domain_error
St12future_error
St12length_error
St12out_of_range
St12system_error
St13bad_exception
St13basic_filebufIcSt11char_traitsIcEE
St13basic_filebufIwSt11char_traitsIwEE
St13basic_fstreamIcSt11char_traitsIcEE
St13basic_fstreamIwSt11char_traitsIwEE
St13basic_istreamIwSt11char_traitsIwEE
St13basic_ostreamIwSt11char_traitsIwEE
St13messages_base
St13runtime_error
St14basic_ifstreamIcSt11char_traitsIcEE
St14basic_ifstreamIwSt11char_traitsIwEE
St14basic_iostreamIwSt11char_traitsIwEE
St14basic_ofstreamIcSt11char_traitsIcEE
St14basic_ofstreamIwSt11char_traitsIwEE
St14codecvt_bynameIcciE
St14codecvt_bynameIwciE
St14collate_bynameIcE
St14collate_bynameIwE
St14error_category
St14overflow_error
St15basic_streambufIcSt11char_traitsIcEE
St15basic_streambufIwSt11char_traitsIwEE
St15messages_bynameIcE
St15messages_bynameIwE
St15numpunct_bynameIcE
St15numpunct_bynameIwE
St15time_get_bynameIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE
St15time_get_bynameIwSt19istreambuf_iteratorIwSt11char_traitsIwEEE
St15time_put_bynameIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE
St15time_put_bynameIwSt19ostreambuf_iteratorIwSt11char_traitsIwEEE
St15underflow_error
St16__numpunct_cacheIcE
St16__numpunct_cacheIwE
St16bad_array_length
St16invalid_argument
St17__timepunct_cacheIcE
St17__timepunct_cacheIwE
St17bad_function_call
St17moneypunct_bynameIcLb0EE
St17moneypunct_bynameIcLb1EE
St17moneypunct_bynameIwLb0EE
St17moneypunct_bynameIwLb1EE
St18__moneypunct_cacheIcLb0EE
St18__moneypunct_cacheIcLb1EE
St18__moneypunct_cacheIwLb0EE
St18__moneypunct_cacheIwLb1EE
St20bad_array_new_length
St21__ctype_abstract_baseIcE
St21__ctype_abstract_baseIwE
St23__codecvt_abstract_baseIcciE
St23__codecvt_abstract_baseIwciE
St5ctypeIcE
St5ctypeIwE
St7codecvtIcciE
St7codecvtIwciE
St7collateIcE
St7collateIwE
St7num_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE
St7num_getIwSt19istreambuf_iteratorIwSt11char_traitsIwEEE
St7num_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE
St7num_putIwSt19ostreambuf_iteratorIwSt11char_traitsIwEEE
St8bad_cast
St8ios_base
St8messagesIcE
St8messagesIwE
St8numpunctIcE
St8numpunctIwE
St8time_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE
St8time_getIwSt19istreambuf_iteratorIwSt11char_traitsIwEEE
St8time_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE
St8time_putIwSt19ostreambuf_iteratorIwSt11char_traitsIwEEE
St9bad_alloc
St9basic_iosIcSt11char_traitsIcEE
St9basic_iosIwSt11char_traitsIwEE
St9exception
St9money_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE
St9money_getIwSt19istreambuf_iteratorIwSt11char_traitsIwEEE
St9money_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE
St9money_putIwSt19ostreambuf_iteratorIwSt11char_traitsIwEEE
St9time_base
St9type_info
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (tdm-1) 4.9.2
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (tdm-1) 4.9.2
Depletion.exe
Sweep
AddAtomA
CloseHandle
CreateEventA
CreateMutexA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FindAtomA
GetAtomNameA
GetCommandLineA
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExW
GetHandleInformation
GetLastError
GetLocalTime
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetStdHandle
GetThreadContext
GetThreadPriority
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
ReleaseMutex
ReleaseSemaphore
ResetEvent
ResumeThread
SetCriticalSectionSpinCount
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualAlloc
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
_fdopen
_read
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_beginthreadex
_cexit
_endthreadex
_errno
_filelengthi64
_fstati64
_ftime
_lseeki64
_onexit
_setjmp
_setmode
abort
atexit
calloc
fclose
fflush
fgetpos
fopen
fprintf
fputc
fputs
fread
fsetpos
fwrite
getenv
getwc
iswctype
localeconv
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putwc
realloc
setlocale
setvbuf
signal
sprintf
strchr
strcmp
strcoll
strerror
strftime
strlen
strtod
strxfrm
towlower
towupper
ungetc
ungetwc
vfprintf
wcscoll
wcsftime
wcslen
wcsxfrm
wprintf
AppendMenuW
CheckMenuItem
CheckMenuRadioItem
CreateMenu
CreateWindowExW
DefWindowProcW
DispatchMessageA
GetMenuState
GetMessageA
GetSysColorBrush
GetWindowRect
LoadCursorA
MessageBeep
PostQuitMessage
RegisterClassW
SendMessageA
SetMenu
SetWindowTextW
ShowWindow
TranslateMessage
COMCTL32.dll
KERNEL32.dll
msvcrt.dll
msvcrt.dll
USER32.dll
=+=2=?=F=S=Z=z>
:):0:9>A>I>
>0?8?@?a?
<E>&?
>F> ?(?0?_?
;P<X<`<C>P>W>
5K?R?Y?
];d;t;
;B>I>P>x>
;F<D=
;[=b=i=+?2?9?
=U?_?i?
>;?B?O?
;k<@>G>
=/>6>=>d>
=[>b>i>
7g9o9~91>8>F>
=e?l?s?
>7?>?`?g?
=2?9?F?
<=<f<;?
: :$:(:,:T?X?\?`?d?h?l?
> >$>(>
? ?$?0?4?@?D?
3$3(3,3034383<3
8gW4K
+IQ`H
XFV+S
$D31m{r4
S*e9A4I
Opnrt
0nFNF
Gb$I8~
Ramps Glazes equation mount Electron Panes cars Toss concurrence Bracing Pan Divisions Site pastes Alignment Kinds solutions Tenders Loan fields Dealers toothpicks Tag multiplex Lent
copy investments relationships Flags display Depositions swell posts bristle Messages Sidewalks Rinse letters adjective Porter messenger Message Sponsors discount
iron Obligations winter Tasks Labors Patient Specialist header flickers Relay Tapers chokes Relationships Officers mind violations friends moments shirts Winter Capstan Saturdays tourniquets thumb index blast indicators quartermasters Punches Tours Breaths
Interference Winch strikers Ropes Coal detection end exits lantern Wills Swim treatment manual Tuesdays twin Glues observation upside tractor stern Residents Stators compression cloudiness pea Abuses Shelters Alerts Expenses representatives Rolls Quarterdeck forks Location
