恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-1	2016-09-06 14:55:48	2016-09-06 14:58:01	133 秒

魔盾分数

2.8

可疑的

文件详细信息

文件名	IMESEARCH.EXE
文件大小	179040 字节
文件类型	PE32+ executable (GUI) x86-64, for MS Windows
MD5	e2d6050df3f8b152415160f70955a10c
SHA1	baf0d491887e97ec0f92d731464c34bc5eed0a0e
SHA256	34dbc899cb6c5130f5c5e0d6e93a82dc1b5bb6a257c0fef889bcbfc5de798e37
SHA512	881f3b1439befcba5226819c4ad14b80f7a503849353f7c362c3c7a0bc7cf25affb738ae0116a659202dd954f78d296f03962ba1b91d91bd308dc76042de8cfa
CRC32	B1F7A7C5
Ssdeep	3072:CAjTDfsxV104aTQojPjecZbO0XdpolxA9oPm:Cy4xVihTQojPLbOYdpowF
Yara	登录查看Yara规则
	样本下载提交漏报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级
否	93.46.8.89	意大利
否	58.211.137.192	中国
否	23.44.155.27	美国
否	198.41.215.185	美国
否	117.18.237.29	亚洲太平洋地区

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
ss.symcd.com	CNAME ocsp-ds.ws.symantec.com.edgekey.net CNAME e8218.dscb1.akamaiedge.net A 23.44.155.27
ocsp2.globalsign.com	CNAME cdn.globalsigncdn.com A 58.211.137.192
tl.symcd.com
ocsp.omniroot.com	A 93.46.8.89 CNAME wac.BFDD.edgecastcdn.net
ocsp.globalsign.com
ocsp.digicert.com	CNAME cs9.wac.phicdn.net A 117.18.237.29
ocsp.msocsp.com	A 198.41.214.185 CNAME hostedocsp.globalsign.com A 198.41.214.186 A 198.41.214.187 A 198.41.215.183 A 198.41.215.182 A 198.41.215.185 A 198.41.214.183 A 198.41.215.184 A 198.41.215.186 A 198.41.214.184
s.symcd.com
ocsp.verisign.com

摘要

登录查看详细行为信息

PE 信息

初始地址	0x140000000
入口地址	0x14000de64
声明校验值	0x0002dd4e
实际校验值	0x0002dd4e
最低操作系统版本要求	5.2
PDB路径	t:\ime\x64\ship\0\imesearch.pdb\x00ship\0\imesearch.exe\bbtopt\imesearchO.pdb
编译时间	2010-01-21 16:16:50
图标
图标精确哈希值	29b9e9e440f7450851e365bb04e9af38
图标相似性哈希值	9d7ff9ec1850152f0c7fa9b0c36b57c1

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
LegalTrademarks
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

微软证书验证 (Sign Tool)

SHA1	时间戳	有效性	错误
a1dc4eef925b328d19e51b789c6e786ba41e275a	Thu Jan 21 16:36:40 2010	是	无

证书链	Certificate Chain 1
发行给	Microsoft Root Authority
发行人	Microsoft Root Authority
有效期	Thu Dec 31 150000 2020
SHA1 哈希	a43489159a520f0d93d032ccaf37e7fe20a8b419

证书链	Certificate Chain 2
发行给	Microsoft Code Signing PCA
发行人	Microsoft Root Authority
有效期	Sat Aug 25 150000 2012
SHA1 哈希	3036e3b25b88a55b86fc90e6e9eaad5081445166

证书链	Certificate Chain 3
发行给	Microsoft Corporation
发行人	Microsoft Code Signing PCA
有效期	Tue Mar 08 064029 2011
SHA1 哈希	9617094a1cfb59ae7c1f7dfdb6739e4e7c40508f

证书链	Timestamp Chain 1
发行给	Microsoft Root Authority
发行人	Microsoft Root Authority
有效期	Thu Dec 31 150000 2020
SHA1 哈希	a43489159a520f0d93d032ccaf37e7fe20a8b419

证书链	Timestamp Chain 2
发行给	Microsoft Timestamping PCA
发行人	Microsoft Root Authority
有效期	Sun Sep 15 150000 2019
SHA1 哈希	3ea99a60058275e0ed83b892a909449f8c33b245

证书链	Timestamp Chain 3
发行给	Microsoft Time-Stamp Service
发行人	Microsoft Timestamping PCA
有效期	Fri Jul 26 031115 2013
SHA1 哈希	4d6f357f0e6434da97b1afc540fb6fdd0e85a89f

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x00012bbb	0x00012c00	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.20
.rdata	0x00014000	0x000086d4	0x00008800	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.40
.data	0x0001d000	0x00001188	0x00000a00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	4.17
.pdata	0x0001f000	0x00001818	0x00001a00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.69
.rsrc	0x00021000	0x0000c458	0x0000c600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.17
.reloc	0x0002e000	0x000001bc	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	4.86

