魔盾安全分析报告

分析类型 开始时间 结束时间 持续时间 分析引擎版本
FILE 2021-01-20 13:00:15 2021-01-20 13:00:18 3 秒 1.4-Maldun
虚拟机机器名 标签 虚拟机管理 开机时间 关机时间
win7-sp1-x64-shaapp02-1 win7-sp1-x64-shaapp02-1 KVM 2021-01-20 13:00:18 2021-01-20 13:00:18
魔盾分数

10.0

恶意的

文件详细信息

文件名 黑鲨-V11.22.20.exe
文件大小 21917696 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 2AA635F6
MD5 0871e61579d24d0ae150818986752727
SHA1 e1bd1c3b0b2cc6f2157dcf72576c9a872028d90c
SHA256 82a627dde31e43d61adf218b3bbf68880ed4c7f1946a84a2da6744689b3ff13f
SHA512 c718348fd298d917aead91149af87d219d8b6d7ec0bf18343ee1b78352f0adbc1455ef7ed9d4a989f31c99a1c33c18ba8e47b93128431f7b2e66dce8a49f3ceb
Ssdeep 393216:cyrwAhMBQVkHqG3oJOX4qZw1LLF6lR33CSnK4+iLXp:RKQVkKG1fZK0lR3bHXp
PEiD 无匹配
Yara
  • DebuggerHiding__Thread ()
  • DebuggerTiming__PerformanceCounter ()
  • DebuggerTiming__Ticks (Detected timing ticks function)
  • DebuggerException__SetConsoleCtrl ()
  • anti_dbg (Detected self protection if being debugged)
  • antisb_threatExpert (Anti-Sandbox checks for ThreatExpert)
  • disable_dep (Bypass DEP)
  • inject_thread (Detected code injection function with CreateRemoteThread in a remote process)
  • network_http (Detected communications function over HTTP)
  • network_dropper (Detected function for file downloader/dropper)
  • network_tcp_socket (Detected network communications over RAW socket)
  • network_dns (Detected network communications use DNS)
  • network_dga (Detected network communication using dga)
  • spreading_share (Malware can spread east-west using share drive)
  • win_mutex (Create or check mutex)
  • screenshot (Detected take screenshot function)
  • create_process (Detection function for creating a new process)
  • escalate_priv (Detected escalate priviledges function)
  • keylogger (Detected keylogger function)
  • win_registry (Detected system registries modification function)
  • change_win_registry (Change registries to affect system)
  • win_token (Affect system token)
  • win_files_operation (Affect private profile)
  • win_hook (Detected hook table access function)
  • win_private_profile (Detected private profile access function)
  • Maldun_Anomoly_Combined_Activities_Network_Logging (Spotted potential abnormal behaviors, like logging and network communications)
  • Maldun_Anomoly_Combined_Activities_Network_Dropper (Spotted possible system change with a file drop via network)
  • Maldun_Anomoly_Combined_Activities_5 (Spotted potential mallicious behaviors like logging and network communication)
  • Maldun_Anomoly_Combined_Activities_7 (Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files)
  • IsPE32 (Detected a 32bit PE sample)
  • IsWindowsGUI (Detected a Windows GUI sample)
  • IsPacked (Detected Entropy signature)
  • HasRichSignature (Detected Rich Signature)
  • Advapi_Hash_API (Looks for advapi API functions)
  • CRC32_poly_Constant (Look for CRC32 [poly])
  • CRC32_table (Look for CRC32 table)
  • CRC32b_poly_Constant (Look for CRC32b [poly])
  • BLOWFISH_Constants (Look for Blowfish constants)
  • MD5_Constants (Look for MD5 constants)
  • RC6_Constants (Look for RC6 magic constants in binary)
  • RIPEMD160_Constants (Look for RIPEMD-160 constants)
  • SHA1_Constants (Look for SHA1 constants)
  • DES_sbox (Look for DES [sbox])
  • RijnDael_AES (Look for RijnDael AES)
  • BASE64_table (Look for Base64 table)
  • with_images (Detected the presence of an or several images)
  • with_urls (Detected the presence of an or several urls)
VirusTotal VirusTotal查询失败

