比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64 2016-09-06 14:59:02 2016-09-06 15:01:16 134 秒

魔盾分数

2.8

可疑的

文件详细信息

文件名 IMSCPROP.EXE
文件大小 237976 字节
文件类型 PE32+ executable (GUI) x86-64, for MS Windows
MD5 585e46c7d4e45b59926fecf27fe5dd55
SHA1 4546da12f3466f58b8e34d082c6aa9ee745b2232
SHA256 da79cdf5a2dc462abe3ce56381ca0f60f657089e95ba712f0050276e8c28c41b
SHA512 942b0629e1c3e1e4813b24c64084297ce1cd7bf29a5f804b70f763c52194536ee744e7849c811081f25c5c85443973a97418e12de3188027be09b09c20563154
CRC32 EB1062D5
Ssdeep 6144:a0fjkJR/b951RHnpzOdFiQsOemlhxXriZz:a0fu/B51RHNnOemlhxOZz
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
58.211.137.192 中国
23.44.155.27 美国
198.41.215.183 美国
117.18.237.29 亚洲太平洋地区

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
ss.symcd.com CNAME ocsp-ds.ws.symantec.com.edgekey.net
CNAME e8218.dscb1.akamaiedge.net
A 23.44.155.27
ocsp.msocsp.com A 198.41.214.185
CNAME hostedocsp.globalsign.com
A 198.41.214.186
A 198.41.214.187
A 198.41.215.183
A 198.41.215.182
A 198.41.215.185
A 198.41.214.183
A 198.41.215.184
A 198.41.215.186
A 198.41.214.184
ocsp.verisign.com
sd.symcd.com
ocsp2.globalsign.com CNAME cdn.globalsigncdn.com
A 58.211.137.192
ocsp.digicert.com CNAME cs9.wac.phicdn.net
A 117.18.237.29
ocsp.globalsign.com
s.symcd.com

摘要

登录查看详细行为信息

PE 信息

初始地址 0x140000000
入口地址 0x140011860
声明校验值 0x0003bde0
实际校验值 0x0003bde0
最低操作系统版本要求 5.2
PDB路径 t:\ime\x64\ship\0\imscprop.pdb\x00\ship\0\imscprop.exe\bbtopt\imscpropO.pdb
编译时间 2010-01-21 16:22:08
图标
图标精确哈希值 68b8d3cad94c2bf59d5de7523e98491e
图标相似性哈希值 e7a241e75fa02822c9e97888a199d797

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
LegalTrademarks
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
c6084ea8496a12c1bbfa7b148d0880c8a5b13411 Thu Jan 21 16:36:40 2010
证书链 Certificate Chain 1
发行给 Microsoft Root Authority
发行人 Microsoft Root Authority
有效期 Thu Dec 31 150000 2020
SHA1 哈希 a43489159a520f0d93d032ccaf37e7fe20a8b419
证书链 Certificate Chain 2
发行给 Microsoft Code Signing PCA
发行人 Microsoft Root Authority
有效期 Sat Aug 25 150000 2012
SHA1 哈希 3036e3b25b88a55b86fc90e6e9eaad5081445166
证书链 Certificate Chain 3
发行给 Microsoft Corporation
发行人 Microsoft Code Signing PCA
有效期 Tue Mar 08 064029 2011
SHA1 哈希 9617094a1cfb59ae7c1f7dfdb6739e4e7c40508f
证书链 Timestamp Chain 1
发行给 Microsoft Root Authority
发行人 Microsoft Root Authority
有效期 Thu Dec 31 150000 2020
SHA1 哈希 a43489159a520f0d93d032ccaf37e7fe20a8b419
证书链 Timestamp Chain 2
发行给 Microsoft Timestamping PCA
发行人 Microsoft Root Authority
有效期 Sun Sep 15 150000 2019
SHA1 哈希 3ea99a60058275e0ed83b892a909449f8c33b245
证书链 Timestamp Chain 3
发行给 Microsoft Time-Stamp Service
发行人 Microsoft Timestamping PCA
有效期 Fri Jul 26 031115 2013
SHA1 哈希 4d6f357f0e6434da97b1afc540fb6fdd0e85a89f

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00016bfd 0x00016c00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.18
.rdata 0x00018000 0x00008a48 0x00008c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.54
.data 0x00021000 0x00000f80 0x00000800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.37
.pdata 0x00022000 0x00001aa0 0x00001c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.87
.rsrc 0x00024000 0x0001666c 0x00016800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.40
.reloc 0x0003b000 0x000000d0 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 2.80