覆盖

偏移量	0x0002a400
大小	0x00001760

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
REGISTRY	0x00021690	0x00000300	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.30	ASCII text, with CRLF line terminators
REGISTRY	0x00021690	0x00000300	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.30	ASCII text, with CRLF line terminators
TYPELIB	0x00021990	0x00000878	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	3.75	data
RT_ICON	0x0002ac88	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.55	GLS_BINARY_LSB_FIRST
RT_ICON	0x0002ac88	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.55	GLS_BINARY_LSB_FIRST
RT_ICON	0x0002ac88	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.55	GLS_BINARY_LSB_FIRST
RT_ICON	0x0002ac88	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.55	GLS_BINARY_LSB_FIRST
RT_ICON	0x0002ac88	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.55	GLS_BINARY_LSB_FIRST
RT_ICON	0x0002ac88	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.55	GLS_BINARY_LSB_FIRST
RT_ICON	0x0002ac88	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.55	GLS_BINARY_LSB_FIRST
RT_ICON	0x0002ac88	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.55	GLS_BINARY_LSB_FIRST
RT_ICON	0x0002ac88	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.55	GLS_BINARY_LSB_FIRST
RT_ICON	0x0002ac88	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.55	GLS_BINARY_LSB_FIRST
RT_ICON	0x0002ac88	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.55	GLS_BINARY_LSB_FIRST
RT_DIALOG	0x0002c02c	0x00000248	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.40	data
RT_DIALOG	0x0002c02c	0x00000248	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.40	data
RT_DIALOG	0x0002c02c	0x00000248	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.40	data
RT_DIALOG	0x0002c02c	0x00000248	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.40	data
RT_DIALOG	0x0002c02c	0x00000248	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.40	data
RT_DIALOG	0x0002c02c	0x00000248	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.40	data
RT_DIALOG	0x0002c02c	0x00000248	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.40	data
RT_DIALOG	0x0002c02c	0x00000248	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.40	data
RT_STRING	0x0002ca64	0x00000166	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.78	data
RT_STRING	0x0002ca64	0x00000166	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.78	data
RT_STRING	0x0002ca64	0x00000166	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.78	data
RT_STRING	0x0002ca64	0x00000166	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.78	data
RT_STRING	0x0002ca64	0x00000166	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.78	data
RT_STRING	0x0002ca64	0x00000166	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.78	data
RT_STRING	0x0002ca64	0x00000166	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.78	data
RT_STRING	0x0002ca64	0x00000166	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.78	data
RT_GROUP_ICON	0x0002cbcc	0x000000a0	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.04	MS Windows icon resource - 11 icons, 48x48, 256-colors
RT_VERSION	0x0002cc6c	0x00000480	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.47	8086 relocatable (Microsoft)
RT_MANIFEST	0x0002d0ec	0x0000036a	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.07	ASCII text, with CRLF line terminators

导入

库: KERNEL32.dll:

• 0x140014000 CreateEventW

• 0x140014008 Sleep

• 0x140014010 CreateThread

• 0x140014018 PostQueuedCompletionStatus

• 0x140014020 ResetEvent

• 0x140014028 GetSystemInfo

• 0x140014030 TerminateThread

• 0x140014038 GetExitCodeThread

• 0x140014040 GetCommandLineW

• 0x140014048 GetSystemDefaultLangID

• 0x140014050 GetCurrentProcessId

• 0x140014058 CompareFileTime

• 0x140014060 WideCharToMultiByte

• 0x140014068 RaiseException

• 0x140014070 CreateIoCompletionPort

• 0x140014078 SetEvent

• 0x140014080 GetQueuedCompletionStatus

• 0x140014088 GetCurrentThreadId

• 0x140014090 FindResourceExW

• 0x140014098 LockResource

• 0x1400140a0 WaitForSingleObject

• 0x1400140a8 CloseHandle

• 0x1400140b0 LocalFree

• 0x1400140b8 GetModuleFileNameW

• 0x1400140c0 LoadLibraryExW

• 0x1400140c8 FindResourceW

• 0x1400140d0 LoadResource

• 0x1400140d8 SizeofResource

• 0x1400140e0 GetVersionExW

• 0x1400140e8 HeapSize

• 0x1400140f0 HeapReAlloc

• 0x1400140f8 HeapDestroy

• 0x140014100 RtlCaptureContext

• 0x140014108 RtlLookupFunctionEntry

• 0x140014110 RtlVirtualUnwind

• 0x140014118 IsDebuggerPresent

• 0x140014120 SetUnhandledExceptionFilter

• 0x140014128 UnhandledExceptionFilter

• 0x140014130 GetCurrentProcess

• 0x140014138 TerminateProcess

• 0x140014140 GetStartupInfoW

• 0x140014148 LoadLibraryW

• 0x140014150 HeapAlloc

• 0x140014158 GetSystemTimeAsFileTime

• 0x140014160 GetTickCount

• 0x140014168 QueryPerformanceCounter

• 0x140014170 VirtualProtect

• 0x140014178 GetProcessHeap

• 0x140014180 HeapFree

• 0x140014188 EnterCriticalSection

• 0x140014190 LeaveCriticalSection

• 0x140014198 InitializeCriticalSection

• 0x1400141a0 DeleteCriticalSection

• 0x1400141a8 GetLastError

• 0x1400141b0 GetProcAddress

• 0x1400141b8 GetModuleHandleW

• 0x1400141c0 lstrcmpiW

• 0x1400141c8 FreeLibrary

• 0x1400141d0 MultiByteToWideChar

• 0x1400141d8 lstrlenW

库: ole32.dll:

• 0x1400141e8 CoCreateGuid

• 0x1400141f0 CoResumeClassObjects

• 0x1400141f8 StringFromGUID2

• 0x140014200 OleRun

• 0x140014208 CoInitialize

• 0x140014210 CoRegisterClassObject

• 0x140014218 CoRevokeClassObject

• 0x140014220 CoSuspendClassObjects

• 0x140014228 CoUninitialize

• 0x140014230 CoInitializeEx

• 0x140014238 CoTaskMemFree

• 0x140014240 CoTaskMemRealloc

• 0x140014248 CoCreateInstance

• 0x140014250 CoTaskMemAlloc

库: OLEAUT32.dll:

• 0x140014260 None

• 0x140014268 None

• 0x140014270 None

• 0x140014278 None

• 0x140014280 None

• 0x140014288 None

• 0x140014290 None

• 0x140014298 None

• 0x1400142a0 None

• 0x1400142a8 None

• 0x1400142b0 None

• 0x1400142b8 None

库: USER32.dll:

• 0x1400142c8 DispatchMessageW

• 0x1400142d0 GetMessageW

• 0x1400142d8 CharNextW

• 0x1400142e0 CharUpperW

• 0x1400142e8 EnableWindow

• 0x1400142f0 TranslateMessage

• 0x1400142f8 GetWindowTextW

• 0x140014300 LoadIconW

• 0x140014308 EndDialog

• 0x140014310 SendMessageW

• 0x140014318 GetDlgItem

• 0x140014320 SetWindowTextW

• 0x140014328 DialogBoxIndirectParamW

• 0x140014330 MessageBoxW

• 0x140014338 GetWindowLongPtrW

• 0x140014340 PostMessageW

• 0x140014348 GetFocus

• 0x140014350 GetClientRect

• 0x140014358 PostThreadMessageW

• 0x140014360 SetForegroundWindow

• 0x140014368 CharLowerBuffW

• 0x140014370 SetWindowLongPtrW

库: ADVAPI32.dll:

• 0x140014380 GetTokenInformation

• 0x140014388 RegQueryValueExW

• 0x140014390 RegEnumKeyExW

• 0x140014398 RegQueryInfoKeyW

• 0x1400143a0 RegSetValueExW

• 0x1400143a8 RegOpenKeyExW

• 0x1400143b0 RegCreateKeyExW

• 0x1400143b8 RegCloseKey

• 0x1400143c0 RegDeleteValueW

• 0x1400143c8 RegDeleteKeyW

• 0x1400143d0 DeregisterEventSource

• 0x1400143d8 ReportEventW

• 0x1400143e0 RegisterEventSourceW

• 0x1400143e8 IsValidSid

• 0x1400143f0 OpenProcessToken

• 0x1400143f8 GetSidSubAuthority

• 0x140014400 GetSidSubAuthorityCount

库: SHELL32.dll:

• 0x140014410 CommandLineToArgvW

• 0x140014418 ShellExecuteW

库: SHLWAPI.dll:

• 0x140014428 PathFileExistsW

库: COMCTL32.dll:

• 0x140014438 InitCommonControlsEx

库: MSVCR90.dll:

• 0x140014448 memset

• 0x140014450 wcsncpy_s

• 0x140014458 ??_V@YAXPEAX@Z

• 0x140014460 __CxxFrameHandler3

• 0x140014468 _recalloc

• 0x140014470 ??2@YAPEAX_K@Z

• 0x140014478 ??_U@YAPEAX_K@Z

• 0x140014480 memmove_s

• 0x140014488 wcscpy_s

• 0x140014490 wcscat_s

• 0x140014498 _beginthreadex

• 0x1400144a0 _vscwprintf

• 0x1400144a8 vswprintf_s

• 0x1400144b0 ??0exception@std@@QEAA@AEBQEBD@Z

• 0x1400144b8 ?what@exception@std@@UEBAPEBDXZ

• 0x1400144c0 ??1exception@std@@UEAA@XZ

• 0x1400144c8 ??0exception@std@@QEAA@XZ

• 0x1400144d0 _invalid_parameter_noinfo

• 0x1400144d8 ??0exception@std@@QEAA@AEBV01@@Z

• 0x1400144e0 _amsg_exit

• 0x1400144e8 __wgetmainargs

• 0x1400144f0 _XcptFilter

• 0x1400144f8 _exit

• 0x140014500 _cexit

• 0x140014508 exit

• 0x140014510 _wcmdln

• 0x140014518 _initterm

• 0x140014520 _initterm_e

• 0x140014528 _configthreadlocale

• 0x140014530 __setusermatherr

• 0x140014538 _commode

• 0x140014540 _fmode

• 0x140014548 _encode_pointer

• 0x140014550 __set_app_type

• 0x140014558 ?terminate@@YAXXZ

• 0x140014560 _unlock

• 0x140014568 __dllonexit

• 0x140014570 _lock

• 0x140014578 _onexit

• 0x140014580 _decode_pointer

• 0x140014588 __crt_debugger_hook

• 0x140014590 ?_type_info_dtor_internal_method@type_info@@QEAAXXZ

• 0x140014598 _CxxThrowException

• 0x1400145a0 memcpy_s

• 0x1400145a8 free

• 0x1400145b0 malloc

• 0x1400145b8 wcsstr

• 0x1400145c0 ??3@YAXPEAX@Z

• 0x1400145c8 __C_specific_handler

库: MSVCP90.dll:

• 0x1400145d8 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@AEBV01@@Z

• 0x1400145e0 ??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z

• 0x1400145e8 ??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z

• 0x1400145f0 ??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@PEB_W@Z

• 0x1400145f8 ??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z

• 0x140014600 ?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAX_K@Z

• 0x140014608 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@PEB_W@Z

• 0x140014610 ?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2_KB

• 0x140014618 ?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@_K0AEBV12@@Z