特征

二进制文件可能包含加密或压缩数据
section: name: .rdata, entropy: 7.67, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x01137000, virtual_size: 0x01136b32
魔盾安全Yara规则检测结果 - 高危
Warning: Bypass DEP
Warning: Detected code injection function with CreateRemoteThread in a remote process
Warning: Detected function for file downloader/dropper
Informational: Detected network communication using dga
Informational: Malware can spread east-west using share drive
Critical: Spotted potential abnormal behaviors, like logging and network communications
Critical: Spotted possible system change with a file drop via network
Critical: Spotted potential mallicious behaviors like logging and network communication
Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files
Warning: Looks for advapi API functions
Warning: Look for RC6 magic constants in binary

运行截图

无运行截图

网络分析

无信息

静态分析

PE 信息

初始地址 0x00400000
入口地址 0x0071ca1d
声明校验值 0x00000000
最低操作系统版本要求 4.0
编译时间 2021-01-19 21:39:12
载入哈希 537bd76d3dd80c5b8a4ceb79c66abfe9

PE数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0033da36 0x0033e000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.24
.rdata 0x0033f000 0x01136b32 0x01137000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.67
.data 0x01476000 0x000ad26a 0x0006b000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.48
.rsrc 0x01524000 0x00005ad0 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.32

导入

库 user32.dll:
0x73f998 - CreateWindowExA
0x73f99c - MessageBoxA
0x73f9a0 - SetPropA
0x73f9a4 - EnumChildWindows
0x73f9a8 - SendMessageA
0x73f9ac - GetMessageA
0x73f9b0 - GetAncestor
0x73f9b4 - EnumWindows
0x73f9b8 - TranslateMessage
0x73f9bc - GetClassNameA
0x73f9c0 - GetWindowLongA
0x73f9c4 - GetWindowRect
0x73f9c8 - GetDC
0x73f9cc - UpdateLayeredWindow
0x73f9d0 - ReleaseDC
0x73f9d4 - IsWindow
0x73f9d8 - ShowWindow
0x73f9dc - CallWindowProcA
0x73f9e0 - TrackMouseEvent
0x73f9e4 - GetPropA
0x73f9e8 - wsprintfA
0x73f9ec - GetSystemMetrics
0x73f9f0 - GetCursorPos
0x73f9f4 - CloseClipboard
0x73f9f8 - GetClipboardData
0x73f9fc - OpenClipboard
0x73fa00 - DispatchMessageA
0x73fa04 - PeekMessageA
库 kernel32.dll:
0x73f814 - GetEnvironmentStringsW
0x73f818 - FreeEnvironmentStringsA
0x73f81c - DeleteCriticalSection
0x73f820 - FreeEnvironmentStringsW
0x73f824 - GetEnvironmentStrings
0x73f828 - GetStartupInfoA
0x73f82c - GetFileType
0x73f830 - GetStdHandle
0x73f834 - WriteFile
0x73f838 - GetCPInfo
0x73f83c - GetOEMCP
0x73f840 - GetACP
0x73f844 - GetCommandLineA
0x73f848 - GetVersion
0x73f84c - RtlUnwind
0x73f850 - TerminateProcess
