分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2018-06-29 19:30:28 | 2018-06-29 19:31:58 | 90 秒 |
魔盾分数
2.35
可疑的
文件详细信息
| 文件名 | IMEAPIS.DLL |
|---|---|
| 文件大小 | 50544 字节 |
| 文件类型 | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| MD5 | 81b01f8e629ad461a08fd676da664806 |
| SHA1 | 804365876813465df22117e984560d996295dfba |
| SHA256 | c7fa4ee8f57191a077377ae12f2e521689452bd7908faa178668d87c707c4e38 |
| SHA512 | 8e5a18a5cabd40fb3f259215eb7f9a40c96f85eab00fa7b940644ab3bd6a6ba851543bf9df813eadd4d4410598aecc3f1fa3f09c95300840e3e3037fadfeb78f |
| CRC32 | CD361E31 |
| Ssdeep | 768:65XnTEVoo/CqWu+7D0IfF1LeCYuFZu+DMi2jXHUX:DVooQ7DTF1LeCYuFU+w9rHUX |
| Yara | 登录查看Yara规则 |
| 样本下载 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息.text
`.orpc
`.rdata
@.data
.pdata
@.rsrc
@.reloc
rZH9}
t:\ime\x64\ship\0\imeapis.pdb
4\ship\0\imeapis.dll\bbtopt\imeapisO.pdb
IImeCandidateListChangeNotify
IImeBasicAttributes
IImeCandidateSourceCategory
IImeIMEPadLaunchRequest
IImeCandidateWordComment
IImeShortcutMenuLaunchRequest
IEnumImeAsyncWordComment
IImeKeyMapViewChangeNotify
IImeCommandAvailability
IImeReconversionEndNotify
IImeCandidateEntry
IImeCandidateGetCandidateID
IImeCandidateEntrySelectableFlag
IImeContentsTypeInformation
IImeWatsonClient
IImeReadingCandidate
IImeDocumentFeedRequest
IImeAsyncWordCommentDataReadyNotify
IImeCommonAPIClassFactory
IImeClientComposition
IImePredictionSuggestion
IImeIsAIMMWindow
IImeReconversionRequest
IEnumImeKeysAndCommands
IImeConfirmRomaKanaRequest
IImeExtendedClauseInfo
IImeCandidateAsyncWordComments
IImeReconversion
IImeGetReconversion
IImeCandidateEntryFixture
IImeCandidateInlineComment
IImeAlternativeClauseBreakCandidate
IImeInputSearch
IImeCandidateHanjaCategory
IImeCandidateMateList
IImeKeyEventPrefetch
IEnumImeCommands
IImeCommandAvailabilityViewChangeNotify
IImeExtendedDisplayAttribute
IImeCharID
IImePropertyChangeNotify
IImeProperty
IImeAsyncWordComment
IImeKeyEventHandler
IImeInputSearchChangeNotify
IImeWordRegistrationDialogLaunchRequest
IImeKeyMapView
IImeAttributeList
IImeKeyMap
IImeCommandTable
IImeUndoDeterminationStartNotify
IImeAuxEventNotify
IImeCommandHandler
IImeCommandAvailabilityView
IEnumImeCommandAvailability
IImePropertyDialogLaunchRequest
IImeSqmSessionClient
IImePredictionToolTip
IImeProductObject
IImeProductObjectChangeNotify
IImeCandidateExtraInfoForTIP
IImeCommandTableChangeNotify
IImeDictionaryToolLaunchRequest
IImeDeleteWordRequest
IImeDocumentFeed
IImeCandidateList
IImeInputScope
IImeAdjustReconversionDataRequest
IImeCandidateChineseCharacterCategory
IImeExtendedLanguageID
+HeapSetInformation
IMEAPIPS.dll
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo
MSVCR90.dll
OLEAUT32.dll
RPCRT4.dll
KERNEL32.dll
DisableThreadLibraryCalls
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
VirtualProtect
RtlCaptureContext
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
__dllonexit
_onexit
_lock
_initterm_e
_unlock
__clean_type_info_names_internal
memcmp
_encode_pointer
_malloc_crt
_initterm
__crt_debugger_hook
_encoded_null
_decode_pointer
_amsg_exit
__C_specific_handler
__CppXcptFilter
</assembly>
zw9gj
kernel32.dll
VS_VERSION_INFO
StringFileInfo
000004b0
CompanyName
Microsoft Corporation
FileDescription
Microsoft Office IME 2010
FileVersion
14.0.4734.1000
InternalName
imeapis.lib
LegalCopyright
All rights reserved.