• 0x140014620 ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@PEB_W@Z

• 0x140014628 ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@AEBV01@@Z

• 0x140014630 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z

• 0x140014638 ??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@AEBV10@PEB_W@Z

• 0x140014640 ?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_KAEBV12@_K@Z

• 0x140014648 ?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBAPEB_WXZ

• 0x140014650 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ

• 0x140014658 ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ

• 0x140014660 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ

• 0x140014668 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z

• 0x140014670 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ

• 0x140014678 ?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_KPEB_W_K@Z

.text
`.rdata
@.data
.pdata
@.rsrc
@.reloc
tmH;E
/fD;u
t:\ime\x64\ship\0\imesearch.pdb
ship\0\imesearch.exe\bbtopt\imesearchO.pdb
RegDeleteKeyExW
SetProcessDPIAware
FUnRegisterTypeLibForUser
RegisterTypeLibForUser
Finvalid map/set<T> iterator
vector<T> too long
map/set<T> too long
+HeapSetInformation
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
MSVCP90.dll
MSVCR90.dll
COMCTL32.dll
SHLWAPI.dll
SHELL32.dll
ADVAPI32.dll
USER32.dll
OLEAUT32.dll
ole32.dll
KERNEL32.dll
CreateEventW
Sleep
CreateThread
PostQueuedCompletionStatus
ResetEvent
GetSystemInfo
TerminateThread
GetExitCodeThread
GetCommandLineW
GetSystemDefaultLangID
GetCurrentProcessId
CompareFileTime
WideCharToMultiByte
RaiseException
CreateIoCompletionPort
SetEvent
GetQueuedCompletionStatus
GetCurrentThreadId
FindResourceExW
LockResource
WaitForSingleObject
CloseHandle
LocalFree
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
GetVersionExW
HeapSize
HeapReAlloc
HeapDestroy
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
LoadLibraryW
HeapAlloc
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
VirtualProtect
GetProcessHeap
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
GetProcAddress
GetModuleHandleW
lstrcmpiW
FreeLibrary
MultiByteToWideChar
lstrlenW
CoCreateGuid
CoResumeClassObjects
StringFromGUID2
OleRun
CoInitialize
CoRegisterClassObject
CoRevokeClassObject
CoSuspendClassObjects
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
DispatchMessageW
GetMessageW
CharNextW
CharUpperW
EnableWindow
TranslateMessage
GetWindowTextW
LoadIconW
EndDialog
SendMessageW
GetDlgItem
SetWindowTextW
DialogBoxIndirectParamW
MessageBoxW
GetWindowLongPtrW
PostMessageW
GetFocus
GetClientRect
PostThreadMessageW
SetForegroundWindow
CharLowerBuffW
SetWindowLongPtrW
GetTokenInformation
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
IsValidSid
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
CommandLineToArgvW
ShellExecuteW
PathFileExistsW
InitCommonControlsEx
memset
wcsncpy_s
??_V@YAXPEAX@Z
__CxxFrameHandler3
_recalloc
??2@YAPEAX_K@Z
??_U@YAPEAX_K@Z
memmove_s
wcscpy_s
wcscat_s
_beginthreadex
_vscwprintf
vswprintf_s
??0exception@std@@QEAA@AEBQEBD@Z
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@XZ
_invalid_parameter_noinfo
??0exception@std@@QEAA@AEBV01@@Z
_amsg_exit
__wgetmainargs
_XcptFilter
_exit
_cexit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
_CxxThrowException
memcpy_s
malloc
wcsstr
??3@YAXPEAX@Z
__C_specific_handler
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@AEBV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@PEB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAX_K@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@PEB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2_KB
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@_K0AEBV12@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@PEB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@AEBV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@AEBV10@PEB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_KAEBV12@_K@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBAPEB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_KPEB_W_K@Z
.?AVCAtlException@ATL@@
.?AVCComClassFactory@ATL@@
.?AUIClassFactory@@
.?AUIUnknown@@
.?AV?$CComObjectRootEx@VCComMultiThreadModel@ATL@@@ATL@@
.?AVCComObjectRootBase@ATL@@
.?AV?$CComClassFactorySingleton@VCImeSearchIntegration@@@ATL@@
.?AV?$CComObject@VCImeSearchIntegration@@@ATL@@
.?AVCImeSearchIntegration@@
.?AV?$CComCoClass@VCImeSearchIntegration@@$1?CLSID_CImeSearchIntegration@@3U_GUID@@B@ATL@@
.?AUIImeSearchIntegration@@
.?AV?$CComContainedObject@VCImeSearchIntegration@@@ATL@@
.?AV?$CComObjectCached@VCImeSearchIntegration@@@ATL@@
.?AVCRegObject@ATL@@
.?AUIRegistrarBase@@
.?AV?$CComAggObject@VCImeSearchIntegration@@@ATL@@
.?AV?$CComObjectRootEx@VCComMultiThreadModelNoCS@ATL@@@ATL@@
.?AV?$CComObjectNoLock@V?$CComClassFactorySingleton@VCImeSearchIntegration@@@ATL@@@ATL@@
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AV?$CThreadPool@VCWorkerShellExecute@@VCRTThreadTraits@ATL@@VWin32WaitTraits@3@@ATL@@
.?AUIThreadPoolConfig@ATL@@
.?AV?$CThreadPool@VCWorkerLaunchMaintenanceUI@@VCRTThreadTraits@ATL@@VWin32WaitTraits@3@@ATL@@
.?AVCSearchIntegrationModule@@
.?AV?$CAtlExeModuleT@VCSearchIntegrationModule@@@ATL@@
.?AV?$CAtlModuleT@VCSearchIntegrationModule@@@ATL@@
.?AVCAtlModule@ATL@@
.?AU_ATL_MODULE70@ATL@@
.?AVlength_error@std@@
.?AV_com_error@@
.?AVtype_info@@
SearchIntegrationExeLibW
oCImeSearchIntegrationWWWd
IImeSearchIntegrationWWWd
'bstrKeywordWd
LaunchMaintenanceUIWd
jlandIdWWd
pdwProcessId+
6UgbUUc
7;7((7C_
Q& Gd
ZNE002NZ
E@55D
</assembly>PA
zw9gj
TypeLib
Software
SYSTEM
SECURITY
Hardware
Interface
FileType
Component Categories
CLSID
AppID
Delete
NoRemove
ForceRemove
WAdvapi32.dll
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
Classes
REGISTRY
Module_Raw
Module
user32.dll
{79c076b4-0783-42aa-b2fc-1547217eb2ff}
\Implemented Categories
\Required Categories
CLSID\
OLEAUT32.DLL
Mscoree.dll
APPID
RegServerPerUser
UnregServerPerUser
RegServer
UnregServer
%%%02x
{searchTerms}
SearchPlugIn
Software\Policies\Microsoft\IME\Shared\14.0
http://go.microsoft.com/fwlink/?LinkID=151939&clcid=%0x
http://go.microsoft.com/fwlink/?LinkID=131560&clcid=%0x
kernel32.dll
InsecureQI
Software\Microsoft\Security
Software\Policies\Microsoft\Security
CLSIDInterfaceTest
%s %s %s
%d.%d.%d.%d
Wversion.dll
InprocServer32
{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}
EnableLUA
Software\Microsoft\Windows\CurrentVersion\Policies\System
DefaultScope
Software\Microsoft\IME\14.0\SearchProviders
utf-16
utf-8
hz-gb-2312
gb2312
gb18030
euc-jp
shift_jis
CodePage
DisplayName
Software\Microsoft\IME\14.0\SearchProviders\
text/html
template
InputEncoding
ShortName
OpenSearchDescription
https://
http://
TYPELIB
MS Shell Dlg
SysListView32
Static
IME 2010 Search Provider Settings
MS Shell Dlg
Search &Providers:
SysListView32
Set &Default
&Remove
Static
Cancel
MS Shell Dlg
(&P):
SysListView32
Static
MS Shell Dlg
SysListView32
Static
MS Shell Dlg
IME 2010 Add Search Provider
MS Shell Dlg
Do you want to add the following search provider to %s?
Name: 
Connect To: 
&Make this the default search provider of %s
&Add Provider
Cancel
Only add search providers connected to websites that you trust.
MS Shell Dlg
MS Shell Dlg
 (Default)
 2010
IME 2010
Microsoft Office IME 2010
 2010
VS_VERSION_INFO
StringFileInfo
000004b0
CompanyName
Microsoft Corporation
FileDescription
IME search module
FileVersion
14.0.4734.1000
InternalName
imesearch.exe
LegalCopyright
All rights reserved.
LegalTrademarks
Microsoft(R) is a registered trademark of Microsoft Corporation. Windows(R) is a registered trademark of Microsoft Corporation.
OriginalFilename
imesearch.exe
ProductName
Microsoft Office IME 2010
ProductVersion
14.0.4734.1000
VarFileInfo
Translation