0x73f854 - HeapReAlloc
0x73f858 - LeaveCriticalSection
0x73f85c - EnterCriticalSection
0x73f860 - InitializeCriticalSection
0x73f864 - GetStringTypeA
0x73f868 - GetStringTypeW
0x73f86c - InterlockedDecrement
0x73f870 - InterlockedIncrement
0x73f874 - SetFilePointer
0x73f878 - SetUnhandledExceptionFilter
0x73f87c - IsBadCodePtr
0x73f880 - LCMapStringW
0x73f884 - SetStdHandle
0x73f888 - GetCurrentProcess
0x73f88c - FlushFileBuffers
0x73f890 - IsBadWritePtr
0x73f894 - RaiseException
0x73f898 - HeapCreate
0x73f89c - HeapDestroy
0x73f8a0 - GetVersionExA
0x73f8a4 - LCMapStringA
0x73f8a8 - LoadLibraryA
0x73f8ac - SetHandleCount
0x73f8b0 - GetCurrentDirectoryA
0x73f8b4 - GetLocalTime
0x73f8b8 - Sleep
0x73f8bc - GetFileSize
0x73f8c0 - ReadFile
0x73f8c4 - GetTempPathA
0x73f8c8 - GetTickCount
0x73f8cc - CreateFileA
0x73f8d0 - FreeLibrary
0x73f8d4 - CloseHandle
0x73f8d8 - GetModuleFileNameA
0x73f8dc - IsBadReadPtr
0x73f8e0 - HeapFree
0x73f8e4 - GetEnvironmentVariableA
0x73f8e8 - HeapAlloc
0x73f8ec - ExitProcess
0x73f8f0 - GetProcessHeap
0x73f8f4 - VirtualFree
0x73f8f8 - VirtualAlloc
0x73f8fc - GetProcAddress
0x73f900 - LoadLibraryW
0x73f904 - MapViewOfFile
0x73f908 - CreateFileMappingA
0x73f90c - VirtualProtectEx
0x73f910 - WideCharToMultiByte
0x73f914 - LocalAlloc
0x73f918 - LocalSize
0x73f91c - lstrlenW
0x73f920 - GlobalFree
0x73f924 - MultiByteToWideChar
0x73f928 - GlobalUnlock
0x73f92c - GlobalLock
0x73f930 - GlobalAlloc
0x73f934 - LocalFree
0x73f938 - RtlMoveMemory
0x73f93c - GetModuleHandleA
0x73f940 - GetCurrentThreadId
0x73f944 - TlsSetValue
0x73f948 - TlsAlloc
0x73f94c - TlsFree
0x73f950 - SetLastError
0x73f954 - TlsGetValue
0x73f958 - GetLastError
库 gdi32.dll:
0x73f79c - SelectObject
0x73f7a0 - CreateCompatibleDC
0x73f7a4 - DeleteDC
0x73f7a8 - CreateDIBSection
0x73f7ac - DeleteObject
库 gdiplus.dll:
0x73f7b4 - GdipSetSolidFillColor
0x73f7b8 - GdipCreateFromHDC
0x73f7bc - GdipCreateBitmapFromScan0
0x73f7c0 - GdipGetImageGraphicsContext
0x73f7c4 - GdipSetSmoothingMode
0x73f7c8 - GdipGetImageHeight
0x73f7cc - GdipGetImageWidth
0x73f7d0 - GdiplusStartup
0x73f7d4 - GdipGetRegionBounds
0x73f7d8 - GdipSetTextRenderingHint
0x73f7dc - GdipDeletePen
0x73f7e0 - GdipDrawRectangleI
0x73f7e4 - GdipDeleteBrush
0x73f7e8 - GdipLoadImageFromFile
0x73f7ec - GdipCreateSolidFill
0x73f7f0 - GdipDisposeImage
0x73f7f4 - GdipLoadImageFromStream
库 ole32.dll:
0x73f960 - CreateStreamOnHGlobal
0x73f964 - OleRun
0x73f968 - CoCreateInstance
0x73f96c - CLSIDFromString
0x73f970 - OleUninitialize
0x73f974 - OleInitialize
0x73f978 - CLSIDFromString
