魔盾安全分析报告
| 分析类型 | 开始时间 | 结束时间 | 持续时间 | 分析引擎版本 |
|---|---|---|---|---|
| FILE | 2016-08-26 17:01:35 | 2016-08-26 17:02:13 | 38 秒 | 1.4-Maldun |
| 虚拟机机器名 | 标签 | 虚拟机管理 | 开机时间 | 关机时间 |
|---|---|---|---|---|
| win7-sp1-x64 | win7-sp1-x64 | KVM | 2016-08-26 17:01:35 | 2016-08-26 17:02:13 |
| 魔盾分数 |
|---|
0.3正常的 |
文件详细信息
| 文件名 | MiniThunderPlatform.exe |
|---|---|
| 文件大小 | 268744 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| CRC32 | D621E075 |
| MD5 | e2e9483568dc53f68be0b80c34fe27fb |
| SHA1 | 8919397fcc5ce4f91fe0dc4e6f55cea5d39e4bb9 |
| SHA256 | 205c40f2733ba3e30cc538adc6ac6ee46f4c84a245337a36108095b9280abb37 |
| SHA512 | b6810288e5f9ad49dcbf13bf339eb775c52e1634cfa243535ab46fda97f5a2aac112549d21e2c30a95306a57363819be8ad5efd4525e27b6c446c17c9c587e4e |
| Ssdeep | 6144:ePH9aqri3YL1Avg3NloWPxFL8QL2Ma8tvT0ecR:eP4qri3YL1Avg3NloWPTnL2f3x |
| PEiD | 无匹配 |
| Yara |
|
| VirusTotal |
VirusTotal链接 VirusTotal扫描时间: 2016-08-22 16:48:59 扫描结果: 0/54 |
特征
发起了一些HTTP请求
url: http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D
url: http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEAz%2FezKc%2F387jS1UKrJYJro%3D
运行截图
网络分析
访问主机记录
| 直接访问 | IP地址 | 国家名 |
|---|---|---|
| 否 | 23.41.75.27 | United States |
| 是 | 117.21.218.9 | China |
域名解析
| 域名 | 响应 |
|---|---|
| ocsp.verisign.com |
A 23.41.75.27
CNAME ocsp-ds.ws.symantec.com.edgekey.net CNAME e8218.dscb1.akamaiedge.net |
TCP连接
| IP地址 | 端口 |
|---|---|
| 184.28.218.114 | 80 |
| 23.41.75.27 | 80 |
UDP连接
| IP地址 | 端口 |
|---|---|
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.255 | 137 |
| 224.0.0.252 | 5355 |
| 224.0.0.252 | 5355 |
| 224.0.0.252 | 5355 |
| 224.0.0.252 | 5355 |
| 224.0.0.252 | 5355 |
| 224.0.0.252 | 5355 |
| 224.0.0.252 | 5355 |
| 224.0.0.252 | 5355 |
| 224.0.0.252 | 5355 |
| 224.0.0.252 | 5355 |
| 239.255.255.250 | 1900 |
| 40.69.40.157 | 123 |
| 192.168.122.69 | 53197 |
| 192.168.122.69 | 64810 |
HTTP请求
| URL | HTTP数据 |
|---|---|
| http://www.msftncsi.com/ncsi.txt | GET /ncsi.txt HTTP/1.1 Connection: Close User-Agent: Microsoft NCSI Host: www.msftncsi.com |
| http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.verisign.com |
| http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEAz%2FezKc%2F387jS1UKrJYJro%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEAz%2FezKc%2F387jS1UKrJYJro%3D HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.verisign.com |
| http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEAz%2FezKc%2F387jS1UKrJYJro%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEAz%2FezKc%2F387jS1UKrJYJro%3D HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.verisign.com |
静态分析
PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x004185f9 |
| 声明校验值 | 0x00045122 |
| 实际校验值 | 0x00045122 |
| 最低操作系统版本要求 | 4.0 |
| PDB路径 | d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\MiniThunderPlatform.pdb |
| 编译时间 | 2014-07-25 10:39:26 |
版本信息
| LegalCopyright: | \x7248\x6743\x6240\x6709 (C) 2014 \x6df1\x5733\x5e02\x8fc5\x96f7\x7f51\x7edc\x6280\x672f\x6709\x9650\x516c\x53f8 |
| InternalName: | \x8fc5\x96f7\x4e91\x52a0\x901f\x5f00\x653e\x5e73\x53f0 |
| FileVersion: | 3.2.1.42 |
| CompanyName: | \x6df1\x5733\x5e02\x8fc5\x96f7\x7f51\x7edc\x6280\x672f\x6709\x9650\x516c\x53f8 |
| LegalTrademarks: | \x8fc5\x96f7 |
| ProductName: | \x8fc5\x96f7\x4e91\x52a0\x901f\x5f00\x653e\x5e73\x53f0 |
| ProductVersion: | 3.2.1.42 |
| FileDescription: | \x8fc5\x96f7\x4e91\x52a0\x901f\x5f00\x653e\x5e73\x53f0 |
| OriginalFilename: | MiniThunderPlatform |
| Translation: | 0x0409 0x04b0 |
PE数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .textbss | 0x00001000 | 0x00015531 | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .text | 0x00017000 | 0x00030f3e | 0x00031000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 5.25 |