防病毒引擎/厂商	病毒名/规则匹配	病毒库日期
Bkav	未发现病毒	20160604
MicroWorld-eScan	未发现病毒	20160605
nProtect	未发现病毒	20160603
CMC	未发现病毒	20160602
CAT-QuickHeal	未发现病毒	20160604
ALYac	未发现病毒	20160605
Malwarebytes	未发现病毒	20160605
VIPRE	未发现病毒	20160605
TheHacker	未发现病毒	20160604
BitDefender	未发现病毒	20160605
K7GW	未发现病毒	20160605
K7AntiVirus	未发现病毒	20160605
Baidu	未发现病毒	20160603
F-Prot	未发现病毒	20160605
Symantec	未发现病毒	20160605
ESET-NOD32	未发现病毒	20160604
TrendMicro-HouseCall	未发现病毒	20160605
Avast	未发现病毒	20160605
ClamAV	未发现病毒	20160605
GData	未发现病毒	20160605
Kaspersky	未发现病毒	20160605
Alibaba	未发现病毒	20160603
NANO-Antivirus	未发现病毒	20160605
ViRobot	未发现病毒	20160604
SUPERAntiSpyware	未发现病毒	20160605
Rising	未发现病毒	20160605
Ad-Aware	未发现病毒	20160605
Sophos	未发现病毒	20160605
Comodo	未发现病毒	20160605
F-Secure	未发现病毒	20160604
DrWeb	未发现病毒	20160605
Zillya	未发现病毒	20160603
TrendMicro	未发现病毒	20160605
McAfee-GW-Edition	未发现病毒	20160605
Emsisoft	未发现病毒	20160605
Cyren	未发现病毒	20160605
Jiangmin	未发现病毒	20160605
Avira	未发现病毒	20160604
Antiy-AVL	未发现病毒	20160605
Kingsoft	未发现病毒	20160605
Arcabit	未发现病毒	20160605
AegisLab	未发现病毒	20160604
AhnLab-V3	未发现病毒	20160604
Microsoft	未发现病毒	20160605
TotalDefense	未发现病毒	20160605
McAfee	未发现病毒	20160605
AVware	未发现病毒	20160604
VBA32	未发现病毒	20160603
Panda	未发现病毒	20160605
Zoner	未发现病毒	20160605
Tencent	未发现病毒	20160605
Yandex	未发现病毒	20160604
Ikarus	未发现病毒	20160605
Fortinet	未发现病毒	20160605
AVG	未发现病毒	20160605
Baidu-International	未发现病毒	20160604
Qihoo-360	未发现病毒	20160605