msctls_statusbar32
Advisers Binder interest Incentive Amplitude punches Multiplication pitch property prepositions Evaporation Public Paste driller troops Groom Roars relief guard Motel Collisions Plates requirement ticks appraisal mills Withdrawal help equations checkers Reservoir Blood windlass Colon may Drawers
Trackers Game opinion blindfolds millimeter Laser buys Property heading method march cloud withdrawal variables
Curve flaps wrecks blades Numbers Merchants Stators Bill Marks Morning publication Match cloths Notes enemy conspiracy
rag toe linens Meters Basket stretcher alternate universe Tanks Gate rowers tries Weeks judge equivalents Coupling writing Majors Arraignment rubber jumper Intents Apportionment Tone permission reviews
kiloliters retention veterans Checkpoint Weather user dispatchers document feeder matches superlatives self villages Rounds Builders dock Dimensions session troop zeros cloud nonavailability mountain Oil Car fluid Prefixes batteries Grid Doses Sevens Make Steeple Deeds
Grinders Reading kill nerve Expense priority region Locks Honors oaks supervision Cellar staffs yell Result content Entries howls Replenishments Beliefs Assistant Hoist Coin Barge glance theory pencil Group Secret cheaters Spikes Parameters count
cables Size Soldiers horns hairs Loaf Research Mixture dopes union Light investigation intensity Runway legends tears moneys Dictionary Bills Assemblies stumps plans Remains books tills Attacker music operators Break friend
motel letter sock sounds Ices paneling grant Hint heaps plastics Desire reading operand ballast Withdrawal Loop sides validation pan Fog
lightning Symptoms Diaphragm Dare liver shapes Thousand Lantern Jacks Catch Worms Chokes sunday presumptions rigging College soldiers Supplies enlistment Benefits Corner flaps Try peaks fall laugh toe tailors
warehouses extras Beads Bullet look Photo particles Exposures letterheads
targets Appearance hoops subordinate Saturdays glove photograph Discharge Projects
Calibration Breaks Owner exercise importance Reaction Stumps restrictions Focuses Silence subdivisions thumbs Alibis event Electrolytes lessons Entries cargo Sled needle
Sailor trips Combustion braces tenth Sets Sun aptitudes Railway confinement Assignments print synthetics percent mate Catalog Dependencies uncertainties Affair bends dirt monitors purges sediment Staple Keys Mathematics Explanations
flanges Blueprints Ceilings earth election Vendor diesels Stress Hauls Rifle stacks preserver ingredient discard Majority Order Name Score scopes blink secrets Crimes halyards Vehicles sexes Azimuth Mixture Quantity belts Skirt Purchase Propulsions staples pronoun Patients
Mechanisms broom characters lamps House Sorts Terminations trailer abuser Friction Shafts relationships Pushes clicks oven Compliances
tanks qualifier Tag
Screens launchers Speed Languages Helicopters blackboards clerk sets paintings Commander order discount Breakdowns Rattle Fear quota plexiglass Visitor Army mailboxes knocks Interview stencil Flicker Headers Flame combination Divers chill Worry description spots Bell
Success satellites furnace Integers vision streets Thirties meet Lines Community presumption accrual rower removal President gunnery Paste Teaspoon attribute study Units Exit Shelves Termination Strength bangs hickories August Housefall roots mover visibilities Tone bulk blast blood staples
fences privates Purges deserts dab conjectures Classes ropes practice upside camp signalers interface beach conspiracy Screams Owners stretcher Frigates explosives Sea Surrenders hits Public walks Public Circumstances
date Plants Mode party Smile circulations millimeter Additive Fits Pat tendencies gyro Reduction Shots January Operand installation brake section knees Sneezes wills Civilians
pyramid cart coxswains Tugs Flake detonations deck abrasion Mask noses Expenditures reenlistments Magneto buzz Prices delimiter mover dynamometers mustard Writing Meat Sewers header coil
entrances Frigate custodians Oxygens pane sex Sevenths badges
centerlines Coordinations keywords components Fallout Chit Plants cost Weapons way lungs
states views miner compounds Cans Validation points Cane movers Trailers
investigation door Edges fare Slaves issues Counsels Gear Bottom Squeaks gangs Medal stick Algebra yarn insertion Fracture flare Cheese Motion leaf nineties bank Percent Synthetics disabilities powder Configuration Beat savings Seamen inlets
calibrations Receiver dial forts Mosses mules Religion blows Tear
cent elapses allowances Locks screws fluids personnel Depletions Paintings cockpit objects Installations Abrasion Arrival Pockets cam receivers hope secret midnight Withdrawals Carriage comfort teeth Connections Business Diameters Aluminum coxswains Byte Sewer
Breeze mixtures jeopardy legs cares Cathodes Options standardization Parties Pegs gas Diagnosis Education Plants Linens integers seats bureaus Stress Baby compartment overloads bearing endeavors reinforcement
skew Hoofs Torpedo Incline Anchors oscillators Funding Hydraulics Relief advisers
etrue
false
c%m/%d/%y
%H:%M:%S
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
f(null)
VS_VERSION_INFO
StringFileInfo
040904B0
Comments
Lent apportionment
CompanyName
Bunks behaviors
FileDescription
Pines qualification
FileVersion
1.4.4.4
InternalName
skirts.exe
LegalCopyright
 2015 Breaths courses
OriginalFilename
skirts.exe
ProductName
Canals collectors
ProductVersion
1.4.4.4
satellites
spans
orders
fathom
sashes
lapse
VarFileInfo
Translation