0x73f97c - CLSIDFromProgID
库 imm32.dll:
0x73f7fc - ImmAssociateContext
0x73f800 - ImmGetContext
0x73f804 - ImmGetCompositionStringW
0x73f808 - ImmReleaseContext
0x73f80c - ImmSetCompositionWindow
库 shell32.dll:
0x73f984 - SHAppBarMessage
0x73f988 - ShellExecuteA
库 shlwapi.dll:
0x73f990 - PathFileExistsA
库 winmm.dll:
0x73fa0c - PlaySoundA
库 WINMM.dll:
0x73f6fc - midiOutUnprepareHeader
0x73f700 - midiStreamOpen
0x73f704 - midiStreamProperty
0x73f708 - midiOutPrepareHeader
0x73f70c - midiStreamOut
0x73f710 - waveOutUnprepareHeader
0x73f714 - waveOutPrepareHeader
0x73f718 - waveOutWrite
0x73f71c - waveOutOpen
0x73f720 - waveOutPause
0x73f724 - waveOutReset
0x73f728 - waveOutClose
0x73f72c - waveOutGetNumDevs
0x73f730 - midiStreamStop
0x73f734 - midiOutReset
0x73f738 - midiStreamClose
0x73f73c - midiStreamRestart
库 WS2_32.dll:
0x73f754 - WSAAsyncSelect
0x73f758 - closesocket
0x73f75c - send
0x73f760 - select
0x73f764 - WSACleanup
0x73f768 - WSAStartup
0x73f76c - inet_ntoa
0x73f770 - recvfrom
0x73f774 - ioctlsocket
0x73f778 - recv
0x73f77c - getpeername
0x73f780 - accept
库 RASAPI32.dll:
0x73f438 - RasGetConnectStatusA
0x73f43c - RasHangUpA
库 KERNEL32.dll:
0x73f188 - GetStdHandle
0x73f18c - SetHandleCount
0x73f190 - GetEnvironmentStringsW
0x73f194 - GetEnvironmentStrings
0x73f198 - FreeEnvironmentStringsW
0x73f19c - FreeEnvironmentStringsA
0x73f1a0 - UnhandledExceptionFilter
0x73f1a4 - SetStdHandle
0x73f1a8 - GetACP
0x73f1ac - HeapSize
0x73f1b0 - RaiseException
0x73f1b4 - GetSystemTime
0x73f1b8 - RtlUnwind
0x73f1bc - GetStartupInfoA
0x73f1c0 - GetOEMCP
0x73f1c4 - GetCPInfo
0x73f1c8 - GetEnvironmentVariableA
0x73f1cc - SetErrorMode
0x73f1d0 - GlobalFlags
0x73f1d4 - GetCurrentThread
0x73f1d8 - GetFileTime
0x73f1dc - TlsGetValue
0x73f1e0 - LocalReAlloc
0x73f1e4 - TlsSetValue
0x73f1e8 - TlsFree
0x73f1ec - GlobalHandle
0x73f1f0 - TlsAlloc
0x73f1f4 - LocalAlloc
0x73f1f8 - GlobalGetAtomNameA
0x73f1fc - GlobalAddAtomA
0x73f200 - GlobalFindAtomA
0x73f204 - GlobalDeleteAtom
0x73f208 - HeapDestroy
0x73f20c - HeapCreate
0x73f210 - VirtualFree
0x73f214 - SetEnvironmentVariableA
0x73f218 - LCMapStringA
0x73f21c - CloseHandle
0x73f220 - WaitForSingleObject
0x73f224 - CreateProcessA
0x73f228 - GetTickCount
0x73f22c - GetCommandLineA
0x73f230 - MulDiv
0x73f234 - GetProcAddress
0x73f238 - GetModuleHandleA
0x73f23c - GetVolumeInformationA
0x73f240 - SetCurrentDirectoryA
0x73f244 - GetCurrentDirectoryA
0x73f248 - CreateDirectoryA
0x73f24c - DeleteFileA
0x73f250 - GetFileAttributesA
0x73f254 - SetFileAttributesA
0x73f258 - FindClose
0x73f25c - FindFirstFileA