进程树

IMESEARCH.EXE id: 576

搜索
IMESEARCH.EXE (576)

IMESEARCH.EXE, PID: 576, 上一级进程 PID: 524

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级
否	93.46.8.89	意大利
否	58.211.137.192	中国
否	23.44.155.27	美国
否	198.41.215.185	美国
否	117.18.237.29	亚洲太平洋地区

TCP

源地址	源端口	目标地址	目标端口
192.168.122.70	49358	111.108.54.16	80
192.168.122.70	49352	117.18.237.29 ocsp.digicert.com	80
192.168.122.70	49345	178.255.83.1	80
192.168.122.70	49353	198.41.215.185 ocsp.msocsp.com	80
192.168.122.70	49340	23.44.155.27 ss.symcd.com	80
192.168.122.70	49343	23.44.155.27 ss.symcd.com	80
192.168.122.70	49354	23.44.155.27 ss.symcd.com	80
192.168.122.70	49355	23.44.155.27 ss.symcd.com	80
192.168.122.70	49357	23.44.155.27 ss.symcd.com	80
192.168.122.70	49341	58.211.137.192 ocsp2.globalsign.com	80
192.168.122.70	49350	58.211.137.192 ocsp2.globalsign.com	80
192.168.122.70	49359	58.211.137.192 ocsp2.globalsign.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.70	49587	192.168.122.1	53
192.168.122.70	49765	192.168.122.1	53
192.168.122.70	50445	192.168.122.1	53
192.168.122.70	51014	192.168.122.1	53
192.168.122.70	53017	192.168.122.1	53
192.168.122.70	54315	192.168.122.1	53
192.168.122.70	55256	192.168.122.1	53
192.168.122.70	55583	192.168.122.1	53
192.168.122.70	57997	192.168.122.1	53
192.168.122.70	59456	192.168.122.1	53
192.168.122.70	60311	192.168.122.1	53
192.168.122.70	60614	192.168.122.1	53
192.168.122.70	61230	192.168.122.1	53
192.168.122.70	62263	192.168.122.1	53
192.168.122.70	63780	192.168.122.1	53
192.168.122.70	64732	192.168.122.1	53
192.168.122.70	65053	192.168.122.1	53
192.168.122.70	65064	192.168.122.1	53
192.168.122.70	65276	192.168.122.1	53
192.168.122.70	137	192.168.122.255	137
192.168.122.70	138	192.168.122.255	138
192.168.122.70	5355	192.168.122.69	53197
192.168.122.70	49465	224.0.0.252	5355
192.168.122.70	49475	224.0.0.252	5355
192.168.122.70	49500	224.0.0.252	5355
192.168.122.70	49534	224.0.0.252	5355
192.168.122.70	49957	224.0.0.252	5355
192.168.122.70	50117	224.0.0.252	5355
192.168.122.70	51346	224.0.0.252	5355
192.168.122.70	51435	224.0.0.252	5355
192.168.122.70	53257	224.0.0.252	5355
192.168.122.70	54110	224.0.0.252	5355
192.168.122.70	54662	224.0.0.252	5355
192.168.122.70	54690	224.0.0.252	5355
192.168.122.70	54923	224.0.0.252	5355
192.168.122.70	55465	224.0.0.252	5355
192.168.122.70	56181	224.0.0.252	5355
192.168.122.70	59175	224.0.0.252	5355
192.168.122.70	59247	224.0.0.252	5355
192.168.122.70	59255	224.0.0.252	5355
192.168.122.70	59558	224.0.0.252	5355
192.168.122.70	60069	224.0.0.252	5355
192.168.122.70	60304	224.0.0.252	5355
192.168.122.70	60339	224.0.0.252	5355
192.168.122.70	61171	224.0.0.252	5355
192.168.122.70	61458	224.0.0.252	5355
192.168.122.70	61735	224.0.0.252	5355
192.168.122.70	61978	224.0.0.252	5355
192.168.122.70	62141	224.0.0.252	5355
192.168.122.70	62909	224.0.0.252	5355
192.168.122.70	63048	224.0.0.252	5355
192.168.122.70	57195	239.255.255.250	1900
192.168.122.70	123	52.169.179.91	123

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
ss.symcd.com	CNAME ocsp-ds.ws.symantec.com.edgekey.net CNAME e8218.dscb1.akamaiedge.net A 23.44.155.27
ocsp2.globalsign.com	CNAME cdn.globalsigncdn.com A 58.211.137.192
tl.symcd.com
ocsp.omniroot.com	A 93.46.8.89 CNAME wac.BFDD.edgecastcdn.net
ocsp.globalsign.com
ocsp.digicert.com	CNAME cs9.wac.phicdn.net A 117.18.237.29
ocsp.msocsp.com	A 198.41.214.185 CNAME hostedocsp.globalsign.com A 198.41.214.186 A 198.41.214.187 A 198.41.215.183 A 198.41.215.182 A 198.41.215.185 A 198.41.214.183 A 198.41.215.184 A 198.41.215.186 A 198.41.214.184
s.symcd.com
ocsp.verisign.com

