恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-1	2016-09-06 14:58:01	2016-09-06 14:58:23	22 秒

魔盾分数

2.5

可疑的

文件详细信息

文件名	IMECFMUI.EXE
文件大小	240496 字节
文件类型	PE32+ executable (GUI) x86-64, for MS Windows
MD5	aa637e00d249c9650cbbb041552352ad
SHA1	50710f8f3570bc3b9ca45cd2ec90697306fe67f8
SHA256	77ed7a17c4e43b1f0c6d9490c9dcb998b47231c93e893b396e9d98fcc9b1fdca
SHA512	3217050de86468a842c7ed29240f4969711e59e03124b94e79af99eea50a324abb07e1ec9e847d12cb734969ff4b48f6f8af667df535a988fb796ad0bc63acc9
CRC32	0A68C406
Ssdeep	6144:zGAAGSt3F2eKPR2ZKMBK7OGUQAmUgBkpe5Y/Jl:zGd3F2eKwYMBKu9e6l
Yara	登录查看Yara规则
	样本下载提交漏报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级
是	58.211.137.192	中国
是	23.44.155.27	美国
是	198.41.215.185	美国

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址	0x140000000
入口地址	0x1400125cc
声明校验值	0x00040d5d
实际校验值	0x00040d5d
最低操作系统版本要求	5.2
PDB路径	t:\ime\x64\ship\0\imecfmui.pdb\x00\ship\0\imecfmui.exe\bbtopt\imecfmuiO.pdb
编译时间	2010-01-21 16:15:40
图标
图标精确哈希值	4bc9feb2c52641027dc88b439a1b9886
图标相似性哈希值	9f0f2a6e1dcd6169695f5dcb53ededdd

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
LegalTrademarks
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

微软证书验证 (Sign Tool)

SHA1	时间戳	有效性	错误
3612fb89ea5f274d18da5d06b834ecd25c32e3fc	Thu Jan 21 16:36:46 2010	是	无

证书链	Certificate Chain 1
发行给	Microsoft Root Authority
发行人	Microsoft Root Authority
有效期	Thu Dec 31 150000 2020
SHA1 哈希	a43489159a520f0d93d032ccaf37e7fe20a8b419

证书链	Certificate Chain 2
发行给	Microsoft Code Signing PCA
发行人	Microsoft Root Authority
有效期	Sat Aug 25 150000 2012
SHA1 哈希	3036e3b25b88a55b86fc90e6e9eaad5081445166

证书链	Certificate Chain 3
发行给	Microsoft Corporation
发行人	Microsoft Code Signing PCA
有效期	Tue Mar 08 064029 2011
SHA1 哈希	9617094a1cfb59ae7c1f7dfdb6739e4e7c40508f

证书链	Timestamp Chain 1
发行给	Microsoft Root Authority
发行人	Microsoft Root Authority
有效期	Thu Dec 31 150000 2020
SHA1 哈希	a43489159a520f0d93d032ccaf37e7fe20a8b419

证书链	Timestamp Chain 2
发行给	Microsoft Timestamping PCA
发行人	Microsoft Root Authority
有效期	Sun Sep 15 150000 2019
SHA1 哈希	3ea99a60058275e0ed83b892a909449f8c33b245

证书链	Timestamp Chain 3
发行给	Microsoft Time-Stamp Service
发行人	Microsoft Timestamping PCA
有效期	Fri Jul 26 031115 2013
SHA1 哈希	4d6f357f0e6434da97b1afc540fb6fdd0e85a89f

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x00014399	0x00014400	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.17
.rdata	0x00016000	0x00008b2c	0x00008c00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.41
.data	0x0001f000	0x000018a8	0x00001200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	2.58
.pdata	0x00021000	0x00001b18	0x00001c00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.88
.rsrc	0x00023000	0x00018f54	0x00019000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.20
.reloc	0x0003c000	0x00000188	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	4.58