| .rdata | 0x00048000 | 0x00006914 | 0x00007000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 3.10 |
| .data | 0x0004f000 | 0x00000f4c | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.91 |
| .idata | 0x00050000 | 0x00004aad | 0x00005000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.87 |
| .rsrc | 0x00055000 | 0x00000678 | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.16 |
覆盖
| 偏移量: | 0x00040000 |
| 大小: | 0x000019c8 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| RT_VERSION | 0x00055374 | 0x00000304 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.07 | data |
| RT_VERSION | 0x00055374 | 0x00000304 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.07 | data |
导入
库 VERSION.dll:
• 0x4510c4 - GetFileVersionInfoSizeW
• 0x4510c8 - GetFileVersionInfoW
• 0x4510cc - VerQueryValueW
库 RASAPI32.dll:
• 0x450fe4 - RasEnumConnectionsW
库 KERNEL32.dll:
• 0x4509ac - SetEvent
• 0x4509b0 - OpenMutexW
• 0x4509b4 - GetTickCount
• 0x4509b8 - WaitForSingleObject
• 0x4509bc - TerminateProcess
• 0x4509c0 - GetCurrentProcess
• 0x4509c4 - GetProcAddress
• 0x4509c8 - LoadLibraryW
• 0x4509cc - FreeLibrary
• 0x4509d0 - GetVersionExW
• 0x4509d4 - InterlockedExchange
• 0x4509d8 - GetACP
• 0x4509dc - GetLocaleInfoA
• 0x4509e0 - GetThreadLocale
• 0x4509e4 - TerminateThread
• 0x4509e8 - SuspendThread
• 0x4509ec - ResumeThread
• 0x4509f0 - GetCurrentThreadId
• 0x4509f4 - CreateThread
• 0x4509f8 - ResetEvent
• 0x4509fc - CreateEventW
• 0x450a00 - WideCharToMultiByte
• 0x450a04 - MultiByteToWideChar
• 0x450a08 - GetModuleFileNameW
• 0x450a0c - VirtualQuery
• 0x450a10 - IsBadCodePtr
• 0x450a14 - CreateDirectoryW
• 0x450a18 - GetFileAttributesW
• 0x450a1c - lstrcatW
• 0x450a20 - GetTempPathW
• 0x450a24 - UnmapViewOfFile
• 0x450a28 - FormatMessageW
• 0x450a2c - LocalFree
• 0x450a30 - OutputDebugStringA
• 0x450a34 - lstrlenW
• 0x450a38 - GetExitCodeProcess
• 0x450a3c - CreateProcessW
• 0x450a40 - OpenEventW
• 0x450a44 - MapViewOfFile
• 0x450a48 - CreateFileMappingW
• 0x450a4c - FindClose
• 0x450a50 - FindNextFileW
• 0x450a54 - CopyFileW
• 0x450a58 - FindFirstFileW
• 0x450a5c - FileTimeToSystemTime
• 0x450a60 - GetCommandLineW
• 0x450a64 - GetModuleHandleW
• 0x450a68 - lstrcpyW
• 0x450a6c - LocalAlloc
• 0x450a70 - QueryPerformanceCounter
• 0x450a74 - DebugBreak
• 0x450a78 - CreateMutexW
• 0x450a7c - GetLastError
• 0x450a80 - GetPrivateProfileStringW
• 0x450a84 - CloseHandle
• 0x450a88 - GetCurrentProcessId
• 0x450a8c - RaiseException
• 0x450a90 - DeleteCriticalSection
• 0x450a94 - LoadLibraryA
• 0x450a98 - ExitProcess
• 0x450a9c - GetStartupInfoW
• 0x450aa0 - GetModuleHandleA
• 0x450aa4 - LeaveCriticalSection
• 0x450aa8 - EnterCriticalSection
• 0x450aac - GetVersionExA
• 0x450ab0 - SetFileAttributesW
• 0x450ab4 - DeleteFileW
• 0x450ab8 - InitializeCriticalSection
• 0x450abc - GetSystemTimeAsFileTime
• 0x450ac0 - GetModuleFileNameA
• 0x450ac4 - HeapAlloc
• 0x450ac8 - HeapFree
• 0x450acc - GetProcessHeap
• 0x450ad0 - SetLastError
• 0x450ad4 - GetFileAttributesExW
• 0x450ad8 - GetCurrentDirectoryW
• 0x450adc - SetCurrentDirectoryW
• 0x450ae0 - RemoveDirectoryW
• 0x450ae4 - GetFileSizeEx
• 0x450ae8 - CreateFileW
库 USER32.dll:
• 0x451090 - UnregisterClassA
• 0x451094 - UnregisterClassW
库 ADVAPI32.dll:
• 0x450918 - GetSecurityDescriptorSacl
• 0x45091c - ConvertStringSecurityDescriptorToSecurityDescriptorW
• 0x450920 - RegCloseKey
• 0x450924 - RegCreateKeyExW
• 0x450928 - RegSetValueExW
• 0x45092c - SetSecurityInfo
库 SHELL32.dll:
• 0x451014 - SHGetFolderPathW
• 0x451018 - SHGetSpecialFolderPathW
• 0x45101c - SHCreateDirectoryExW
• 0x451020 - ShellExecuteExW
• 0x451024 - None
库 ole32.dll:
• 0x4510fc - CoTaskMemFree
库 OLEAUT32.dll:
• 0x450fb4 - None
库 MSVCP71.dll:
• 0x450b58 - ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
• 0x450b5c - ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
• 0x450b60 - ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
• 0x450b64 - ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
• 0x450b68 - ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
• 0x450b6c - ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
• 0x450b70 - ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
• 0x450b74 - ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
• 0x450b78 - ??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
• 0x450b7c - ??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
• 0x450b80 - ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
• 0x450b84 - ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
• 0x450b88 - ??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
• 0x450b8c - ??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
• 0x450b90 - ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
• 0x450b94 - ??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z
• 0x450b98 - ??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
• 0x450b9c - ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
• 0x450ba0 - ?width@ios_base@std@@QAEHH@Z
• 0x450ba4 - ??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
• 0x450ba8 - ?eq_int_type@?$char_traits@_W@std@@SA_NABG0@Z
• 0x450bac - ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
• 0x450bb0 - ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
• 0x450bb4 - ?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
• 0x450bb8 - ?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ
• 0x450bbc - ?flags@ios_base@std@@QBEHXZ
• 0x450bc0 - ?width@ios_base@std@@QBEHXZ
• 0x450bc4 - ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
• 0x450bc8 - ?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
• 0x450bcc - ?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
• 0x450bd0 - ?good@ios_base@std@@QBE_NXZ
• 0x450bd4 - ?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
• 0x450bd8 - ?uncaught_exception@std@@YA_NXZ
• 0x450bdc - ?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
• 0x450be0 - ?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
• 0x450be4 - ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
• 0x450be8 - ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
• 0x450bec - ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
• 0x450bf0 - ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
• 0x450bf4 - ??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
• 0x450bf8 - ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
• 0x450bfc - ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
• 0x450c00 - ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
• 0x450c04 - ??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
• 0x450c08 - ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
• 0x450c0c - ??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
• 0x450c10 - ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
• 0x450c14 - ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
• 0x450c18 - ?is@?$ctype@D@std@@QBE_NFD@Z
• 0x450c1c - ?to_char_type@?$char_traits@D@std@@SADABH@Z
• 0x450c20 - ?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
• 0x450c24 - ?eof@?$char_traits@D@std@@SAHXZ
• 0x450c28 - ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
• 0x450c2c - ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
• 0x450c30 - ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
• 0x450c34 - ?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
• 0x450c38 - ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
• 0x450c3c - ??1locale@std@@QAE@XZ