0x73f260 - GetTempPathA
0x73f264 - GlobalUnlock
0x73f268 - GlobalLock
0x73f26c - GlobalAlloc
0x73f270 - ExpandEnvironmentStringsA
0x73f274 - Sleep
0x73f278 - CreateEventA
0x73f27c - CreateThread
0x73f280 - GetPrivateProfileStringA
0x73f284 - WritePrivateProfileStringA
0x73f288 - GetVersionExA
0x73f28c - GetLastError
0x73f290 - LoadLibraryA
0x73f294 - FreeLibrary
0x73f298 - GetFullPathNameA
0x73f29c - GetUserDefaultLCID
0x73f2a0 - HeapAlloc
0x73f2a4 - GetProcessHeap
0x73f2a8 - HeapReAlloc
0x73f2ac - HeapFree
0x73f2b0 - GlobalReAlloc
0x73f2b4 - FindNextFileA
0x73f2b8 - lstrcpyA
0x73f2bc - WinExec
0x73f2c0 - lstrlenA
0x73f2c4 - lstrcatA
0x73f2c8 - InitializeCriticalSection
0x73f2cc - DeleteCriticalSection
0x73f2d0 - GlobalFree
0x73f2d4 - GlobalSize
0x73f2d8 - ExitProcess
0x73f2dc - GetCurrentThreadId
0x73f2e0 - GetModuleFileNameA
0x73f2e4 - RemoveDirectoryA
0x73f2e8 - lstrlenW
0x73f2ec - ReadFile
0x73f2f0 - LockResource
0x73f2f4 - LoadResource
0x73f2f8 - FindResourceA
0x73f2fc - SetEvent
0x73f300 - CreateFileA
0x73f304 - WaitForMultipleObjects
0x73f308 - WriteFile
0x73f30c - GetProfileStringA
0x73f310 - LeaveCriticalSection
0x73f314 - EnterCriticalSection
0x73f318 - ReleaseSemaphore
0x73f31c - ResumeThread
0x73f320 - CreateSemaphoreA
0x73f324 - GetSystemDirectoryA
0x73f328 - GetWindowsDirectoryA
0x73f32c - GetCurrentProcess
0x73f330 - MultiByteToWideChar
0x73f334 - WideCharToMultiByte
0x73f338 - IsDBCSLeadByte
0x73f33c - lstrcmpA
0x73f340 - lstrcmpiA
0x73f344 - lstrcpynA
0x73f348 - FileTimeToSystemTime
0x73f34c - FileTimeToLocalFileTime
0x73f350 - SetFilePointer
0x73f354 - GetFileSize
0x73f358 - GetFileType
0x73f35c - DuplicateHandle
0x73f360 - SystemTimeToFileTime
0x73f364 - GetLocalTime
0x73f368 - DosDateTimeToFileTime
0x73f36c - SetFileTime
0x73f370 - Process32Next
0x73f374 - Process32First
0x73f378 - CreateToolhelp32Snapshot
0x73f37c - TerminateProcess
0x73f380 - OpenProcess
0x73f384 - SetLastError
0x73f388 - GetTimeZoneInformation
0x73f38c - GetVersion
0x73f390 - InterlockedIncrement
0x73f394 - InterlockedDecrement
0x73f398 - GetSystemInfo
0x73f39c - IsProcessorFeaturePresent
0x73f3a0 - LCMapStringW
0x73f3a4 - VirtualAlloc
0x73f3a8 - IsBadWritePtr
0x73f3ac - SetUnhandledExceptionFilter
0x73f3b0 - GetStringTypeA
0x73f3b4 - GetStringTypeW
0x73f3b8 - CompareStringA
0x73f3bc - CompareStringW
0x73f3c0 - IsBadReadPtr
0x73f3c4 - IsBadCodePtr
0x73f3c8 - InterlockedExchange
0x73f3cc - SetEndOfFile
0x73f3d0 - UnlockFile
0x73f3d4 - LockFile
0x73f3d8 - FlushFileBuffers
0x73f3dc - LocalFree
0x73f3e0 - GetProcessVersion