LegalTrademarks
Microsoft(R) is a registered trademark of Microsoft Corporation. Windows(R) is a registered trademark of Microsoft Corporation.
OriginalFilename
imeapis.lib
ProductName
Microsoft Office IME 2010
ProductVersion
14.0.4734.1000
VarFileInfo
Translation
| 防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
|---|---|---|
| Bkav | 未发现病毒 | 20180129 |
| MicroWorld-eScan | 未发现病毒 | 20180129 |
| nProtect | 未发现病毒 | 20180130 |
| CMC | 未发现病毒 | 20180129 |
| CAT-QuickHeal | 未发现病毒 | 20180129 |
| ALYac | 未发现病毒 | 20180129 |
| Malwarebytes | 未发现病毒 | 20180130 |
| VIPRE | 未发现病毒 | 20180130 |
| K7AntiVirus | 未发现病毒 | 20180129 |
| K7GW | 未发现病毒 | 20180129 |
| TheHacker | 未发现病毒 | 20180125 |
| Arcabit | 未发现病毒 | 20180130 |
| Invincea | 未发现病毒 | 20180121 |
| Baidu | 未发现病毒 | 20180129 |
| F-Prot | 未发现病毒 | 20180129 |
| Symantec | 未发现病毒 | 20180129 |
| TotalDefense | 未发现病毒 | 20180129 |
| TrendMicro-HouseCall | 未发现病毒 | 20180130 |
| Avast | 未发现病毒 | 20180130 |
| ClamAV | 未发现病毒 | 20180130 |
| Kaspersky | 未发现病毒 | 20180129 |
| BitDefender | 未发现病毒 | 20180130 |
| NANO-Antivirus | 未发现病毒 | 20180130 |
| ViRobot | 未发现病毒 | 20180129 |
| AegisLab | 未发现病毒 | 20180130 |
| Rising | 未发现病毒 | 20180130 |
| Ad-Aware | 未发现病毒 | 20180130 |
| Emsisoft | 未发现病毒 | 20180129 |
| Comodo | 未发现病毒 | 20180129 |
| DrWeb | 未发现病毒 | 20180129 |
| Zillya | 未发现病毒 | 20180129 |
| TrendMicro | 未发现病毒 | 20180130 |
| McAfee-GW-Edition | 未发现病毒 | 20180129 |
| Sophos | 未发现病毒 | 20180130 |
| SentinelOne | 未发现病毒 | 20180115 |
| Cyren | 未发现病毒 | 20180129 |
| Jiangmin | 未发现病毒 | 20180130 |
| Webroot | 未发现病毒 | 20180130 |
| Avira | 未发现病毒 | 20180129 |
| Fortinet | 未发现病毒 | 20180129 |
| Antiy-AVL | 未发现病毒 | 20180130 |
| Kingsoft | 未发现病毒 | 20180130 |
| Endgame | 未发现病毒 | 20171130 |
| Microsoft | 未发现病毒 | 20180130 |
| SUPERAntiSpyware | 未发现病毒 | 20180130 |
| ZoneAlarm | 未发现病毒 | 20180130 |
| Avast-Mobile | 未发现病毒 | 20180129 |
| AhnLab-V3 | 未发现病毒 | 20180129 |
| McAfee | 未发现病毒 | 20180129 |
| AVware | 未发现病毒 | 20180130 |
| MAX | 未发现病毒 | 20180130 |
| VBA32 | 未发现病毒 | 20180129 |
| Cylance | 未发现病毒 | 20180130 |
| Panda | 未发现病毒 | 20180129 |
| Zoner | 未发现病毒 | 20180130 |
| ESET-NOD32 | 未发现病毒 | 20180130 |
| Tencent | 未发现病毒 | 20180130 |
| Yandex | 未发现病毒 | 20180112 |
| Ikarus | 未发现病毒 | 20180129 |
| eGambit | 未发现病毒 | 20180130 |
| GData | 未发现病毒 | 20180129 |
| AVG | 未发现病毒 | 20180130 |
| Paloalto | 未发现病毒 | 20180130 |
| CrowdStrike | 未发现病毒 | 20171016 |
| Qihoo-360 | 未发现病毒 | 20180130 |
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 15.666 seconds )
- 11.92 Suricata
- 1.28 VirusTotal
- 0.973 TargetInfo
- 0.683 peid
- 0.271 AnalysisInfo