覆盖

偏移量 0x00038a00
大小 0x00001798

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_ICON 0x00033690 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.98 GLS_BINARY_LSB_FIRST
RT_ICON 0x00033690 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.98 GLS_BINARY_LSB_FIRST
RT_ICON 0x00033690 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.98 GLS_BINARY_LSB_FIRST
RT_ICON 0x00033690 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.98 GLS_BINARY_LSB_FIRST
RT_ICON 0x00033690 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.98 GLS_BINARY_LSB_FIRST
RT_ICON 0x00033690 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.98 GLS_BINARY_LSB_FIRST
RT_ICON 0x00033690 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.98 GLS_BINARY_LSB_FIRST
RT_ICON 0x00033690 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.98 GLS_BINARY_LSB_FIRST
RT_ICON 0x00033690 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.98 GLS_BINARY_LSB_FIRST
RT_ICON 0x00033690 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.98 GLS_BINARY_LSB_FIRST
RT_ICON 0x00033690 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.98 GLS_BINARY_LSB_FIRST
RT_ICON 0x00033690 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.98 GLS_BINARY_LSB_FIRST
RT_ICON 0x00033690 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.98 GLS_BINARY_LSB_FIRST
RT_ICON 0x00033690 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.98 GLS_BINARY_LSB_FIRST
RT_ICON 0x00033690 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.98 GLS_BINARY_LSB_FIRST
RT_ICON 0x00033690 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.98 GLS_BINARY_LSB_FIRST
RT_ICON 0x00033690 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.98 GLS_BINARY_LSB_FIRST
RT_ICON 0x00033690 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.98 GLS_BINARY_LSB_FIRST
RT_ICON 0x00033690 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.98 GLS_BINARY_LSB_FIRST
RT_ICON 0x00033690 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.98 GLS_BINARY_LSB_FIRST
RT_ICON 0x00033690 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.98 GLS_BINARY_LSB_FIRST
RT_ICON 0x00033690 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.98 GLS_BINARY_LSB_FIRST
RT_ICON 0x00033690 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.98 GLS_BINARY_LSB_FIRST
RT_ICON 0x00033690 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.98 GLS_BINARY_LSB_FIRST
RT_ICON 0x00033690 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.98 GLS_BINARY_LSB_FIRST
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_DIALOG 0x000378bc 0x00000116 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.73 dBase III DBT
RT_STRING 0x000398c4 0x0000006e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_STRING 0x000398c4 0x0000006e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_STRING 0x000398c4 0x0000006e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_STRING 0x000398c4 0x0000006e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_STRING 0x000398c4 0x0000006e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_STRING 0x000398c4 0x0000006e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_STRING 0x000398c4 0x0000006e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_STRING 0x000398c4 0x0000006e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_STRING 0x000398c4 0x0000006e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_STRING 0x000398c4 0x0000006e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_STRING 0x000398c4 0x0000006e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_STRING 0x000398c4 0x0000006e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_STRING 0x000398c4 0x0000006e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_STRING 0x000398c4 0x0000006e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_STRING 0x000398c4 0x0000006e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_STRING 0x000398c4 0x0000006e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_STRING 0x000398c4 0x0000006e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_STRING 0x000398c4 0x0000006e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_STRING 0x000398c4 0x0000006e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_STRING 0x000398c4 0x0000006e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_STRING 0x000398c4 0x0000006e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_STRING 0x000398c4 0x0000006e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_STRING 0x000398c4 0x0000006e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_STRING 0x000398c4 0x0000006e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_RCDATA 0x00039cc0 0x00000084 LANG_NEUTRAL SUBLANG_NEUTRAL 3.66 data
RT_RCDATA 0x00039cc0 0x00000084 LANG_NEUTRAL SUBLANG_NEUTRAL 3.66 data
RT_RCDATA 0x00039cc0 0x00000084 LANG_NEUTRAL SUBLANG_NEUTRAL 3.66 data
RT_RCDATA 0x00039cc0 0x00000084 LANG_NEUTRAL SUBLANG_NEUTRAL 3.66 data
RT_RCDATA 0x00039cc0 0x00000084 LANG_NEUTRAL SUBLANG_NEUTRAL 3.66 data
RT_GROUP_ICON 0x00039ea4 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon
RT_GROUP_ICON 0x00039ea4 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon
RT_GROUP_ICON 0x00039ea4 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon
RT_VERSION 0x00039eb8 0x000004b0 LANG_ENGLISH SUBLANG_ENGLISH_US 3.46 data
RT_MANIFEST 0x0003a368 0x00000302 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.06 ASCII text, with very long lines, with no line terminators