覆盖

偏移量	0x00039400
大小	0x00001770

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
RT_ICON	0x0002d450	0x00000468	LANG_NEUTRAL	SUBLANG_DEFAULT	5.26	GLS_BINARY_LSB_FIRST
RT_ICON	0x0002d450	0x00000468	LANG_NEUTRAL	SUBLANG_DEFAULT	5.26	GLS_BINARY_LSB_FIRST
RT_ICON	0x0002d450	0x00000468	LANG_NEUTRAL	SUBLANG_DEFAULT	5.26	GLS_BINARY_LSB_FIRST
RT_ICON	0x0002d450	0x00000468	LANG_NEUTRAL	SUBLANG_DEFAULT	5.26	GLS_BINARY_LSB_FIRST
RT_ICON	0x0002d450	0x00000468	LANG_NEUTRAL	SUBLANG_DEFAULT	5.26	GLS_BINARY_LSB_FIRST
RT_ICON	0x0002d450	0x00000468	LANG_NEUTRAL	SUBLANG_DEFAULT	5.26	GLS_BINARY_LSB_FIRST
RT_ICON	0x0002d450	0x00000468	LANG_NEUTRAL	SUBLANG_DEFAULT	5.26	GLS_BINARY_LSB_FIRST
RT_ICON	0x0002d450	0x00000468	LANG_NEUTRAL	SUBLANG_DEFAULT	5.26	GLS_BINARY_LSB_FIRST
RT_ICON	0x0002d450	0x00000468	LANG_NEUTRAL	SUBLANG_DEFAULT	5.26	GLS_BINARY_LSB_FIRST
RT_ICON	0x0002d450	0x00000468	LANG_NEUTRAL	SUBLANG_DEFAULT	5.26	GLS_BINARY_LSB_FIRST
RT_ICON	0x0002d450	0x00000468	LANG_NEUTRAL	SUBLANG_DEFAULT	5.26	GLS_BINARY_LSB_FIRST
RT_ICON	0x0002d450	0x00000468	LANG_NEUTRAL	SUBLANG_DEFAULT	5.26	GLS_BINARY_LSB_FIRST
RT_ICON	0x0002d450	0x00000468	LANG_NEUTRAL	SUBLANG_DEFAULT	5.26	GLS_BINARY_LSB_FIRST
RT_ICON	0x0002d450	0x00000468	LANG_NEUTRAL	SUBLANG_DEFAULT	5.26	GLS_BINARY_LSB_FIRST
RT_MENU	0x0002dac4	0x00000058	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.36	data
RT_MENU	0x0002dac4	0x00000058	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.36	data
RT_MENU	0x0002dac4	0x00000058	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.36	data
RT_MENU	0x0002dac4	0x00000058	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.36	data
RT_MENU	0x0002dac4	0x00000058	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.36	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_DIALOG	0x00036078	0x000000d0	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.77	data
RT_STRING	0x0003b5c4	0x0000012e	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.15	data
RT_STRING	0x0003b5c4	0x0000012e	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.15	data
RT_STRING	0x0003b5c4	0x0000012e	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.15	data
RT_STRING	0x0003b5c4	0x0000012e	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.15	data
RT_STRING	0x0003b5c4	0x0000012e	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.15	data
RT_STRING	0x0003b5c4	0x0000012e	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.15	data
RT_STRING	0x0003b5c4	0x0000012e	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.15	data
RT_STRING	0x0003b5c4	0x0000012e	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.15	data
RT_STRING	0x0003b5c4	0x0000012e	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.15	data
RT_STRING	0x0003b5c4	0x0000012e	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.15	data
RT_STRING	0x0003b5c4	0x0000012e	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.15	data
RT_STRING	0x0003b5c4	0x0000012e	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.15	data
RT_STRING	0x0003b5c4	0x0000012e	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.15	data
RT_STRING	0x0003b5c4	0x0000012e	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.15	data
RT_STRING	0x0003b5c4	0x0000012e	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.15	data
RT_GROUP_ICON	0x0003b6f4	0x000000ca	LANG_NEUTRAL	SUBLANG_DEFAULT	3.13	MS Windows icon resource - 14 icons, 32x32, 16-colors
RT_VERSION	0x0003b7c0	0x00000490	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.47	data
RT_MANIFEST	0x0003bc50	0x00000302	LANG_NEUTRAL	SUBLANG_DEFAULT	5.06	ASCII text, with very long lines, with no line terminators

导入

库: KERNEL32.dll:

• 0x140016000 DeleteFileW

• 0x140016008 GetVersionExW

• 0x140016010 LocalFree

• 0x140016018 GetLastError

• 0x140016020 RtlCaptureContext

• 0x140016028 CompareStringW

• 0x140016030 RtlVirtualUnwind

• 0x140016038 IsDebuggerPresent

• 0x140016040 SetUnhandledExceptionFilter

• 0x140016048 UnhandledExceptionFilter

• 0x140016050 GetCurrentProcess

• 0x140016058 TerminateProcess

• 0x140016060 GetStartupInfoW

• 0x140016068 Sleep

• 0x140016070 GetModuleFileNameW

• 0x140016078 HeapAlloc

• 0x140016080 HeapFree

• 0x140016088 GetProcessHeap

• 0x140016090 GetSystemTimeAsFileTime

• 0x140016098 GetCurrentProcessId

• 0x1400160a0 GetCurrentThreadId

• 0x1400160a8 GetTickCount

• 0x1400160b0 QueryPerformanceCounter

• 0x1400160b8 VirtualProtect

• 0x1400160c0 LoadLibraryW

• 0x1400160c8 ExpandEnvironmentStringsW

• 0x1400160d0 FreeLibrary

• 0x1400160d8 CreateFileMappingW

• 0x1400160e0 MapViewOfFile

• 0x1400160e8 GetFileSize

• 0x1400160f0 UnmapViewOfFile

• 0x1400160f8 FindNextFileW

• 0x140016100 CopyFileW

• 0x140016108 GetTempPathW

• 0x140016110 MultiByteToWideChar

• 0x140016118 GetModuleHandleW

• 0x140016120 GetProcAddress

• 0x140016128 FindResourceExW

• 0x140016130 LoadResource

• 0x140016138 LockResource

• 0x140016140 lstrlenW

• 0x140016148 RtlLookupFunctionEntry

• 0x140016150 CreateProcessW

• 0x140016158 FindFirstFileW

• 0x140016160 FindClose

• 0x140016168 CreateFileW

• 0x140016170 CloseHandle

• 0x140016178 WriteFile

库: USER32.dll:

• 0x140016188 DrawStateW

• 0x140016190 DrawEdge

• 0x140016198 GetClientRect

• 0x1400161a0 GetCursorPos

• 0x1400161a8 GetSubMenu

• 0x1400161b0 TrackPopupMenuEx

• 0x1400161b8 DestroyMenu

• 0x1400161c0 PostQuitMessage

• 0x1400161c8 GetLastActivePopup

• 0x1400161d0 EnumWindows

• 0x1400161d8 GetClassNameW

• 0x1400161e0 SetForegroundWindow

• 0x1400161e8 ShowWindow

• 0x1400161f0 DestroyIcon

• 0x1400161f8 IsDialogMessageW

• 0x140016200 TranslateMessage

• 0x140016208 DispatchMessageW

• 0x140016210 GetMessageW

• 0x140016218 GetClassInfoExW

• 0x140016220 RegisterClassExW

• 0x140016228 DefWindowProcW

• 0x140016230 CreateWindowExW

• 0x140016238 UnregisterClassW

• 0x140016240 GetWindowTextW

• 0x140016248 LoadCursorW

• 0x140016250 SetCursor

• 0x140016258 MapDialogRect

• 0x140016260 GetKeyState

• 0x140016268 InvalidateRect

• 0x140016270 UpdateWindow

• 0x140016278 GetSystemMetrics

• 0x140016280 LoadImageW

• 0x140016288 GetDC

• 0x140016290 ReleaseDC

• 0x140016298 GetWindowLongW

• 0x1400162a0 PostMessageW

• 0x1400162a8 SendMessageW

• 0x1400162b0 GetDlgItemTextW

• 0x1400162b8 SetDlgItemTextW

• 0x1400162c0 EnableWindow

• 0x1400162c8 SendDlgItemMessageW

• 0x1400162d0 MessageBoxW

• 0x1400162d8 GetDlgItem

• 0x1400162e0 GetWindowLongPtrW

• 0x1400162e8 SetWindowLongPtrW

• 0x1400162f0 DestroyWindow

• 0x1400162f8 EndDialog

• 0x140016300 SetWindowTextW

• 0x140016308 GetWindowThreadProcessId

• 0x140016310 SetWindowPos

• 0x140016318 ScreenToClient

• 0x140016320 GetWindowRect

• 0x140016328 CreateDialogIndirectParamW

• 0x140016330 DialogBoxIndirectParamW

• 0x140016338 LoadMenuIndirectW

• 0x140016340 AllowSetForegroundWindow

• 0x140016348 GetCursor

库: GDI32.dll:

• 0x140016358 GetStockObject

• 0x140016360 CreateFontIndirectW

• 0x140016368 GetObjectW

• 0x140016370 GetDeviceCaps

• 0x140016378 GetTextExtentPoint32W

• 0x140016380 SelectObject

库: ole32.dll:

• 0x140016390 CoInitialize

• 0x140016398 CoCreateInstance

库: SHELL32.dll:

• 0x1400163a8 SHGetFolderPathW

• 0x1400163b0 ShellExecuteW

• 0x1400163b8 Shell_NotifyIconW

• 0x1400163c0 SHCreateDirectoryExW

库: MSVCR90.dll:

• 0x1400163d0 ??_V@YAXPEAX@Z

• 0x1400163d8 ??_U@YAPEAX_K@Z

• 0x1400163e0 vswprintf_s

• 0x1400163e8 _amsg_exit

• 0x1400163f0 __wgetmainargs

• 0x1400163f8 __C_specific_handler

• 0x140016400 _XcptFilter

• 0x140016408 _exit

• 0x140016410 _cexit

• 0x140016418 exit

• 0x140016420 _wcmdln

• 0x140016428 _initterm

• 0x140016430 _initterm_e

• 0x140016438 wcsnlen

• 0x140016440 __setusermatherr

• 0x140016448 _commode

• 0x140016450 _fmode

• 0x140016458 _encode_pointer

• 0x140016460 __set_app_type

• 0x140016468 _unlock

• 0x140016470 __dllonexit

• 0x140016478 _lock

• 0x140016480 _onexit

• 0x140016488 _decode_pointer

• 0x140016490 __crt_debugger_hook

• 0x140016498 ?terminate@@YAXXZ

• 0x1400164a0 ?_type_info_dtor_internal_method@type_info@@QEAAXXZ

• 0x1400164a8 wcsncat_s

• 0x1400164b0 wcschr

• 0x1400164b8 memcpy

• 0x1400164c0 memmove_s

• 0x1400164c8 _wtoi

• 0x1400164d0 ??2@YAPEAX_K@Z

• 0x1400164d8 ??0exception@std@@QEAA@AEBV01@@Z

• 0x1400164e0 _CxxThrowException

• 0x1400164e8 ??0exception@std@@QEAA@XZ

• 0x1400164f0 ??1exception@std@@UEAA@XZ

• 0x1400164f8 ?what@exception@std@@UEBAPEBDXZ

• 0x140016500 ??0exception@std@@QEAA@AEBQEBD@Z

• 0x140016508 _invalid_parameter_noinfo

• 0x140016510 memset

• 0x140016518 _vsnwprintf_s

• 0x140016520 wcsncpy_s

• 0x140016528 __CxxFrameHandler3

• 0x140016530 _configthreadlocale

• 0x140016538 ??3@YAXPEAX@Z

库: MSVCP90.dll:

• 0x140016548 ?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAXXZ

• 0x140016550 ?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@PEB_W0@Z

• 0x140016558 ?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@PEB_W@Z

• 0x140016560 ?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@PEB_W_K@Z

• 0x140016568 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z

• 0x140016570 ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ

• 0x140016578 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ

• 0x140016580 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z

• 0x140016588 ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@AEBV01@@Z

• 0x140016590 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@AEBV01@@Z

• 0x140016598 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@PEB_W@Z

• 0x1400165a0 ??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z

• 0x1400165a8 ??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z

• 0x1400165b0 ?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBAPEB_WXZ

• 0x1400165b8 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ

• 0x1400165c0 ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@PEB_W@Z

• 0x1400165c8 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ

库: ADVAPI32.dll:

• 0x1400165d8 RegQueryValueExW

• 0x1400165e0 RegCloseKey

• 0x1400165e8 DeregisterEventSource

• 0x1400165f0 RegOpenKeyExW

• 0x1400165f8 RegCreateKeyExW

• 0x140016600 GetSidSubAuthorityCount

• 0x140016608 GetSidSubAuthority

• 0x140016610 RegSetValueExW

• 0x140016618 IsValidSid

• 0x140016620 ConvertSidToStringSidW

• 0x140016628 OpenProcessToken

• 0x140016630 GetTokenInformation

• 0x140016638 RegisterEventSourceW

• 0x140016640 ReportEventW

库: OLEAUT32.dll:

• 0x140016650 None

• 0x140016658 None

• 0x140016660 None

.text
`.rdata
@.data
.pdata
@.rsrc
@.reloc
t:\ime\x64\ship\0\imecfmui.pdb
\ship\0\imecfmui.exe\bbtopt\imecfmuiO.pdb
vector<T> too long
SetProcessDPIAware
DW0201
DW0200
Software\Microsoft\PCHealth\ErrorReporting\DW\Installed
DllCanUnloadNow
DllGetClassObject
+HeapSetInformation
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
OLEAUT32.dll
ADVAPI32.dll
MSVCP90.dll
MSVCR90.dll
SHELL32.dll
ole32.dll
GDI32.dll
USER32.dll
KERNEL32.dll
DeleteFileW
GetVersionExW
LocalFree
GetLastError
RtlCaptureContext
CompareStringW
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
Sleep
GetModuleFileNameW
HeapAlloc
HeapFree
GetProcessHeap
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
VirtualProtect
LoadLibraryW
ExpandEnvironmentStringsW
FreeLibrary
CreateFileMappingW
MapViewOfFile
GetFileSize
UnmapViewOfFile
FindNextFileW
CopyFileW
GetTempPathW
MultiByteToWideChar
GetModuleHandleW
GetProcAddress
FindResourceExW
LoadResource
LockResource
lstrlenW
RtlLookupFunctionEntry
CreateProcessW
FindFirstFileW
FindClose
CreateFileW
CloseHandle
WriteFile
DrawStateW
DrawEdge
GetClientRect
GetCursorPos
GetSubMenu
TrackPopupMenuEx
DestroyMenu
PostQuitMessage
GetLastActivePopup
EnumWindows
GetClassNameW
SetForegroundWindow
ShowWindow
DestroyIcon
IsDialogMessageW
TranslateMessage
DispatchMessageW
GetMessageW
GetClassInfoExW
RegisterClassExW
DefWindowProcW
CreateWindowExW
UnregisterClassW
GetWindowTextW
LoadCursorW
SetCursor
MapDialogRect
GetKeyState
InvalidateRect
UpdateWindow
GetSystemMetrics
LoadImageW
GetDC
ReleaseDC
GetWindowLongW
PostMessageW
SendMessageW
GetDlgItemTextW
SetDlgItemTextW
EnableWindow
SendDlgItemMessageW
MessageBoxW
GetDlgItem
GetWindowLongPtrW
SetWindowLongPtrW
DestroyWindow
EndDialog
SetWindowTextW
GetWindowThreadProcessId
SetWindowPos
ScreenToClient
GetWindowRect
CreateDialogIndirectParamW
DialogBoxIndirectParamW
LoadMenuIndirectW
AllowSetForegroundWindow
GetCursor
GetStockObject
CreateFontIndirectW
GetObjectW
GetDeviceCaps
GetTextExtentPoint32W
SelectObject
CoInitialize
CoCreateInstance
SHGetFolderPathW
ShellExecuteW
Shell_NotifyIconW
SHCreateDirectoryExW
??_V@YAXPEAX@Z
??_U@YAPEAX_K@Z
vswprintf_s
_amsg_exit
__wgetmainargs
__C_specific_handler
_XcptFilter
_exit
_cexit
_wcmdln
_initterm
_initterm_e
wcsnlen
__setusermatherr
_commode
_fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
__crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
wcsncat_s
wcschr
memcpy
memmove_s
_wtoi
??2@YAPEAX_K@Z
??0exception@std@@QEAA@AEBV01@@Z
_CxxThrowException
??0exception@std@@QEAA@XZ
??1exception@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
??0exception@std@@QEAA@AEBQEBD@Z
_invalid_parameter_noinfo
memset
_vsnwprintf_s
wcsncpy_s
__CxxFrameHandler3
_configthreadlocale
??3@YAXPEAX@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAXXZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@PEB_W0@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@PEB_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@PEB_W_K@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@AEBV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@AEBV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@PEB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBAPEB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@PEB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ
RegQueryValueExW
RegCloseKey
DeregisterEventSource
RegOpenKeyExW
RegCreateKeyExW
GetSidSubAuthorityCount
GetSidSubAuthority
RegSetValueExW
IsValidSid
ConvertSidToStringSidW
OpenProcessToken
GetTokenInformation
RegisterEventSourceW
ReportEventW
.?AVCCfmDialog@@
.?AVCCfmDlgCustomize@@
.?AVCCfmDlgContents@@
.?AVCCfmDlgDetails@@
.?AV?$comptr@VCCfmWatsonData@@@Comutil@@
.?AVCCfmDlgEditRecord@@
.?AV?$comptr@UIImeWatonDataSourceAddOn@@@Comutil@@
.?AV?$comptr@VCImeWatsonExtra@@@Comutil@@
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AV?$comptr@UIImeCustomerFeedbackConfiguration@@@Comutil@@
.?AVCCfmDlgMain@@
.?AVCCfmDlgReportLastError@@
.?AVCCfmWindow@@
.?AVCCfmWndServer@@
.?AVCImeWatsonExtra@@
.?AUIImeWatson@@
.?AUIUnknown@@
.?AV?$comptr@UIXMLDOMDocument@@@Comutil@@
.?AV?$comptr@UIXMLDOMNode@@@Comutil@@
.?AV?$comptr@UIXMLDOMNodeList@@@Comutil@@
.?AV?$comlist_elemment@VCCfmWatsonData@@@Comutil@@
.?AVCCfmWatsonData@@
.?AVCRegistry@@
.?AVCCfmRegistry@@
.?AVCCfmWatsonDataMgr@@
.?AVCCfmWatsonManifest@@
.?AVCCfmWatsonManifestRecord@@
.?AVCComServer@Comutil@@
.?AV?$comptr@UIClassFactory@@@Comutil@@
.?AVImeCustomerFeedbackConfiguration@Imecfmutil@@
.?AV?$comobj@UIImeCustomerFeedbackConfiguration@@$1?_GUID_897da2ff_03b8_4aa8_9ebc_2e425db9a70b@@3U__s_GUID@@B@Comutil@@
.?AV?$comptr@UIImeCustomerFeedbackManager@@@Comutil@@
.?AVImeCustomerFeedbackManager@Imecfmutil@@
.?AV?$comobj@UIImeCustomerFeedbackManager@@$1?_GUID_c0aa4669_fd79_4b02_b95e_4aed3a2e8928@@3U__s_GUID@@B@Comutil@@
.?AVtype_info@@
.?AV_com_error@@
NNN(g"
l/o, 
:12@dn`]_eDCBx
:yW0j0D0(
0}j0<
S fW0_0 
OW0j0D0(
eQW[2N(
NpeL0
NpeL0
NpeL0
NpeL0
tepenc(
eQW[2N(
0}j0<
S fW0_0 
OW0j0D0(
eQW[2N;
U_PA=
o0D0]
D0D0H0]
o0D0]
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.30729.1" processorArchitecture="amd64" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" publicKeyToken="6595b64144ccf1df" language="*" processorArchitecture="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>PA
zw9gj
countnotsent
Watson
countsent
numdatacurrent
ime14.imecfmui.server
countopened
isoptinuiinvoked
EnableNotification
user32.dll
FilesToDelete=
numdatanotify
/profile
/uilang
/deleteall
/optinnotify
/notify
/store
/opencfg
/open
/report
</%s>
0x%08x
Software\Microsoft\Tip Shared\5.0\CustomerFeedback
%s\%s
%s%s%d%s
%s%s%s
"%s" -d "%s"
dIMEWatsonCollection
imewatson
General_AppName=
Microsoft IME
General_Reportee=
Microsoft
UIFlags=
MisConversion
EventType=
IMECustomerFeedback
ReportingFlags=
UI LCID=
Version=
Queued_EventDescription=
Report
IMEWatson\MisConversion\FirstConversion\Reading
IMEWatson\IMEVersion
IMEWatson\ProfileID
0.0.0.0
imewatsonur
maxdatastore
imewatsonal
%s%04d%s
%s\%s*%s
Microsoft\ime14\%s\Watson
IMETC
IMEJP
IMEKR
IMESC
%d.%d.%d.%d
wCLSID\%s\InprocServer32
{%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}
kernel32.dll
InsecureQI
CLSID
Software\Microsoft\Security
Software\Policies\Microsoft\Security
CLSIDInterfaceTest
%s %s %s
Wversion.dll
InprocServer32
{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}
EnableLUA
Software\Microsoft\Windows\CurrentVersion\Policies\System
 (&H)
e&Open IME 2010 mis-conversion report
fDo not s&how notification icon
e&Open IME 2010 mis-conversion report
fDo not s&how notification icon
(&L):
SysListView32
(&E)...
(&T)...
(&G)...
(&U)...
Microsoft Office IME 2010 Mis-Conversion Report Tool
MS Shell Dlg
Please help us improve the quality of IME by sending us mis-conversion data.
If you click on "Send mis-conversion data" below, the characters last inputted and the latest mis-conversion data will be sent to Microsoft.
SysLink
To learn more, read our <A>Privacy Statement</A> online.
Data to be sent
Data to be sent includes the followings. You can select an item to edit before reporting.
Mis-Conversion data &list:
SysListView32
&Edit...
Re&move
If you click on the "Details" button, you can browse the details of the information to be sent.
De&tails...
If you click the "Settings" button, you can configure the settings for sending mis-conversion data.
Settin&g...
Update information
If you click the "Update" button, you can browse the updated information of Microsoft Office IME 2010 with customer feedbacks reflected.
&Update...
&Send mis-conversion data
&Don't Send
MS Shell Dlg
SysLink
(&L):
SysListView32
(&E)...
(&T)...
(&G)...