- 0.255 BehaviorAnalysis
- 0.235 NetworkAnalysis
- 0.039 Debug
- 0.007 Strings
- 0.003 Memory
Signatures ( 0.605 seconds )
- 0.152 md_bad_drop
- 0.097 antiav_detectreg
- 0.036 infostealer_ftp
- 0.028 persistence_autorun
- 0.021 antianalysis_detectreg
- 0.02 infostealer_im
- 0.015 md_url_bl
- 0.012 stealth_timeout
- 0.012 infostealer_mail
- 0.011 api_spamming
- 0.01 disables_browser_warn
- 0.009 antiav_detectfile
- 0.008 decoy_document
- 0.008 md_domain_bl
- 0.007 vawtrak_behavior
- 0.006 browser_security
- 0.006 infostealer_bitcoin
- 0.006 ransomware_files
- 0.005 betabot_behavior
- 0.005 kibex_behavior
- 0.005 antivm_parallels_keys
- 0.005 antivm_xen_keys
- 0.005 geodo_banking_trojan
- 0.005 modify_proxy
- 0.005 ransomware_extensions
- 0.004 ransomware_dmalocker
- 0.004 tinba_behavior
- 0.004 sets_autoconfig_url
- 0.004 cerber_behavior
- 0.004 antivm_vbox_files
- 0.004 browser_addon
- 0.004 darkcomet_regkeys
- 0.003 persistence_bootexecute
- 0.003 antivm_generic_diskreg
- 0.003 disables_system_restore
- 0.003 disables_windows_defender
- 0.003 modify_uac_prompt
- 0.002 banker_prinimalka
- 0.002 rat_nanocore
- 0.002 kelihos_behavior
- 0.002 modifies_desktop_wallpaper
- 0.002 creates_largekey
- 0.002 antidbg_windows
- 0.002 pony_behavior
- 0.002 bot_drive
- 0.002 office_security
- 0.002 rat_spynet
- 0.002 stealth_hiddenreg
- 0.002 stealth_hide_notifications
- 0.001 antiemu_wine_func
- 0.001 network_tor
- 0.001 reads_self
- 0.001 antivm_generic_services
- 0.001 mimics_filetime
- 0.001 stealth_file
- 0.001 antivm_generic_scsi
- 0.001 shifu_behavior
- 0.001 antivm_generic_disk
- 0.001 infostealer_browser_password
- 0.001 ursnif_behavior
- 0.001 virus
- 0.001 kovter_behavior
- 0.001 antianalysis_detectfile
- 0.001 antidbg_devices
- 0.001 antivm_xen_keys
- 0.001 antivm_hyperv_keys
- 0.001 antivm_vbox_acpi
- 0.001 antivm_vbox_keys
- 0.001 antivm_vmware_keys
- 0.001 antivm_vpc_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive2
- 0.001 browser_helper_object
- 0.001 browser_startpage
- 0.001 bypass_firewall
- 0.001 disables_app_launch
- 0.001 disables_uac
- 0.001 disables_wer
- 0.001 disables_windowsupdate
- 0.001 locker_regedit
- 0.001 locker_taskmgr
- 0.001 modifies_certs
- 0.001 modify_security_center_warnings
- 0.001 packer_armadillo_regkey
- 0.001 ransomware_radamant
- 0.001 rat_pcclient
- 0.001 recon_fingerprint
- 0.001 stealth_hidden_extension
Reporting ( 1.046 seconds )
- 0.628 ReportHTMLSummary
- 0.418 Malheur
| Task ID | 167453 |
|---|---|
| Mongo ID | 5b3618c42e06330ce0563180 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号