导入

库: ADVAPI32.dll:
0x140018008 RegOpenKeyExW
0x140018010 RegQueryValueExW
0x140018018 RegCloseKey
0x140018020 DeregisterEventSource
0x140018028 ReportEventW
0x140018030 RegisterEventSourceW
0x140018038 RegEnumKeyExW
0x140018040 GetTokenInformation
0x140018048 OpenProcessToken
0x140018050 ConvertSidToStringSidW
0x140018058 IsValidSid
0x140018060 GetSidSubAuthority
0x140018068 GetSidSubAuthorityCount
0x140018070 RegSetValueExW
0x140018078 RegCreateKeyExW
库: COMCTL32.dll:
0x140018088 PropertySheetW
库: GDI32.dll:
0x140018098 GetTextExtentPoint32W
0x1400180a0 DeleteObject
0x1400180a8 SetBkMode
0x1400180b0 CreateSolidBrush
0x1400180b8 CreateFontIndirectW
0x1400180c0 DeleteDC
0x1400180c8 SetTextColor
0x1400180d0 BitBlt
0x1400180d8 SelectObject
0x1400180e0 CreateCompatibleBitmap
0x1400180e8 CreateCompatibleDC
0x1400180f0 GetObjectW
0x1400180f8 GetDeviceCaps
库: IMM32.dll:
0x140018108 ImmAssociateContext
库: KERNEL32.dll:
0x140018118 SystemTimeToFileTime
0x140018120 UnmapViewOfFile
0x140018128 MapViewOfFile
0x140018130 CreateFileMappingW
0x140018138 CreateThread
0x140018140 DeleteFileW
0x140018148 FreeLibrary
0x140018150 DeleteCriticalSection
0x140018160 WaitForSingleObject
0x140018168 GetVersionExW
0x140018170 GetFileAttributesW
0x140018178 RtlCaptureContext
0x140018180 RtlLookupFunctionEntry
0x140018188 GetDateFormatW
0x140018190 IsDebuggerPresent
0x1400181a0 UnhandledExceptionFilter
0x1400181a8 GetCurrentProcess
0x1400181b0 TerminateProcess
0x1400181b8 GetStartupInfoA
0x1400181c0 Sleep
0x1400181c8 GetModuleFileNameW
0x1400181d0 HeapAlloc
0x1400181d8 HeapFree
0x1400181e0 GetModuleHandleW
0x1400181e8 GetProcessHeap
0x1400181f0 GetSystemTimeAsFileTime
0x1400181f8 GetCurrentProcessId
0x140018200 GetCurrentThreadId
0x140018208 GetTickCount
0x140018210 QueryPerformanceCounter
0x140018218 VirtualProtect
0x140018220 GetSystemDefaultLCID
0x140018228 GetCommandLineW
0x140018230 CreateMutexW
0x140018238 GetLastError
0x140018240 CloseHandle
0x140018248 LocalFree
0x140018250 lstrlenW
0x140018258 FindResourceExW
0x140018260 FindResourceW
0x140018268 SizeofResource
0x140018270 LoadResource
0x140018278 LoadLibraryW
0x140018280 LockResource
0x140018288 RtlVirtualUnwind
0x140018290 GetProcAddress
库: ole32.dll:
0x1400182a0 CoCreateInstance
0x1400182a8 CoInitialize
0x1400182b0 CoUninitialize
库: USER32.dll:
0x1400182c0 FindWindowW
0x1400182c8 GetLastActivePopup
0x1400182d0 SetForegroundWindow
0x1400182d8 LoadImageW
0x1400182e0 ShowWindow
0x1400182e8 DialogBoxIndirectParamW
0x1400182f0 IsWindowEnabled
0x1400182f8 SetWindowTextW
0x140018300 CheckDlgButton
0x140018308 CheckRadioButton
0x140018310 DestroyIcon
0x140018318 GetClientRect
0x140018320 GetSystemMetrics
0x140018328 GetWindowLongW
0x140018330 IsWindow
0x140018338 DrawFocusRect
0x140018340 RemovePropW
0x140018348 SetPropW
0x140018350 SetWindowLongPtrW
0x140018358 GetPropW
0x140018360 CallWindowProcW
0x140018368 IsDlgButtonChecked
0x140018370 GetDlgItemTextW
0x140018378 TrackMouseEvent
0x140018380 InvalidateRect
0x140018388 FrameRect
0x140018390 InflateRect
0x140018398 GetSysColor
0x1400183a0 FillRect
0x1400183a8 DrawFrameControl
0x1400183b0 GetParent
0x1400183b8 ScreenToClient
0x1400183c0 SetWindowPos
0x1400183c8 DestroyWindow
0x1400183d0 GetDC
0x1400183d8 ReleaseDC
0x1400183e0 LoadIconW
0x1400183e8 DrawIconEx
0x1400183f0 OffsetRect
0x1400183f8 DrawTextW
0x140018400 GetWindowRect
0x140018408 CreateWindowExW
0x140018410 GetDlgItem
0x140018418 EndDialog
0x140018420 EnableWindow
0x140018428 MessageBoxW
0x140018430 GetWindowTextW
0x140018438 DialogBoxParamW
0x140018440 MoveWindow
0x140018448 EndPaint
0x140018450 DrawTextExW
0x140018458 BeginPaint
0x140018460 ReleaseCapture
0x140018468 UpdateWindow
0x140018470 SetCapture
0x140018478 PtInRect
0x140018480 GetCursorPos
0x140018488 SetCursor
0x140018490 LoadCursorW
0x140018498 GetWindowLongPtrW
0x1400184a0 SetFocus
0x1400184a8 PostMessageW
0x1400184b0 SendMessageW
库: SHELL32.dll:
0x1400184c0 None
0x1400184c8 ShellExecuteW
0x1400184d0 ShellExecuteExW
库: MSVCR90.dll:
0x1400184e0 memmove_s
0x1400184f0 __crt_debugger_hook
0x1400184f8 _decode_pointer
0x140018500 ??3@YAXPEAX@Z
0x140018508 memset
0x140018510 memcpy
0x140018518 memcmp
0x140018520 wcsncpy_s
0x140018528 __CxxFrameHandler3
0x140018530 ??_V@YAXPEAX@Z
0x140018538 ??_U@YAPEAX_K@Z
0x140018540 iswalpha
0x140018548 wcsncat_s
0x140018550 ??2@YAPEAX_K@Z
0x140018558 _vsnwprintf_s
0x140018560 wcsstr
0x140018568 _wtoi64
0x140018570 strstr
0x140018598 swprintf_s
0x1400185a8 _CxxThrowException
0x1400185b8 _itow_s
0x1400185c0 rand
0x1400185c8 fclose
0x1400185d0 _wfopen_s
0x1400185d8 wcscpy_s
0x1400185e0 wcscat_s
0x1400185e8 vswprintf_s
0x1400185f0 _amsg_exit
0x1400185f8 __getmainargs
0x140018600 __C_specific_handler
0x140018608 _XcptFilter
0x140018610 _exit
0x140018618 _ismbblead
0x140018620 _cexit
0x140018628 exit
0x140018630 _acmdln
0x140018638 _initterm
0x140018640 _initterm_e
0x140018648 _configthreadlocale
0x140018650 __setusermatherr
0x140018658 _commode
0x140018660 _fmode
0x140018668 _encode_pointer
0x140018670 __set_app_type
0x140018678 ?terminate@@YAXXZ
0x140018680 _unlock
0x140018688 __dllonexit
0x140018690 _lock
0x140018698 _onexit
库: MSVCP90.dll:
库: SHLWAPI.dll:
0x140018728 SHDeleteKeyW
库: OLEAUT32.dll:
0x140018738 None
0x140018740 None
0x140018748 None
0x140018750 None
0x140018758 None
.text
`.rdata
@.data
.pdata
@.rsrc
@.reloc
t:\ime\x64\ship\0\imscprop.pdb
\ship\0\imscprop.exe\bbtopt\imscpropO.pdb
DrawThemeText
DrawThemeIcon
DrawThemeBackground
EnableThemeDialogTexture
CloseThemeData
OpenThemeData
IsThemeActive
/EXPRESS
vector<T> too long
map/set<T> too long
invalid map/set<T> iterator
SHGetStockIconInfo
+HeapSetInformation
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
OLEAUT32.dll
SHLWAPI.dll
MSVCP90.dll
MSVCR90.dll
SHELL32.dll
USER32.dll