库 USER32.dll:
0x73f454 - DrawIconEx
0x73f458 - CreateIconFromResource
0x73f45c - CreateIconFromResourceEx
0x73f460 - RegisterClipboardFormatA
0x73f464 - SetRectEmpty
0x73f468 - DispatchMessageA
0x73f46c - GetMessageA
0x73f470 - WindowFromPoint
0x73f474 - DrawFocusRect
0x73f478 - DrawEdge
0x73f47c - DrawFrameControl
0x73f480 - TranslateMessage
0x73f484 - LoadIconA
0x73f488 - GetForegroundWindow
0x73f48c - UnregisterClassA
0x73f490 - CharUpperA
0x73f494 - GetDesktopWindow
0x73f498 - GetClassNameA
0x73f49c - GetWindowThreadProcessId
0x73f4a0 - FindWindowA
0x73f4a4 - GetDlgItem
0x73f4a8 - FindWindowExA
0x73f4ac - GetWindowTextA
0x73f4b0 - SetWindowTextA
0x73f4b4 - EqualRect
0x73f4b8 - UpdateWindow
0x73f4bc - CreatePopupMenu
0x73f4c0 - InvalidateRect
0x73f4c4 - GetClientRect
0x73f4c8 - GetFocus
0x73f4cc - GetParent
0x73f4d0 - GetTopWindow
0x73f4d4 - PostMessageA
0x73f4d8 - IsWindow
0x73f4dc - SetParent
0x73f4e0 - DestroyCursor
0x73f4e4 - SendMessageA
0x73f4e8 - SetWindowPos
0x73f4ec - MessageBoxA
0x73f4f0 - GetCursorPos
0x73f4f4 - GetSystemMetrics
0x73f4f8 - EmptyClipboard
0x73f4fc - SetClipboardData
0x73f500 - OpenClipboard
0x73f504 - GetClipboardData
0x73f508 - CloseClipboard
0x73f50c - wsprintfA
0x73f510 - WaitForInputIdle
0x73f514 - PostQuitMessage
0x73f518 - IsZoomed
0x73f51c - GetClassInfoA
0x73f520 - DefWindowProcA
0x73f524 - GetSystemMenu
0x73f528 - DeleteMenu
0x73f52c - GetMenu
0x73f530 - SetMenu
0x73f534 - PeekMessageA
0x73f538 - IsIconic
0x73f53c - SetFocus
0x73f540 - GetActiveWindow
0x73f544 - GetDlgCtrlID
0x73f548 - AppendMenuA
0x73f54c - ModifyMenuA
0x73f550 - CreateMenu
0x73f554 - ValidateRect
0x73f558 - CreateAcceleratorTableA
0x73f55c - GetWindowTextLengthA
0x73f560 - GetWindowDC
0x73f564 - BeginPaint
0x73f568 - EndPaint
0x73f56c - TabbedTextOutA
0x73f570 - DrawTextA
0x73f574 - GrayStringA
0x73f578 - DestroyWindow
0x73f57c - CreateDialogIndirectParamA
0x73f580 - EndDialog
0x73f584 - GetNextDlgTabItem
0x73f588 - GetWindowPlacement
0x73f58c - RegisterWindowMessageA
0x73f590 - GetLastActivePopup
0x73f594 - GetMessageTime
0x73f598 - RemovePropA
0x73f59c - CallWindowProcA
0x73f5a0 - GetPropA
0x73f5a4 - UnhookWindowsHookEx
0x73f5a8 - SetPropA
0x73f5ac - GetClassLongA
0x73f5b0 - CallNextHookEx
0x73f5b4 - SetWindowsHookExA
0x73f5b8 - CreateWindowExA
0x73f5bc - GetMenuItemID
0x73f5c0 - GetMenuItemCount
0x73f5c4 - RegisterClassA
0x73f5c8 - GetScrollPos
0x73f5cc - AdjustWindowRectEx
0x73f5d0 - MapWindowPoints
0x73f5d4 - SendDlgItemMessageA
0x73f5d8 - ScrollWindowEx
0x73f5dc - IsDialogMessageA
0x73f5e0 - MoveWindow