(&U)...
Microsoft Office IME 2010 Mis-Conversion Report Tool
MS Shell Dlg
Please help us improve the quality of IME by sending us mis-conversion data.
If you click on "Send mis-conversion data" below, the characters last inputted and the latest mis-conversion data will be sent to Microsoft.
SysLink
To learn more, read our <A>Privacy Statement</A> online.
Data to be sent
Data to be sent includes the followings. You can select an item to edit before reporting.
Mis-Conversion data &list:
SysListView32
&Edit...
Re&move
If you click on the "Details" button, you can browse the details of the information to be sent.
De&tails...
If you click the "Settings" button, you can configure the settings for sending mis-conversion data.
Settin&g...
Update information
If you click the "Update" button, you can browse the updated information of Microsoft Office IME 2010 with customer feedbacks reflected.
&Update...
&Send mis-conversion data
&Don't Send
MS Shell Dlg
SysLink
SysListView32
(&E)...
(&T)...
(&G)...
(&U)...
(&I):
(&C):
(&E):
Edit Log Expected Result
MS Shell Dlg
&Inputted characters:
&Converted characters:
Corr&ect conversion result:
Cancel
MS Shell Dlg
(&I):
(&C):
(&E):
Edit Log Expected Result
MS Shell Dlg
&Inputted characters:
&Converted characters:
Corr&ect conversion result:
Cancel
MS Shell Dlg
Setting
MS Shell Dlg
S&ave mis-conversions to file
With this setting turned ON, IME will automatically determine mis-conversion and save them on your computer. You can choose to send this data to Microsoft.
Microsoft will use the mis-conversion data received to improve conversion accuracy.
&Notify when the maximum number of mis-conversions is reached
Displays a notification icon when the maximum number (100) of mis-conversions is reached.
Cancel
MS Shell Dlg
Setting
MS Shell Dlg
S&ave mis-conversions to file
With this setting turned ON, IME will automatically determine mis-conversion and save them on your computer. You can choose to send this data to Microsoft.
Microsoft will use the mis-conversion data received to improve conversion accuracy.
&Notify when the maximum number of mis-conversions is reached
Displays a notification icon when the maximum number (100) of mis-conversions is reached.
Cancel
MS Shell Dlg
Setting
MS Shell Dlg
S&ave mis-conversions to file
With this setting turned ON, IME will automatically determine mis-conversion and save them on your computer. You can choose to send this data to Microsoft.
Microsoft will use the mis-conversion data received to improve conversion accuracy.
&Send auto-tuning data
With this setting turned ON, auto-tuning data will also be sent to Microsoft when sending mis-conversion data. Microsoft will use the auto-tuning data received to improve the grammar and dictionary information of IME.
- Usage frequency of each word
&Notify when the maximum number of mis-conversions is reached
Displays a notification icon when the maximum number (100) of mis-conversions is reached.
Cancel
MS Shell Dlg
Setting
MS Shell Dlg
S&ave mis-conversions to file
With this setting turned ON, IME will automatically determine mis-conversion and save them on your computer. You can choose to send this data to Microsoft.
Microsoft will use the mis-conversion data received to improve conversion accuracy.
&Send auto-tuning data
With this setting turned ON, auto-tuning data will also be sent to Microsoft when sending mis-conversion data. Microsoft will use the auto-tuning data received to improve the grammar and dictionary information of IME.
- Usage frequency of each word
&Notify when the maximum number of mis-conversions is reached
Displays a notification icon when the maximum number (100) of mis-conversions is reached.
Cancel
MS Shell Dlg
SysLink
SysLink
Details
MS Shell Dlg
Data to be sent
Other Information
SysLink
<A>View the contents of this report</A>
SysLink
<A>Read our Privacy Statement Online</A>
&Close
MS Shell Dlg
SysLink
SysLink
Details
MS Shell Dlg
Data to be sent
Other Information
SysLink
<A>View the contents of this report</A>
SysLink
<A>Read our Privacy Statement Online</A>
&Close
MS Shell Dlg
SysLink
SysLink
(&I):
(&C):
(&E):
(&T)...
(&U)...
Microsoft Office IME 2010 Mis-Conversion Report Tool
MS Shell Dlg
Please help us improve the quality of IME by sending us mis-conversion data.
If you click on "Send mis-conversion data" below, the characters last inputted and the latest mis-conversion data will be sent to Microsoft.
SysLink
To learn more, read our <A>Privacy Statement</A> online.
Sending information
&Inputted characters:
&Converted characters:
Corr&ect conversion result:
If you click on the "Details" button, you can browse the details of the information to be sent.
De&tails...
Update information
If you click the "Update" button, you can browse the updated information of Microsoft Office IME 2010 with customer feedbacks reflected.
&Update...
&Send mis-conversion data
&Don't Send
MS Shell Dlg
SysLink
(&I):
(&C):
(&E):
(&T)...
(&U)...
Microsoft Office IME 2010 Mis-Conversion Report Tool
MS Shell Dlg
Please help us improve the quality of IME by sending us mis-conversion data.
If you click on "Send mis-conversion data" below, the characters last inputted and the latest mis-conversion data will be sent to Microsoft.
SysLink
To learn more, read our <A>Privacy Statement</A> online.
Sending information
&Inputted characters:
&Converted characters:
Corr&ect conversion result:
If you click on the "Details" button, you can browse the details of the information to be sent.
De&tails...
Update information
If you click the "Update" button, you can browse the updated information of Microsoft Office IME 2010 with customer feedbacks reflected.
&Update...
&Send mis-conversion data
&Don't Send
MS Shell Dlg
SysLink
(&T)...
(&U)...
Report Contents
MS Shell Dlg
The following files will be included in this report.
&Close
MS Shell Dlg
Report Contents
MS Shell Dlg
The following files will be included in this report.
&Close
MS Shell Dlg
; IMEWatson\MisConversion\ExpectedResult; 108;
Inputted characters; IMEWatson\MisConversion\FirstConversion\Reading; 108;Converted characters; IMEWatson\MisConversion\FirstConversion\Display; 108;Correct conversion result; IMEWatson\MisConversion\ExpectedResult; 108;
; IMEWatson\MisConversion\ExpectedResult; 108;
Inputted characters; IMEWatson\MisConversion\FirstConversion\Reading; 108;Converted characters; IMEWatson\MisConversion\FirstConversion\Display; 108;Correct conversion result; IMEWatson\MisConversion\ExpectedResult; 108;
; IMEWatson\MisConversion\ExpectedResult; 108;
8http://go.microsoft.com/fwlink/?linkid=149288&clcid=0x%x
8http://go.microsoft.com/fwlink/?linkid=149288&clcid=0x%xHMicrosoft Office Pinyin SimpleFast Style 2010 Mis-Conversion Report ToolLMicrosoft Office Pinyin New Experience Style 2010 Mis-Conversion Report ToolAMicrosoft Office New Phonetic IME 2010 Mis-Conversion Report ToolAMicrosoft Office New ChangJie IME 2010 Mis-Conversion Report Tool>Microsoft Office New Quick IME 2010 Mis-Conversion Report ToolHMicrosoft Office Hong Kong Cantonese IME 2010 Mis-Conversion Report Tool
8http://go.microsoft.com/fwlink/?linkid=149288&clcid=0x%x
8http://go.microsoft.com/fwlink/?linkid=149288&clcid=0x%x
VS_VERSION_INFO
StringFileInfo
000004b0
CompanyName
Microsoft Corporation
FileDescription
Microsoft Office IME 2010
FileVersion
14.0.4734.1000
InternalName
imecfmui.exe
LegalCopyright
All rights reserved.
LegalTrademarks
Microsoft(R) is a registered trademark of Microsoft Corporation. Windows(R) is a registered trademark of Microsoft Corporation.
OriginalFilename
imecfmui.exe
ProductName
Microsoft Office IME 2010
ProductVersion
14.0.4734.1000
VarFileInfo
Translation