ole32.dll
KERNEL32.dll
IMM32.dll
GDI32.dll
COMCTL32.dll
ADVAPI32.dll
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegEnumKeyExW
GetTokenInformation
OpenProcessToken
ConvertSidToStringSidW
IsValidSid
GetSidSubAuthority
GetSidSubAuthorityCount
RegSetValueExW
RegCreateKeyExW
PropertySheetW
GetTextExtentPoint32W
DeleteObject
SetBkMode
CreateSolidBrush
CreateFontIndirectW
DeleteDC
SetTextColor
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectW
GetDeviceCaps
ImmAssociateContext
SystemTimeToFileTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateThread
DeleteFileW
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
GetVersionExW
GetFileAttributesW
RtlCaptureContext
RtlLookupFunctionEntry
GetDateFormatW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
Sleep
GetModuleFileNameW
HeapAlloc
HeapFree
GetModuleHandleW
GetProcessHeap
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
VirtualProtect
GetSystemDefaultLCID
GetCommandLineW
CreateMutexW
GetLastError
CloseHandle
LocalFree
lstrlenW
FindResourceExW
FindResourceW
SizeofResource
LoadResource
LoadLibraryW
LockResource
RtlVirtualUnwind
GetProcAddress
CoCreateInstance
CoInitialize
CoUninitialize
FindWindowW
GetLastActivePopup
SetForegroundWindow
LoadImageW
ShowWindow
DialogBoxIndirectParamW
IsWindowEnabled
SetWindowTextW
CheckDlgButton
CheckRadioButton
DestroyIcon
GetClientRect
GetSystemMetrics
GetWindowLongW
IsWindow
DrawFocusRect
RemovePropW
SetPropW
SetWindowLongPtrW
GetPropW
CallWindowProcW
IsDlgButtonChecked
GetDlgItemTextW
TrackMouseEvent
InvalidateRect
FrameRect
InflateRect
GetSysColor
FillRect
DrawFrameControl
GetParent
ScreenToClient
SetWindowPos
DestroyWindow
GetDC
ReleaseDC
LoadIconW
DrawIconEx
OffsetRect
DrawTextW
GetWindowRect
CreateWindowExW
GetDlgItem
EndDialog
EnableWindow
MessageBoxW
GetWindowTextW
DialogBoxParamW
MoveWindow
EndPaint
DrawTextExW
BeginPaint
ReleaseCapture
UpdateWindow
SetCapture
PtInRect
GetCursorPos
SetCursor
LoadCursorW
GetWindowLongPtrW
SetFocus
PostMessageW
SendMessageW
ShellExecuteW
ShellExecuteExW
memmove_s
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
_decode_pointer
??3@YAXPEAX@Z
memset
memcpy
memcmp
wcsncpy_s
__CxxFrameHandler3
??_V@YAXPEAX@Z
??_U@YAPEAX_K@Z
iswalpha
wcsncat_s
??2@YAPEAX_K@Z
_vsnwprintf_s
wcsstr
_wtoi64
strstr
??0exception@std@@QEAA@AEBQEBD@Z
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@XZ
swprintf_s
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QEAA@AEBV01@@Z
_itow_s
fclose
_wfopen_s
wcscpy_s
wcscat_s
vswprintf_s
_amsg_exit
__getmainargs
__C_specific_handler
_XcptFilter
_exit
_ismbblead
_cexit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@AEBV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAXAEAV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@AEBV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@AEBV10@PEB_W@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBAPEB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@PEB_W@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@PEB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
SHDeleteKeyW
.?AV?$comptr@UIConfigMgr@@@Comutil@@
.?AV?$comptr@UICfgDpyScheme@@@Comutil@@
.?AV?$comptr@UICfgDpySchemeMgr@@@Comutil@@
.?AV?$comptr@UICfgFuzzyScheme@@@Comutil@@
.?AV?$comptr@UICfgFuzzySchemeMgr@@@Comutil@@
.?AVCDlgFuzzy@@
.?AV?$DlgImpl@VCDlgFuzzy@@$0DOP@@@
.?AV?$comptr@UIConfigMgrRawValue@@@Comutil@@
.?AV?$comptr@UIComponentMgr@@@Comutil@@
.?AV?$comptr@UIGlobalSettings@@@Comutil@@
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AV?$comptr@UIUserProfileMgr@@@Comutil@@
.?AVCBStr@Comutil@@
.?AV?$comptr@UIUpdateService@@@Comutil@@
.?AV?$comptr@UIUpdateServiceCollection@@@Comutil@@
.?AV?$comptr@UIUpdateServiceManager@@@Comutil@@
.?AVtype_info@@
.?AV_com_error@@
.?AV?$comptr@UIDicDomainWordLexiconBuild@@@Comutil@@
.?AV?$comptr@UIComponentPathMgr@@@Comutil@@
wwwwwwp
f[`N(
f[`N(
SX[:N(
agpe:
N*NSb
SX[:N(
SX[:N(
SX[:N(
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.30729.1" processorArchitecture="amd64" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" publicKeyToken="6595b64144ccf1df" language="*" processorArchitecture="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>PA
zw9gj
BUTTON
Dialog DblPY Scheme Name
tooltips_class32
UXTHEME
Arial
Custom
Dialog Prop
Dialog Prop Double PinYin
Dialog Prop DicMgmt
O:%sD:(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;%s)S:(ML;;0x1;;;ME)
O:%sD:(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;%s)S:(ML;;0x1;;;HI)
O:%sD:(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;%s)S:(ML;;0x1;;;LW)
O:%sD:(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;%s)(A;;GA;;;RC)
#32770
_IMSC14_PROP_MUTEX_{E622D225-4643-4628-873D-50535C085C14}
14.0.4734.1000
_IMSC14_VERDLG_MUTEX_{E622D225-4643-4628-873D-50535C085C14}
/HWND
http://go.microsoft.com/fwlink/?linkid=154861&clcid=0x804
%s (%s)
Jan 21 2010 00:00:01
OBLDINT003_dev14lab3
Office Lab Build
Last Update Time
Word Number
Publisher
Dialog DicInfo
Dialog CDlgDelConfirm
UseWUServer
Software\Policies\Microsoft\Windows\WindowsUpdate\AU
Software\Policies\Microsoft\Windows\WindowsUpdate
NoWindowsUpdate
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
DisableWindowsUpdateAccess
Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate
runas
IMEDictUpdateUI.exe
%s %d %s %s
update
-parentwnd
%s %d %d
enableau
IMSCPROP_BUILTIN_DICT_
/f rd /i
IMSCDicCompiler.exe
/f mr
%s %d %s %s
install
msiexec
/x {%s} /qn
Shell32.dll
IME Hyperlink prop
7971f918-a847-4430-9279-4a52d1efe18d
kernel32.dll
InsecureQI
CLSID
Software\Microsoft\Security
Software\Policies\Microsoft\Security
CLSIDInterfaceTest
%s %s %s
%d.%d.%d.%d
Wversion.dll
InprocServer32
{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}
Enabled
Software\Microsoft\IMESC14\Dicts
Description
\2052
Software\Microsoft\IMESC14\WebDictionary