0x73f5e4 - CheckMenuItem
0x73f5e8 - SetMenuItemBitmaps
0x73f5ec - GetMenuState
0x73f5f0 - GetMenuCheckMarkDimensions
0x73f5f4 - LoadStringA
0x73f5f8 - GetSysColorBrush
0x73f5fc - GetSubMenu
0x73f600 - DestroyAcceleratorTable
0x73f604 - SetWindowRgn
0x73f608 - GetMessagePos
0x73f60c - ScreenToClient
0x73f610 - ChildWindowFromPointEx
0x73f614 - CopyRect
0x73f618 - LoadBitmapA
0x73f61c - WinHelpA
0x73f620 - EnableMenuItem
0x73f624 - ClientToScreen
0x73f628 - EnumDisplaySettingsA
0x73f62c - LoadImageA
0x73f630 - SystemParametersInfoA
0x73f634 - ShowWindow
0x73f638 - IsWindowEnabled
0x73f63c - TranslateAcceleratorA
0x73f640 - GetKeyState
0x73f644 - GetWindow
0x73f648 - CopyAcceleratorTableA
0x73f64c - KillTimer
0x73f650 - SetTimer
0x73f654 - ReleaseCapture
0x73f658 - GetCapture
0x73f65c - SetCapture
0x73f660 - GetScrollRange
0x73f664 - SetScrollRange
0x73f668 - SetScrollPos
0x73f66c - SetRect
0x73f670 - InflateRect
0x73f674 - IntersectRect
0x73f678 - DestroyIcon
0x73f67c - PtInRect
0x73f680 - OffsetRect
0x73f684 - IsWindowVisible
0x73f688 - EnableWindow
0x73f68c - RedrawWindow
0x73f690 - GetWindowLongA
0x73f694 - SetWindowLongA
0x73f698 - GetSysColor
0x73f69c - SetActiveWindow
0x73f6a0 - SetCursorPos
0x73f6a4 - LoadCursorA
0x73f6a8 - SetCursor
0x73f6ac - GetDC
0x73f6b0 - FillRect
0x73f6b4 - IsRectEmpty
0x73f6b8 - ReleaseDC
0x73f6bc - IsChild
0x73f6c0 - DestroyMenu
0x73f6c4 - SetForegroundWindow
0x73f6c8 - GetWindowRect
库 GDI32.dll:
0x73f02c - LineTo
0x73f030 - MoveToEx
0x73f034 - ExcludeClipRect
0x73f038 - GetClipBox
0x73f03c - ScaleWindowExtEx
0x73f040 - SetWindowExtEx
0x73f044 - SetWindowOrgEx
0x73f048 - ScaleViewportExtEx
0x73f04c - SetViewportExtEx
0x73f050 - OffsetViewportOrgEx
0x73f054 - SetViewportOrgEx
0x73f058 - SetMapMode
0x73f05c - SetTextColor
0x73f060 - SetROP2
0x73f064 - SetPolyFillMode
0x73f068 - SetBkMode
0x73f06c - RestoreDC
0x73f070 - SaveDC
0x73f074 - ExtSelectClipRgn
0x73f078 - GetViewportExtEx
0x73f07c - PtVisible
0x73f080 - RectVisible
0x73f084 - TextOutA
0x73f088 - ExtTextOutA
0x73f08c - Escape
0x73f090 - GetTextMetricsA
0x73f094 - GetTextExtentPoint32A
0x73f098 - RoundRect
0x73f09c - GetCurrentObject
0x73f0a0 - DPtoLP
0x73f0a4 - SetBkColor
0x73f0a8 - CreateRectRgnIndirect
0x73f0ac - CreateDIBSection
0x73f0b0 - SetPixel
0x73f0b4 - ExtCreateRegion
0x73f0b8 - SetStretchBltMode
0x73f0bc - GetClipRgn
0x73f0c0 - CreatePolygonRgn
0x73f0c4 - SelectClipRgn
0x73f0c8 - DeleteObject
0x73f0cc - CreateDIBitmap
0x73f0d0 - GetSystemPaletteEntries
0x73f0d4 - CreatePalette
0x73f0d8 - StretchBlt
0x73f0dc - SelectPalette