防病毒引擎/厂商	病毒名/规则匹配	病毒库日期
Bkav	未发现病毒	20160618
MicroWorld-eScan	未发现病毒	20160619
nProtect	未发现病毒	20160617
CMC	未发现病毒	20160616
CAT-QuickHeal	未发现病毒	20160618
McAfee	未发现病毒	20160619
Malwarebytes	未发现病毒	20160619
VIPRE	未发现病毒	20160619
SUPERAntiSpyware	未发现病毒	20160619
TheHacker	未发现病毒	20160617
BitDefender	未发现病毒	20160619
K7GW	未发现病毒	20160619
K7AntiVirus	未发现病毒	20160619
Baidu	未发现病毒	20160618
Cyren	未发现病毒	20160619
Symantec	未发现病毒	20160619
ESET-NOD32	a variant of Win32/Kryptik.FAHY	20160619
TrendMicro-HouseCall	未发现病毒	20160619
Avast	未发现病毒	20160619
ClamAV	未发现病毒	20160619
Kaspersky	未发现病毒	20160619
Alibaba	未发现病毒	20160619
NANO-Antivirus	未发现病毒	20160619
ViRobot	未发现病毒	20160619
Ad-Aware	未发现病毒	20160619
Emsisoft	未发现病毒	20160619
Comodo	未发现病毒	20160619
F-Secure	未发现病毒	20160619
DrWeb	未发现病毒	20160619
Zillya	未发现病毒	20160618
TrendMicro	未发现病毒	20160619
McAfee-GW-Edition	未发现病毒	20160619
Sophos	未发现病毒	20160619
F-Prot	未发现病毒	20160619
Jiangmin	未发现病毒	20160619
Avira	未发现病毒	20160619
Antiy-AVL	未发现病毒	20160619
Kingsoft	未发现病毒	20160619
Microsoft	未发现病毒	20160619
Arcabit	未发现病毒	20160619
AegisLab	未发现病毒	20160619
GData	未发现病毒	20160619
AhnLab-V3	未发现病毒	20160619
ALYac	未发现病毒	20160619
AVware	未发现病毒	20160619
VBA32	未发现病毒	20160617
Panda	未发现病毒	20160619
Zoner	未发现病毒	20160619
Tencent	未发现病毒	20160619
Yandex	未发现病毒	20160616
Ikarus	未发现病毒	20160619
Fortinet	未发现病毒	20160619
AVG	未发现病毒	20160619
Baidu-International	未发现病毒	20160614
Qihoo-360	未发现病毒	20160619