SourceURL
Version
InstallDate
LastUpdateTime
Filename
AutoDicUpdate
Software\Microsoft\IMESC14
MSIProductCode
DictUpdate\
WebDictionary\
EnableLUA
Software\Microsoft\Windows\CurrentVersion\Policies\System
General
MS Shell Dlg
Pinyin Style
&Full pinyin
S&upport simplified pinyin
z, s, c co&ver zh,sh,ch
&Double pinyin
Dou&ble pinyin scheme...
Fu&zzy pinyin
Fuzzy pinyin s&etting...
Chinese/English Input Switching Key
&Shift
&Ctrl
zh, sh, ch(&V)
(&B)...
(&E)...
(&Shift)
(&Ctrl)
Advanced
MS Shell Dlg
Character Set
Si&mplified Chinese
&Traditional Chinese
&Extended character set
Self-learning and User-defined Phrase
Enable self-&learning
Clear sel&f-learning contents...
Enable &user-defined phrase
Cle&ar user-defined phrases...
[Enter] Key Function
Composition direct &input
Pin&yin conversion (same as SPACE)
Candidate Style
&Horizontal window
Vertical wind&ow
Candidate &prompt
&Word prediction
(&F)...
(&A)...
)(&Y)
Advanced
MS Shell Dlg
Character Set
Si&mplified Chinese
&Traditional Chinese
&Extended character set
Self-learning and User-defined Phrase
Enable self-&learning
Clear sel&f-learning contents...
Enable &user-defined phrase
Cle&ar user-defined phrases...
[Enter] Key Function
Composition direct &input
Pin&yin conversion (same as SPACE)
Word Prediction
&Word prediction
(&F)...
(&A)...
)(&Y)
ABC Input Setting
MS Shell Dlg
Input Setting
&Candidate order adjusting
&Stroke input
User-defined Phrase
User-defined &phrase tool...
(&P)...
MS Shell Dlg
Cancel
Fuzzy Pairs Setting
MS Shell Dlg
SysListView32
Clear &all
Restore &default
&Cancel
SysListView32
(&A)
(&D)
(&O)
(&C)
Domain Lexicon Setting
MS Shell Dlg
SysListView32
&Select All
C&lear All
Cancel
SysListView32
Double Pinyin Schemes
MS Shell Dlg
&Double pinyin schemes:
New &scheme
Save &as...
De&lete
Allow duplicate &vowel assignment
Consonan&t:
Vowel &1:
Vowel &2:
Click a key on the soft keyboard below, then select a consonant or a vowel from the consonant or vowel list box as the double pinyin assignment. Repeat above steps, until all the consonants and vowels are assigned to appropriate keys.
&Close
(&D):
(&A)...
(&T):
(&1):
(&2):
(&C)
ABC User-defined Phrase
MS Shell Dlg
Phrase
Shortcut
Add New Phrase
&Delete
&Close
Phrase List
MS Shell Dlg
Product Name
Legal Copyright
Visit Official Homepage
Product Name
Legal Copyright
Dictionary Management
MS Shell Dlg
In&stalled Dictionaries
("Install new dictionary" and "Dictionary Update" are disabled by group policy)
SysListView32
&Enable all
&Disable all
&Install new dictionary...
Re&move
Dictionary in&formation
Dictionary Update
&Update Microsoft published dictionaries automatically through Microsoft Update
Insta&ll updates now...
SysListView32
(&I)...
(&L)...
Dictionary Information
MS Shell Dlg
&Close
Dictionary Name:
Publisher:
Number of words:
Creation Date:
Source URL:
Description:
Microsoft Pinyin Dictionary Management
MS Shell Dlg
Do you want to continue?
Microsoft Pinyin
9Microsoft Office Pinyin New Experience Style 2010 Options5Microsoft Office Pinyin SimpleFast Style 2010 Options
Arial
1Are you sure to delete all self-learning content?4Are you sure to delete all the user-defined phrases?
Arial
1Microsoft Office Pinyin New Experience Style 2010-Microsoft Office Pinyin SimpleFast Style 20101Please close all other open options dialog boxes.
&Restore defaults
Update Date
Save scheme"&Save the double pinyin scheme as:
(&S):
in, ing
in, ing
XThe phrase with shortcut you've defined is not correct, please check it and input again.2The shortcut has been defined, please input again./Failure in adding new word, please input again.
'Office Pinyin New Experience Style 2010#Office Pinyin SimpleFast Style 2010
2010
This funcion is only available in application that has standard authority. Please try to use in an application that has standard user authority.
ch
ai
ang
eng
ian
iang
ing
iong
ong
uai
uang
VS_VERSION_INFO
StringFileInfo
000004E4
CompanyName
Microsoft Corporation
FileDescription
Microsoft Office Pinyin IME Property Setting
FileVersion
14.0.4734.1000
InternalName
IMSCPROP
LegalCopyright
2010 Microsoft Corporation. All rights reserved.
LegalTrademarks
Microsoft(R) is a registered trademark of Microsoft Corporation. Windows(R) is a registered trademark of Microsoft Corporation.
OriginalFilename
IMSCPROP.EXE
ProductName
Microsoft Office IME 2010
ProductVersion
14.0.4734.1000
VarFileInfo
Translation
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20160310
TotalDefense 未发现病毒 20160308
MicroWorld-eScan 未发现病毒 20160310
nProtect 未发现病毒 20160309
CMC 未发现病毒 20160307
CAT-QuickHeal 未发现病毒 20160310
ALYac 未发现病毒 20160310
Malwarebytes 未发现病毒 20160310
VIPRE 未发现病毒 20160310
SUPERAntiSpyware 未发现病毒 20160310
TheHacker 未发现病毒 20160310
Alibaba 未发现病毒 20160310
K7GW 未发现病毒 20160310
K7AntiVirus 未发现病毒 20160310
NANO-Antivirus 未发现病毒 20160310
Cyren 未发现病毒 20160310
Symantec 未发现病毒 20160309
ESET-NOD32 未发现病毒 20160310
TrendMicro-HouseCall 未发现病毒 20160310
Avast 未发现病毒 20160310
ClamAV 未发现病毒 20160310
GData 未发现病毒 20160310
Kaspersky 未发现病毒 20160310
BitDefender 未发现病毒 20160310
Agnitum 未发现病毒 20160308
ViRobot 未发现病毒 20160310
Tencent 未发现病毒 20160310
Ad-Aware 未发现病毒 20160310
Emsisoft 未发现病毒 20160310
Comodo 未发现病毒 20160310
F-Secure 未发现病毒 20160310
DrWeb 未发现病毒 20160310
Zillya 未发现病毒 20160309
TrendMicro 未发现病毒 20160310
McAfee-GW-Edition 未发现病毒 20160310
Sophos 未发现病毒 20160310
F-Prot 未发现病毒 20160310
Jiangmin 未发现病毒 20160310
Avira 未发现病毒 20160310
Antiy-AVL 未发现病毒 20160310
Arcabit 未发现病毒 20160310
AegisLab 未发现病毒 20160310
AhnLab-V3 未发现病毒 20160309
Microsoft 未发现病毒 20160310
ByteHero 未发现病毒 20160310
McAfee 未发现病毒 20160310
AVware 未发现病毒 20160310
VBA32 未发现病毒 20160309
Baidu-International 未发现病毒 20160310
Zoner 未发现病毒 20160310
Rising 未发现病毒 20160310
Ikarus 未发现病毒 20160310
Fortinet 未发现病毒 20160310
AVG 未发现病毒 20160310
Panda 未发现病毒 20160309
Qihoo-360 未发现病毒 20160310