• 0x450c40 - ?getloc@ios_base@std@@QBE?AVlocale@2@XZ
• 0x450c44 - ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
• 0x450c48 - ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
• 0x450c4c - ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
• 0x450c50 - ??1_Lockit@std@@QAE@XZ
• 0x450c54 - ?_Register@facet@locale@std@@QAEXXZ
• 0x450c58 - ?_Incref@facet@locale@std@@QAEXXZ
• 0x450c5c - ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
• 0x450c60 - ?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
• 0x450c64 - ??Bid@locale@std@@QAEIXZ
• 0x450c68 - ?id@?$ctype@D@std@@2V0locale@2@A
• 0x450c6c - ??0_Lockit@std@@QAE@H@Z
• 0x450c70 - ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
• 0x450c74 - ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
• 0x450c78 - ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
• 0x450c7c - ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
• 0x450c80 - ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
• 0x450c84 - ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
• 0x450c88 - ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
• 0x450c8c - ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
• 0x450c90 - ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
• 0x450c94 - ?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
• 0x450c98 - ?is@?$ctype@_W@std@@QBE_NF_W@Z
• 0x450c9c - ?to_char_type@?$char_traits@_W@std@@SA_WABG@Z
• 0x450ca0 - ?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
• 0x450ca4 - ?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
• 0x450ca8 - ?max_size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
• 0x450cac - ?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
• 0x450cb0 - ?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
• 0x450cb4 - ?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
• 0x450cb8 - ?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@@Z
• 0x450cbc - ?id@?$ctype@_W@std@@2V0locale@2@A
• 0x450cc0 - ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
• 0x450cc4 - ?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
• 0x450cc8 - ?to_int_type@?$char_traits@_W@std@@SAGAB_W@Z
• 0x450ccc - ?_Unlock@_Mutex@std@@QAEXXZ
• 0x450cd0 - ?_Lock@_Mutex@std@@QAEXXZ
• 0x450cd4 - ??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
• 0x450cd8 - ?clear@ios_base@std@@QAEXH_N@Z
• 0x450cdc - ??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
• 0x450ce0 - ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
• 0x450ce4 - ?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
• 0x450ce8 - ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
• 0x450cec - ?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
• 0x450cf0 - ?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
• 0x450cf4 - ?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
• 0x450cf8 - ?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
• 0x450cfc - ?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
• 0x450d00 - ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
• 0x450d04 - ?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
• 0x450d08 - ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
• 0x450d0c - ?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
• 0x450d10 - ?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
• 0x450d14 - ?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
• 0x450d18 - ??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
• 0x450d1c - ?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
• 0x450d20 - ??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
• 0x450d24 - ?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
• 0x450d28 - ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