0x73f0e0 - RealizePalette
0x73f0e4 - GetDIBits
0x73f0e8 - GetWindowExtEx
0x73f0ec - GetViewportOrgEx
0x73f0f0 - GetWindowOrgEx
0x73f0f4 - BeginPath
0x73f0f8 - EndPath
0x73f0fc - PathToRegion
0x73f100 - LPtoDP
0x73f104 - Rectangle
0x73f108 - Ellipse
0x73f10c - CreateCompatibleDC
0x73f110 - GetPixel
0x73f114 - BitBlt
0x73f118 - StartPage
0x73f11c - StartDocA
0x73f120 - DeleteDC
0x73f124 - EndDoc
0x73f128 - EndPage
0x73f12c - GetObjectA
0x73f130 - GetStockObject
0x73f134 - CreateFontIndirectA
0x73f138 - CreateSolidBrush
0x73f13c - CreateEllipticRgn
0x73f140 - CreateRoundRectRgn
0x73f144 - GetTextColor
0x73f148 - GetBkMode
0x73f14c - GetBkColor
0x73f150 - GetROP2
0x73f154 - GetStretchBltMode
0x73f158 - GetPolyFillMode
0x73f15c - CreateCompatibleBitmap
0x73f160 - CreateDCA
0x73f164 - FillRgn
0x73f168 - CreateRectRgn
0x73f16c - CombineRgn
0x73f170 - PatBlt
0x73f174 - CreatePen
0x73f178 - SelectObject
0x73f17c - CreateBitmap
0x73f180 - GetDeviceCaps
库 WINSPOOL.DRV:
0x73f744 - DocumentPropertiesA
0x73f748 - OpenPrinterA
0x73f74c - ClosePrinter
库 ADVAPI32.dll:
0x73f000 - RegCreateKeyExA
0x73f004 - RegOpenKeyA
0x73f008 - RegQueryValueA
0x73f00c - RegCloseKey
0x73f010 - RegQueryValueExA
0x73f014 - RegOpenKeyExA
0x73f018 - RegSetValueExA
库 SHELL32.dll:
0x73f444 - SHGetSpecialFolderPathA
0x73f448 - Shell_NotifyIconA
0x73f44c - ShellExecuteA
库 OLEAUT32.dll:
0x73f3e8 - UnRegisterTypeLib
0x73f3ec - LoadTypeLib
0x73f3f0 - LHashValOfNameSys
0x73f3f4 - RegisterTypeLib
0x73f3f8 - SafeArrayPutElement
0x73f3fc - SafeArrayCreate
0x73f400 - SafeArrayDestroy
0x73f404 - SysAllocString
0x73f408 - VariantInit
0x73f40c - VariantCopyInd
0x73f410 - SafeArrayGetElement
0x73f414 - SafeArrayAccessData
0x73f418 - SafeArrayUnaccessData
0x73f41c - SafeArrayGetDim
0x73f420 - SafeArrayGetLBound
0x73f424 - VariantChangeType
0x73f428 - VariantClear
0x73f42c - VariantCopy
0x73f430 - SafeArrayGetUBound
库 COMCTL32.dll:
0x73f020 - ImageList_Destroy
0x73f024 - None
库 WININET.dll:
0x73f6d0 - InternetCloseHandle
0x73f6d4 - InternetOpenA
0x73f6d8 - InternetSetOptionA
0x73f6dc - InternetConnectA
0x73f6e0 - InternetReadFile
0x73f6e4 - HttpQueryInfoA
0x73f6e8 - HttpSendRequestA
0x73f6ec - HttpOpenRequestA
0x73f6f0 - InternetCrackUrlA
0x73f6f4 - InternetCanonicalizeUrlA
库 comdlg32.dll:
0x73f788 - GetSaveFileNameA
0x73f78c - GetOpenFileNameA
0x73f790 - ChooseColorA
0x73f794 - GetFileTitleA

投放文件

无信息

行为分析

互斥量(Mutexes) 无信息
执行的命令 无信息
创建的服务 无信息
启动的服务 无信息

进程

无信息
访问的文件 无信息
读取的文件 无信息
修改的文件 无信息
删除的文件 无信息
注册表键 无信息
读取的注册表键 无信息
修改的注册表键 无信息
删除的注册表键 无信息
API解析 无信息