进程树

IMSCPROP.EXE, PID: 1388, 上一级进程 PID: 2816
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
58.211.137.192 中国
23.44.155.27 美国
198.41.215.183 美国
117.18.237.29 亚洲太平洋地区

TCP

源地址 源端口 目标地址 目标端口
192.168.122.69 53459 117.18.237.29 ocsp.digicert.com 80
192.168.122.69 53462 117.18.237.29 ocsp.digicert.com 80
192.168.122.69 53450 178.255.83.1 80
192.168.122.69 53452 178.255.83.1 80
192.168.122.69 53454 178.255.83.1 80
192.168.122.69 53451 198.41.215.183 ocsp.msocsp.com 80
192.168.122.69 53446 23.32.241.24 80
192.168.122.69 53449 23.44.155.27 ss.symcd.com 80
192.168.122.69 53453 23.44.155.27 ss.symcd.com 80
192.168.122.69 53455 23.44.155.27 ss.symcd.com 80
192.168.122.69 53461 23.44.155.27 ss.symcd.com 80
192.168.122.69 53456 58.211.137.192 ocsp2.globalsign.com 80
192.168.122.69 53460 58.211.137.192 ocsp2.globalsign.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.69 51809 192.168.122.1 53
192.168.122.69 51889 192.168.122.1 53
192.168.122.69 52512 192.168.122.1 53
192.168.122.69 52766 192.168.122.1 53
192.168.122.69 54165 192.168.122.1 53
192.168.122.69 54419 192.168.122.1 53
192.168.122.69 57129 192.168.122.1 53
192.168.122.69 58396 192.168.122.1 53
192.168.122.69 58738 192.168.122.1 53
192.168.122.69 58763 192.168.122.1 53
192.168.122.69 59029 192.168.122.1 53
192.168.122.69 60581 192.168.122.1 53
192.168.122.69 62441 192.168.122.1 53
192.168.122.69 63333 192.168.122.1 53
192.168.122.69 64645 192.168.122.1 53
192.168.122.69 64666 192.168.122.1 53
192.168.122.69 137 192.168.122.255 137
192.168.122.69 138 192.168.122.255 138
192.168.122.69 5355 192.168.122.70 51435
192.168.122.69 49321 224.0.0.252 5355
192.168.122.69 50210 224.0.0.252 5355
192.168.122.69 50252 224.0.0.252 5355
192.168.122.69 51203 224.0.0.252 5355
192.168.122.69 51316 224.0.0.252 5355
192.168.122.69 51877 224.0.0.252 5355
192.168.122.69 52196 224.0.0.252 5355
192.168.122.69 52907 224.0.0.252 5355
192.168.122.69 52939 224.0.0.252 5355
192.168.122.69 53197 224.0.0.252 5355
192.168.122.69 53214 224.0.0.252 5355
192.168.122.69 53476 224.0.0.252 5355
192.168.122.69 54186 224.0.0.252 5355
192.168.122.69 54217 224.0.0.252 5355
192.168.122.69 54309 224.0.0.252 5355
192.168.122.69 55110 224.0.0.252 5355
192.168.122.69 55303 224.0.0.252 5355
192.168.122.69 56223 224.0.0.252 5355
192.168.122.69 57511 224.0.0.252 5355
192.168.122.69 57635 224.0.0.252 5355
192.168.122.69 57905 224.0.0.252 5355
192.168.122.69 58105 224.0.0.252 5355
192.168.122.69 58743 224.0.0.252 5355
192.168.122.69 58967 224.0.0.252 5355
192.168.122.69 60407 224.0.0.252 5355
192.168.122.69 60637 224.0.0.252 5355
192.168.122.69 60895 224.0.0.252 5355
192.168.122.69 61322 224.0.0.252 5355
192.168.122.69 61705 224.0.0.252 5355
192.168.122.69 62771 224.0.0.252 5355
192.168.122.69 64260 224.0.0.252 5355
192.168.122.69 64594 224.0.0.252 5355
192.168.122.69 64785 224.0.0.252 5355
192.168.122.69 64810 224.0.0.252 5355
192.168.122.69 65449 224.0.0.252 5355
192.168.122.69 50619 239.255.255.250 1900
192.168.122.69 123 52.169.179.91 123