• 0x450d2c - ??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
• 0x450d30 - ?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
• 0x450d34 - ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
• 0x450d38 - ?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
• 0x450d3c - ?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
• 0x450d40 - ?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
• 0x450d44 - ?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
• 0x450d48 - ?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
• 0x450d4c - ?_Nomemory@std@@YAXXZ
• 0x450d50 - ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
• 0x450d54 - ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
• 0x450d58 - ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
• 0x450d5c - ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
• 0x450d60 - ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
• 0x450d64 - ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
• 0x450d68 - ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
• 0x450d6c - ??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
• 0x450d70 - ?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
• 0x450d74 - ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
• 0x450d78 - ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
• 0x450d7c - ?eof@?$char_traits@_W@std@@SAGXZ
• 0x450d80 - ?to_int_type@?$char_traits@D@std@@SAHABD@Z
库 SHLWAPI.dll:
• 0x451058 - PathCombineW
• 0x45105c - PathRemoveFileSpecW
• 0x451060 - PathFileExistsW
库 MSVCR71.dll:
• 0x450e1c - ??1exception@@UAE@XZ
• 0x450e20 - ??0exception@@QAE@XZ
• 0x450e24 - _wcsicmp
• 0x450e28 - ??_V@YAXPAX@Z
• 0x450e2c - ??0bad_cast@@QAE@ABV0@@Z
• 0x450e30 - ??1bad_cast@@UAE@XZ
• 0x450e34 - ??0bad_cast@@QAE@PBD@Z
• 0x450e38 - fclose
• 0x450e3c - fwprintf
• 0x450e40 - fwrite
• 0x450e44 - _wfopen
• 0x450e48 - getc
• 0x450e4c - fgetwc
• 0x450e50 - fseek
• 0x450e54 - fread
• 0x450e58 - _purecall
• 0x450e5c - wcsrchr
• 0x450e60 - wcschr
• 0x450e64 - swprintf
• 0x450e68 - swscanf
• 0x450e6c - _ultoa
• 0x450e70 - _ultow
• 0x450e74 - _ltoa
• 0x450e78 - _ltow
• 0x450e7c - _ui64toa
• 0x450e80 - _ui64tow
• 0x450e84 - _i64toa
• 0x450e88 - _i64tow
• 0x450e8c - sprintf
• 0x450e90 - atol
• 0x450e94 - _wtoi64
• 0x450e98 - _wtol
• 0x450e9c - _atoi64
• 0x450ea0 - sscanf
• 0x450ea4 - _stricmp
• 0x450ea8 - _vsnprintf
• 0x450eac - _itow
• 0x450eb0 - wcscpy
• 0x450eb4 - wcslen
• 0x450eb8 - wcscat
• 0x450ebc - wcscmp
• 0x450ec0 - malloc
• 0x450ec4 - _callnewh
• 0x450ec8 - memmove
• 0x450ecc - realloc
• 0x450ed0 - _CRT_RTC_INIT
• 0x450ed4 - __dllonexit
• 0x450ed8 - _onexit
• 0x450edc - ??1type_info@@UAE@XZ
• 0x450ee0 - ?terminate@@YAXXZ
• 0x450ee4 - _c_exit
• 0x450ee8 - _exit
• 0x450eec - _XcptFilter
• 0x450ef0 - _cexit
• 0x450ef4 - exit
• 0x450ef8 - _wcmdln
• 0x450efc - _amsg_exit
• 0x450f00 - __wgetmainargs
• 0x450f04 - _initterm
• 0x450f08 - __setusermatherr
• 0x450f0c - _adjust_fdiv
• 0x450f10 - __p__commode
• 0x450f14 - __p__fmode
• 0x450f18 - __set_app_type
• 0x450f1c - __security_error_handler
• 0x450f20 - _controlfp
• 0x450f24 - _CxxThrowException
• 0x450f28 - tolower
• 0x450f2c - memcpy
• 0x450f30 - free
• 0x450f34 - _except_handler3
• 0x450f38 - memset
• 0x450f3c - ??3@YAXPAX@Z
• 0x450f40 - __CxxFrameHandler
• 0x450f44 - _itoa
• 0x450f48 - ??0exception@@QAE@ABV0@@Z
库 CRYPT32.dll:
• 0x450960 - CertFreeCertificateContext
• 0x450964 - CertGetNameStringW
• 0x450968 - CertFindCertificateInStore
• 0x45096c - CryptMsgGetParam
• 0x450970 - CryptQueryObject
• 0x450974 - CryptMsgClose
• 0x450978 - CertCloseStore
投放文件
行为分析
互斥量(Mutexes)
无信息
执行的命令
无信息
创建的服务
无信息
启动的服务
无信息
进程
访问的文件
无信息
读取的文件
无信息
修改的文件
无信息
删除的文件
无信息
注册表键
无信息
读取的注册表键
无信息
修改的注册表键
无信息
删除的注册表键
无信息
API解析
无信息