进程树

azkspl.exe id: 2908
- azkspl.exe id: 2516

azkspl.exe, PID: 2908, 上一级进程 PID: 472

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

azkspl.exe, PID: 2516, 上一级进程 PID: 2908

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

源地址	源端口	目标地址	目标端口
192.168.122.69	52766	192.168.122.1	53
192.168.122.69	58396	192.168.122.1	53
192.168.122.69	63333	192.168.122.1	53
192.168.122.69	64810	192.168.122.1	53
192.168.122.69	65401	192.168.122.1	53
192.168.122.69	138	192.168.122.255	138
192.168.122.69	53197	224.0.0.252	5355
192.168.122.69	50619	239.255.255.250	1900
192.168.122.69	123	52.169.179.91	123

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
dns.msftncsi.com	未知	A 131.107.255.255
dns.msftncsi.com	未知	AAAA fd3e:4f5a:5b81::1

TCP

无TCP连接纪录.

UDP

源地址	源端口	目标地址	目标端口
192.168.122.69	52766	192.168.122.1	53
192.168.122.69	58396	192.168.122.1	53
192.168.122.69	63333	192.168.122.1	53
192.168.122.69	64810	192.168.122.1	53
192.168.122.69	65401	192.168.122.1	53
192.168.122.69	138	192.168.122.255	138
192.168.122.69	53197	224.0.0.252	5355
192.168.122.69	50619	239.255.255.250	1900
192.168.122.69	123	52.169.179.91	123

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 5.01 seconds )

2.335 VirusTotal
1.532 Static
0.333 peid
0.328 BehaviorAnalysis
0.252 TargetInfo
0.099 Strings
0.082 NetworkAnalysis
0.025 AnalysisInfo
0.012 config_decoder
0.008 Debug
0.003 Dropped
0.001 ProcessMemory

Signatures ( 0.142 seconds )

0.025 antiav_detectreg
0.014 stealth_timeout
0.01 infostealer_ftp
0.008 antisandbox_sleep
0.006 infostealer_im
0.005 antiemu_wine_func
0.005 antivm_vbox_libs
0.005 persistence_autorun
0.005 antianalysis_detectreg
0.005 antiav_detectfile
0.004 shifu_behavior
0.004 infostealer_bitcoin
0.004 infostealer_mail
0.003 browser_security
0.002 antiav_avast_libs
0.002 tinba_behavior
0.002 reads_self
0.002 injection_createremotethread
0.002 exec_crash
0.002 antivm_vbox_files
0.002 geodo_banking_trojan
0.002 disables_browser_warn
0.002 network_torgateway
0.001 antivm_vmware_libs
0.001 process_interest
0.001 betabot_behavior
0.001 mimics_filetime
0.001 stealth_file
0.001 antisandbox_sunbelt_libs
0.001 antisandbox_sboxie_libs
0.001 antiav_bitdefender_libs
0.001 kibex_behavior
0.001 antivm_generic_scsi
0.001 antivm_generic_disk
0.001 vawtrak_behavior
0.001 injection_runpe
0.001 virus
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 modify_proxy
0.001 darkcomet_regkeys
0.001 ransomware_files

Reporting ( 152.416 seconds )

150.822 Malheur
1.002 ReportPDF
0.592 ReportHTMLSummary


Task ID	13509
Mongo ID	5766c1734d3bd04faa52c58d
Cuckoo release	1.4-Maldun