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
ss.symcd.com CNAME ocsp-ds.ws.symantec.com.edgekey.net
CNAME e8218.dscb1.akamaiedge.net
A 23.44.155.27
ocsp.msocsp.com A 198.41.214.185
CNAME hostedocsp.globalsign.com
A 198.41.214.186
A 198.41.214.187
A 198.41.215.183
A 198.41.215.182
A 198.41.215.185
A 198.41.214.183
A 198.41.215.184
A 198.41.215.186
A 198.41.214.184
ocsp.verisign.com
sd.symcd.com
ocsp2.globalsign.com CNAME cdn.globalsigncdn.com
A 58.211.137.192
ocsp.digicert.com CNAME cs9.wac.phicdn.net
A 117.18.237.29
ocsp.globalsign.com
s.symcd.com

TCP

源地址 源端口 目标地址 目标端口
192.168.122.69 53459 117.18.237.29 ocsp.digicert.com 80
192.168.122.69 53462 117.18.237.29 ocsp.digicert.com 80
192.168.122.69 53450 178.255.83.1 80
192.168.122.69 53452 178.255.83.1 80
192.168.122.69 53454 178.255.83.1 80
192.168.122.69 53451 198.41.215.183 ocsp.msocsp.com 80
192.168.122.69 53446 23.32.241.24 80
192.168.122.69 53449 23.44.155.27 ss.symcd.com 80
192.168.122.69 53453 23.44.155.27 ss.symcd.com 80
192.168.122.69 53455 23.44.155.27 ss.symcd.com 80
192.168.122.69 53461 23.44.155.27 ss.symcd.com 80
192.168.122.69 53456 58.211.137.192 ocsp2.globalsign.com 80
192.168.122.69 53460 58.211.137.192 ocsp2.globalsign.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.69 51809 192.168.122.1 53
192.168.122.69 51889 192.168.122.1 53
192.168.122.69 52512 192.168.122.1 53
192.168.122.69 52766 192.168.122.1 53
192.168.122.69 54165 192.168.122.1 53
192.168.122.69 54419 192.168.122.1 53
192.168.122.69 57129 192.168.122.1 53
192.168.122.69 58396 192.168.122.1 53
192.168.122.69 58738 192.168.122.1 53
192.168.122.69 58763 192.168.122.1 53
192.168.122.69 59029 192.168.122.1 53
192.168.122.69 60581 192.168.122.1 53
192.168.122.69 62441 192.168.122.1 53
192.168.122.69 63333 192.168.122.1 53
192.168.122.69 64645 192.168.122.1 53
192.168.122.69 64666 192.168.122.1 53
192.168.122.69 137 192.168.122.255 137
192.168.122.69 138 192.168.122.255 138
192.168.122.69 5355 192.168.122.70 51435
192.168.122.69 49321 224.0.0.252 5355
192.168.122.69 50210 224.0.0.252 5355
192.168.122.69 50252 224.0.0.252 5355
192.168.122.69 51203 224.0.0.252 5355
192.168.122.69 51316 224.0.0.252 5355
192.168.122.69 51877 224.0.0.252 5355
192.168.122.69 52196 224.0.0.252 5355
192.168.122.69 52907 224.0.0.252 5355
192.168.122.69 52939 224.0.0.252 5355
192.168.122.69 53197 224.0.0.252 5355
192.168.122.69 53214 224.0.0.252 5355
192.168.122.69 53476 224.0.0.252 5355
192.168.122.69 54186 224.0.0.252 5355
192.168.122.69 54217 224.0.0.252 5355
192.168.122.69 54309 224.0.0.252 5355
192.168.122.69 55110 224.0.0.252 5355
192.168.122.69 55303 224.0.0.252 5355
192.168.122.69 56223 224.0.0.252 5355
192.168.122.69 57511 224.0.0.252 5355
192.168.122.69 57635 224.0.0.252 5355
192.168.122.69 57905 224.0.0.252 5355
192.168.122.69 58105 224.0.0.252 5355
192.168.122.69 58743 224.0.0.252 5355
192.168.122.69 58967 224.0.0.252 5355
192.168.122.69 60407 224.0.0.252 5355
192.168.122.69 60637 224.0.0.252 5355
192.168.122.69 60895 224.0.0.252 5355
192.168.122.69 61322 224.0.0.252 5355
192.168.122.69 61705 224.0.0.252 5355
192.168.122.69 62771 224.0.0.252 5355
192.168.122.69 64260 224.0.0.252 5355
192.168.122.69 64594 224.0.0.252 5355
192.168.122.69 64785 224.0.0.252 5355
192.168.122.69 64810 224.0.0.252 5355
192.168.122.69 65449 224.0.0.252 5355
192.168.122.69 50619 239.255.255.250 1900
192.168.122.69 123 52.169.179.91 123