防病毒引擎/厂商	病毒名/规则匹配	病毒库日期
Bkav	未发现病毒	20160423
MicroWorld-eScan	未发现病毒	20160425
nProtect	未发现病毒	20160422
CMC	未发现病毒	20160421
CAT-QuickHeal	未发现病毒	20160423
ALYac	未发现病毒	20160425
Malwarebytes	未发现病毒	20160425
Zillya	未发现病毒	20160425
AegisLab	未发现病毒	20160425
TheHacker	未发现病毒	20160424
BitDefender	未发现病毒	20160425
K7GW	未发现病毒	20160425
K7AntiVirus	未发现病毒	20160425
Baidu	未发现病毒	20160422
F-Prot	未发现病毒	20160425
Symantec	未发现病毒	20160425
ESET-NOD32	未发现病毒	20160425
TrendMicro-HouseCall	未发现病毒	20160425
Avast	未发现病毒	20160425
ClamAV	未发现病毒	20160425
GData	未发现病毒	20160425
Kaspersky	未发现病毒	20160425
Alibaba	未发现病毒	20160425
NANO-Antivirus	未发现病毒	20160425
ViRobot	未发现病毒	20160425
Rising	未发现病毒	20160425
Ad-Aware	未发现病毒	20160425
Emsisoft	未发现病毒	20160425
Comodo	未发现病毒	20160425
F-Secure	未发现病毒	20160425
DrWeb	未发现病毒	20160425
VIPRE	未发现病毒	20160425
TrendMicro	未发现病毒	20160425
McAfee-GW-Edition	未发现病毒	20160425
Sophos	未发现病毒	20160425
Cyren	未发现病毒	20160425
Avira	未发现病毒	20160425
Antiy-AVL	未发现病毒	20160425
Kingsoft	未发现病毒	20160425
Arcabit	未发现病毒	20160425
SUPERAntiSpyware	未发现病毒	20160425
Microsoft	未发现病毒	20160425
AhnLab-V3	未发现病毒	20160425
McAfee	未发现病毒	20160425
AVware	未发现病毒	20160425
VBA32	未发现病毒	20160423
Panda	未发现病毒	20160424
Zoner	未发现病毒	20160425
Tencent	未发现病毒	20160425
Yandex	未发现病毒	20160424
Ikarus	未发现病毒	20160425
Fortinet	未发现病毒	20160425
AVG	未发现病毒	20160425
Baidu-International	未发现病毒	20160425
Qihoo-360	未发现病毒	20160425