TCP

源地址	源端口	目标地址	目标端口
192.168.122.70	49358	111.108.54.16	80
192.168.122.70	49352	117.18.237.29 ocsp.digicert.com	80
192.168.122.70	49345	178.255.83.1	80
192.168.122.70	49353	198.41.215.185 ocsp.msocsp.com	80
192.168.122.70	49340	23.44.155.27 ss.symcd.com	80
192.168.122.70	49343	23.44.155.27 ss.symcd.com	80
192.168.122.70	49354	23.44.155.27 ss.symcd.com	80
192.168.122.70	49355	23.44.155.27 ss.symcd.com	80
192.168.122.70	49357	23.44.155.27 ss.symcd.com	80
192.168.122.70	49341	58.211.137.192 ocsp2.globalsign.com	80
192.168.122.70	49350	58.211.137.192 ocsp2.globalsign.com	80
192.168.122.70	49359	58.211.137.192 ocsp2.globalsign.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.70	49587	192.168.122.1	53
192.168.122.70	49765	192.168.122.1	53
192.168.122.70	50445	192.168.122.1	53
192.168.122.70	51014	192.168.122.1	53
192.168.122.70	53017	192.168.122.1	53
192.168.122.70	54315	192.168.122.1	53
192.168.122.70	55256	192.168.122.1	53
192.168.122.70	55583	192.168.122.1	53
192.168.122.70	57997	192.168.122.1	53
192.168.122.70	59456	192.168.122.1	53
192.168.122.70	60311	192.168.122.1	53
192.168.122.70	60614	192.168.122.1	53
192.168.122.70	61230	192.168.122.1	53
192.168.122.70	62263	192.168.122.1	53
192.168.122.70	63780	192.168.122.1	53
192.168.122.70	64732	192.168.122.1	53
192.168.122.70	65053	192.168.122.1	53
192.168.122.70	65064	192.168.122.1	53
192.168.122.70	65276	192.168.122.1	53
192.168.122.70	137	192.168.122.255	137
192.168.122.70	138	192.168.122.255	138
192.168.122.70	5355	192.168.122.69	53197
192.168.122.70	49465	224.0.0.252	5355
192.168.122.70	49475	224.0.0.252	5355
192.168.122.70	49500	224.0.0.252	5355
192.168.122.70	49534	224.0.0.252	5355
192.168.122.70	49957	224.0.0.252	5355
192.168.122.70	50117	224.0.0.252	5355
192.168.122.70	51346	224.0.0.252	5355
192.168.122.70	51435	224.0.0.252	5355
192.168.122.70	53257	224.0.0.252	5355
192.168.122.70	54110	224.0.0.252	5355
192.168.122.70	54662	224.0.0.252	5355
192.168.122.70	54690	224.0.0.252	5355
192.168.122.70	54923	224.0.0.252	5355
192.168.122.70	55465	224.0.0.252	5355
192.168.122.70	56181	224.0.0.252	5355
192.168.122.70	59175	224.0.0.252	5355
192.168.122.70	59247	224.0.0.252	5355
192.168.122.70	59255	224.0.0.252	5355
192.168.122.70	59558	224.0.0.252	5355
192.168.122.70	60069	224.0.0.252	5355
192.168.122.70	60304	224.0.0.252	5355
192.168.122.70	60339	224.0.0.252	5355
192.168.122.70	61171	224.0.0.252	5355
192.168.122.70	61458	224.0.0.252	5355
192.168.122.70	61735	224.0.0.252	5355
192.168.122.70	61978	224.0.0.252	5355
192.168.122.70	62141	224.0.0.252	5355
192.168.122.70	62909	224.0.0.252	5355
192.168.122.70	63048	224.0.0.252	5355
192.168.122.70	57195	239.255.255.250	1900
192.168.122.70	123	52.169.179.91	123