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://www.msftncsi.com/ncsi.txt 
GET /ncsi.txt HTTP/1.1
Connection: Close
User-Agent: Microsoft NCSI
Host: www.msftncsi.com
URL专业沙箱检测 -> http://ss.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV%2Bc%2FAZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEFYsTGl7at%2BFjHRU%2BpXehLM%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV%2Bc%2FAZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEFYsTGl7at%2BFjHRU%2BpXehLM%3D HTTP/1.1
Cache-Control: max-age = 386960
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 21 Jan 2016 20:44:27 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ss.symcd.com
URL专业沙箱检测 -> http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1
Cache-Control: max-age = 311241
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 23 Jan 2016 23:57:39 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.usertrust.com
URL专业沙箱检测 -> http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAN43VPPQBXGCMiwAAQAA3jc%3D 
GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAN43VPPQBXGCMiwAAQAA3jc%3D HTTP/1.1
Cache-Control: max-age = 10800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 06:30:15 GMT
If-None-Match: "77a3ed05d7337d023a726d1efae9caf1857cedc9"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.msocsp.com
URL专业沙箱检测 -> http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1
Cache-Control: max-age = 311240
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 23 Jan 2016 23:57:39 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.comodoca.com
URL专业沙箱检测 -> http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18%2BP0%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18%2BP0%3D HTTP/1.1
Cache-Control: max-age = 603676
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 08:43:57 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
URL专业沙箱检测 -> http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQLqIKj6Gi5thHaqKC1ECU9aXsCRQQUmvMr2s%2BtT7YvuypISCoStxtCwSQCEQD0gtB5WgsdpjrFZePtaJt6 
GET /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQLqIKj6Gi5thHaqKC1ECU9aXsCRQQUmvMr2s%2BtT7YvuypISCoStxtCwSQCEQD0gtB5WgsdpjrFZePtaJt6 HTTP/1.1
Cache-Control: max-age = 334227
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 06:20:47 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.comodoca.com
URL专业沙箱检测 -> http://sd.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB%2B2DViUmQEUw3ggwQUDURcFlNEwYJ%2BHSCrJfQBY9i%2BeaUCEFzeRE%2FrSZRDaFn%2BzErlAWw%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB%2B2DViUmQEUw3ggwQUDURcFlNEwYJ%2BHSCrJfQBY9i%2BeaUCEFzeRE%2FrSZRDaFn%2BzErlAWw%3D HTTP/1.1
Cache-Control: max-age = 533948
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 23 Jan 2016 13:34:51 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: sd.symcd.com
URL专业沙箱检测 -> http://ocsp2.globalsign.com/gsorganizationvalg2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV%2FtqUV3SNMRE%2Bs25eR%2FvhjwQUXUayjcRLdBy77fVztjq3OI91nn4CEhEhyNkSBZL0u2zY4jc9udsWFw%3D%3D 
GET /gsorganizationvalg2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV%2FtqUV3SNMRE%2Bs25eR%2FvhjwQUXUayjcRLdBy77fVztjq3OI91nn4CEhEhyNkSBZL0u2zY4jc9udsWFw%3D%3D HTTP/1.1
Cache-Control: max-age = 180
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 08:12:59 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJ9L2KGL92BpjF3kAtaDtxauTmhgQUPdNQpdagre7zSmAKZdMh1Pj41g8CEAIwaX55BLru0bCAsau57vM%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJ9L2KGL92BpjF3kAtaDtxauTmhgQUPdNQpdagre7zSmAKZdMh1Pj41g8CEAIwaX55BLru0bCAsau57vM%3D HTTP/1.1
Cache-Control: max-age = 513914
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 04:05:14 GMT
If-None-Match: "56a44d7a-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
URL专业沙箱检测 -> http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAS9O4UUM 
GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAS9O4UUM HTTP/1.1
Cache-Control: max-age = 10800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 06:40:24 GMT
If-None-Match: "1be626cf99d21b40b0ac46e272f28ef043bd829a"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.globalsign.com
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D HTTP/1.1
Cache-Control: max-age = 500863
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 23 Jan 2016 22:46:14 GMT
If-None-Match: "56a402b6-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
URL专业沙箱检测 -> http://sd.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB%2B2DViUmQEUw3ggwQUDURcFlNEwYJ%2BHSCrJfQBY9i%2BeaUCEFulHELau99g31whfW%2B6uJI%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB%2B2DViUmQEUw3ggwQUDURcFlNEwYJ%2BHSCrJfQBY9i%2BeaUCEFulHELau99g31whfW%2B6uJI%3D HTTP/1.1
Cache-Control: max-age = 582766
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 03:09:24 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: sd.symcd.com
URL专业沙箱检测 -> http://s.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEBkaMst1nJe4z6wRjdUSf0k%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEBkaMst1nJe4z6wRjdUSf0k%3D HTTP/1.1
Cache-Control: max-age = 584283
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 03:35:04 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: s.symcd.com
URL专业沙箱检测 -> http://ocsp2.globalsign.com/gsorganizationvalsha2g2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCEhEhGuAGlWtDRHAtLRzCaILaCA%3D%3D 
GET /gsorganizationvalsha2g2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCEhEhGuAGlWtDRHAtLRzCaILaCA%3D%3D HTTP/1.1
Cache-Control: max-age = 180
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 03:25:57 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAnmWtgHuEl7B0nUFWjWJtA%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAnmWtgHuEl7B0nUFWjWJtA%3D HTTP/1.1
Cache-Control: max-age = 510937
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 01:36:05 GMT
If-None-Match: "56a42a85-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 40.519 seconds )

  • 34.241 NetworkAnalysis
  • 4.423 VirusTotal
  • 0.775 Static
  • 0.418 peid
  • 0.329 BehaviorAnalysis
  • 0.238 TargetInfo
  • 0.038 Strings
  • 0.03 AnalysisInfo
  • 0.013 config_decoder
  • 0.008 Debug
  • 0.003 Dropped
  • 0.002 Memory
  • 0.001 ProcessMemory

Signatures ( 0.131 seconds )

  • 0.03 antiav_detectreg
  • 0.012 infostealer_ftp
  • 0.009 stealth_timeout
  • 0.007 geodo_banking_trojan
  • 0.007 infostealer_im
  • 0.006 persistence_autorun
  • 0.006 antianalysis_detectreg
  • 0.006 antiav_detectfile
  • 0.005 infostealer_mail
  • 0.004 infostealer_bitcoin
  • 0.003 tinba_behavior
  • 0.003 antivm_generic_scsi
  • 0.003 antivm_vbox_files
  • 0.003 disables_browser_warn
  • 0.003 network_torgateway
  • 0.002 antivm_generic_services
  • 0.002 betabot_behavior
  • 0.002 bot_drive
  • 0.002 bot_drive2
  • 0.002 modify_proxy
  • 0.002 browser_security
  • 0.002 ransomware_files
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_generic_diskreg
  • 0.001 banker_zeus_mutex
  • 0.001 browser_addon
  • 0.001 darkcomet_regkeys
  • 0.001 disables_system_restore
  • 0.001 modify_uac_prompt
  • 0.001 recon_fingerprint

Reporting ( 1.883 seconds )

  • 1.078 ReportPDF
  • 0.683 ReportHTMLSummary
  • 0.122 Malheur
Task ID 16182
Mongo ID 57ce69e74d3bd048e49829ba
Cuckoo release 1.4-Maldun