进程树

IMECFMUI.EXE id: 1984

搜索
IMECFMUI.EXE (1984)

IMECFMUI.EXE, PID: 1984, 上一级进程 PID: 2152

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级
是	58.211.137.192	中国
是	23.44.155.27	美国
是	198.41.215.185	美国

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 37.836 seconds )

34.705 NetworkAnalysis
1.436 VirusTotal
0.817 Static
0.449 peid
0.202 TargetInfo
0.08 AnalysisInfo
0.073 Strings
0.04 BehaviorAnalysis
0.014 Debug
0.013 config_decoder
0.003 Dropped
0.003 Memory
0.001 ProcessMemory

Signatures ( 0.094 seconds )

0.016 antiav_detectreg
0.007 bot_drive2
0.007 infostealer_ftp
0.006 persistence_autorun
0.006 antiav_detectfile
0.004 antivm_vbox_files
0.004 geodo_banking_trojan
0.004 infostealer_bitcoin
0.004 infostealer_im
0.003 tinba_behavior
0.003 antianalysis_detectreg
0.003 bot_drive
0.003 disables_browser_warn
0.003 infostealer_mail
0.002 bot_madness
0.002 modify_proxy
0.002 browser_security
0.002 downloader_cabby
0.002 ransomware_files
0.002 rat_pcclient
0.001 betabot_behavior
0.001 kibex_behavior
0.001 shifu_behavior
0.001 antianalysis_detectfile
0.001 antivm_vmware_files
0.001 banker_zeus_mutex
0.001 browser_addon
0.001 disables_system_restore
0.001 modify_uac_prompt

Reporting ( 1.472 seconds )

0.737 ReportPDF
0.694 ReportHTMLSummary
0.041 Malheur


Task ID	16177
Mongo ID	57ce69374d3bd048e4982990
Cuckoo release	1.4-Maldun