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://ss.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV%2Bc%2FAZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEFYLnHjjHwADjD39iRSceNk%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV%2Bc%2FAZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEFYLnHjjHwADjD39iRSceNk%3D HTTP/1.1 Cache-Control: max-age = 471898 Connection: Keep-Alive Accept: / If-Modified-Since: Fri, 22 Jan 2016 20:24:23 GMT User-Agent: Microsoft-CryptoAPI/6.1 Host: ss.symcd.com
URL专业沙箱检测 -> http://ocsp2.globalsign.com/gsorganizationvalg2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV%2FtqUV3SNMRE%2Bs25eR%2FvhjwQUXUayjcRLdBy77fVztjq3OI91nn4CEhEhyNkSBZL0u2zY4jc9udsWFw%3D%3D	GET /gsorganizationvalg2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV%2FtqUV3SNMRE%2Bs25eR%2FvhjwQUXUayjcRLdBy77fVztjq3OI91nn4CEhEhyNkSBZL0u2zY4jc9udsWFw%3D%3D HTTP/1.1 Cache-Control: max-age = 180 Connection: Keep-Alive Accept: / If-Modified-Since: Sun, 24 Jan 2016 08:12:59 GMT User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp2.globalsign.com
URL专业沙箱检测 -> http://tl.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSFBjxN%2BWY73bfUnSOp7HDKJ%2Fbx0wQUV4abVLi%2BpimK5PbC4hMYiYXN3LcCEFV%2F%2FzzjA%2F6oY6Vtno9bzTU%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSFBjxN%2BWY73bfUnSOp7HDKJ%2Fbx0wQUV4abVLi%2BpimK5PbC4hMYiYXN3LcCEFV%2F%2FzzjA%2F6oY6Vtno9bzTU%3D HTTP/1.1 Cache-Control: max-age = 381196 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 21 Jan 2016 16:19:41 GMT User-Agent: Microsoft-CryptoAPI/6.1 Host: tl.symcd.com
URL专业沙箱检测 -> http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1 Cache-Control: max-age = 311241 Connection: Keep-Alive Accept: / If-Modified-Since: Sat, 23 Jan 2016 23:57:39 GMT User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.usertrust.com
URL专业沙箱检测 -> http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH	GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH HTTP/1.1 Cache-Control: max-age = 10800 Connection: Keep-Alive Accept: / If-Modified-Since: Sun, 24 Jan 2016 05:50:23 GMT If-None-Match: "611749fc10ad79b9b9cd23c4bf787c5ae78576ef" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.globalsign.com
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D HTTP/1.1 Cache-Control: max-age = 500863 Connection: Keep-Alive Accept: / If-Modified-Since: Sat, 23 Jan 2016 22:46:14 GMT If-None-Match: "56a402b6-1d7" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.digicert.com
URL专业沙箱检测 -> http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAN43VPPQBXGCMiwAAQAA3jc%3D	GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAN43VPPQBXGCMiwAAQAA3jc%3D HTTP/1.1 Cache-Control: max-age = 10800 Connection: Keep-Alive Accept: / If-Modified-Since: Sun, 24 Jan 2016 06:30:15 GMT If-None-Match: "77a3ed05d7337d023a726d1efae9caf1857cedc9" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.msocsp.com
URL专业沙箱检测 -> http://ss.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV%2Bc%2FAZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEC7Ss3YcBffkpx9UsN1ZWpU%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV%2Bc%2FAZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEC7Ss3YcBffkpx9UsN1ZWpU%3D HTTP/1.1 Cache-Control: max-age = 535551 Connection: Keep-Alive Accept: / If-Modified-Since: Sat, 23 Jan 2016 14:04:33 GMT User-Agent: Microsoft-CryptoAPI/6.1 Host: ss.symcd.com
URL专业沙箱检测 -> http://s.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEBkaMst1nJe4z6wRjdUSf0k%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEBkaMst1nJe4z6wRjdUSf0k%3D HTTP/1.1 Cache-Control: max-age = 584283 Connection: Keep-Alive Accept: / If-Modified-Since: Sun, 24 Jan 2016 03:35:04 GMT User-Agent: Microsoft-CryptoAPI/6.1 Host: s.symcd.com
URL专业沙箱检测 -> http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEDWXMYfzhzoHMn7OWAybfto%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEDWXMYfzhzoHMn7OWAybfto%3D HTTP/1.1 Cache-Control: max-age = 361610 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 21 Jan 2016 13:39:51 GMT User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.verisign.com
URL专业沙箱检测 -> http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl	GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: / If-Modified-Since: Sat, 28 Nov 2015 06:02:10 GMT If-None-Match: "4ea8b151a229d11:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.microsoft.com
URL专业沙箱检测 -> http://ocsp2.globalsign.com/gsorganizationvalsha2g2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCEhEhGuAGlWtDRHAtLRzCaILaCA%3D%3D	GET /gsorganizationvalsha2g2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCEhEhGuAGlWtDRHAtLRzCaILaCA%3D%3D HTTP/1.1 Cache-Control: max-age = 180 Connection: Keep-Alive Accept: / If-Modified-Since: Sun, 24 Jan 2016 03:25:57 GMT User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp2.globalsign.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 46.823 seconds )

44.066 NetworkAnalysis
1.183 VirusTotal
0.745 Static
0.427 peid
0.213 TargetInfo
0.108 BehaviorAnalysis
0.03 Strings
0.024 AnalysisInfo
0.012 config_decoder
0.009 Debug
0.003 Dropped
0.002 Memory
0.001 ProcessMemory

Signatures ( 0.081 seconds )

0.019 antiav_detectreg
0.006 antiav_detectfile
0.006 infostealer_ftp
0.005 persistence_autorun
0.005 geodo_banking_trojan
0.004 infostealer_im
0.003 stealth_timeout
0.003 antianalysis_detectreg
0.003 bot_drive
0.003 infostealer_bitcoin
0.003 infostealer_mail
0.003 network_torgateway
0.002 tinba_behavior
0.002 antivm_vbox_files
0.002 bot_drive2
0.002 disables_browser_warn
0.001 betabot_behavior
0.001 shifu_behavior
0.001 vawtrak_behavior
0.001 banker_zeus_mutex
0.001 bot_athenahttp
0.001 bot_madness
0.001 browser_addon
0.001 modify_proxy
0.001 browser_security
0.001 ransomware_files

Reporting ( 1.584 seconds )

0.912 ReportPDF
0.66 ReportHTMLSummary
0.012 Malheur


Task ID	16175
Mongo ID	57ce692a4d3bd048e498298a
Cuckoo release	1.4-Maldun