分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2024-03-27 12:47:59 | 2024-03-27 12:48:41 | 42 秒 |
魔盾分数
9.575
危险的
文件详细信息
| 文件名 | Authentication.dll |
|---|---|
| 文件大小 | 5659136 字节 |
| 文件类型 | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| MD5 | 5210048b4079b0ded4fcda595ab30d17 |
| SHA1 | 266da516e0aede2d2b37adcb4d0d9f65eac59f57 |
| SHA256 | 268dbf077dcab8fc6cd8b4a7dbdf178c8509e94420f668f5c588329c5506546b |
| SHA512 | efac7166fc0cdbf468a992b484b1841c58b2a82d499ea84d7970a7cb0539b78d78284569bba0f71210698f9e1d49d529c85f75d3f9b0a5a772e7231636d15459 |
| CRC32 | 2515C224 |
| Ssdeep | 98304:FS35qol5tBVMGiclvb6UYxGHFR8ol8jZ7+Uhy3emNk4v:FSpq2Vnigvb6hxGHFR8ZjoZv |
| Yara | 登录查看Yara规则 |
| 找不到该样本 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x180000000 |
|---|---|
| 入口地址 | 0x180807626 |
| 声明校验值 | 0x0056cf8e |
| 实际校验值 | 0x0056cf8e |
| 最低操作系统版本要求 | 6.0 |
| PDB路径 | d:\agent\_work\85\s\Source\bin\x64\Release\Authentication.pdb |
| 编译时间 | 2024-01-19 22:51:46 |
| 载入哈希 | 33b857e98d2813a96148b266d86a34fe |
| 图标 |  |
| 图标精确哈希值 | 1bc6dd6232f32b8eb518b2dd3e1965cf |
| 图标相似性哈希值 | 9c406f03bd9bc8aa88f96425814974cf |
| 导出DLL库名称 | Authentication.dll |
版本信息
| LegalCopyright | |
|---|---|
| InternalName | |
| FileVersion | |
| CompanyName | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| OriginalFilename | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x002d8a8c | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 0.00 |
| .textidx | 0x002da000 | 0x000b9951 | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 0.00 |
| .rdata | 0x00394000 | 0x000d839a | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 0.00 |
| .data | 0x0046d000 | 0x000205b0 | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .pdata | 0x0048e000 | 0x00025530 | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 0.00 |
| _RDATA | 0x004b4000 | 0x000000f4 | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 0.00 |
| .vmp0 | 0x004b5000 | 0x0014cc37 | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 0.00 |
| .vmp1 | 0x00602000 | 0x004c8058 | 0x004c8200 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 7.85 |
| .reloc | 0x00acb000 | 0x000000c4 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 1.97 |
| .rsrc | 0x00acc000 | 0x000a3ef6 | 0x0009d200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 3.71 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| AFX_DIALOG_LAYOUT | 0x00b69068 | 0x00000002 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | data |
| AFX_DIALOG_LAYOUT | 0x00b69068 | 0x00000002 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | data |
| AFX_DIALOG_LAYOUT | 0x00b69068 | 0x00000002 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | data |
| AFX_DIALOG_LAYOUT | 0x00b69068 | 0x00000002 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | data |
| AFX_DIALOG_LAYOUT | 0x00b69068 | 0x00000002 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | data |
| AFX_DIALOG_LAYOUT | 0x00b69068 | 0x00000002 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | data |
| AFX_DIALOG_LAYOUT | 0x00b69068 | 0x00000002 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | data |
| AFX_DIALOG_LAYOUT | 0x00b69068 | 0x00000002 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | data |
| AFX_DIALOG_LAYOUT | 0x00b69068 | 0x00000002 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | data |
| RT_BITMAP | 0x00b6a848 | 0x000015f2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_BITMAP | 0x00b6a848 | 0x000015f2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_BITMAP | 0x00b6a848 | 0x000015f2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00b67e00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | GLS_BINARY_LSB_FIRST |
| RT_DIALOG | 0x00b6d6d8 | 0x0000018a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_DIALOG | 0x00b6d6d8 | 0x0000018a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_DIALOG | 0x00b6d6d8 | 0x0000018a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_DIALOG | 0x00b6d6d8 | 0x0000018a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_DIALOG | 0x00b6d6d8 | 0x0000018a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_DIALOG | 0x00b6d6d8 | 0x0000018a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_DIALOG | 0x00b6d6d8 | 0x0000018a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_DIALOG | 0x00b6d6d8 | 0x0000018a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_DIALOG | 0x00b6d6d8 | 0x0000018a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_STRING | 0x00b6fea8 | 0x0000004e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_STRING | 0x00b6fea8 | 0x0000004e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_STRING | 0x00b6fea8 | 0x0000004e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_STRING | 0x00b6fea8 | 0x0000004e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_STRING | 0x00b6fea8 | 0x0000004e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_STRING | 0x00b6fea8 | 0x0000004e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_STRING | 0x00b6fea8 | 0x0000004e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_STRING | 0x00b6fea8 | 0x0000004e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_STRING | 0x00b6fea8 | 0x0000004e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_STRING | 0x00b6fea8 | 0x0000004e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_STRING | 0x00b6fea8 | 0x0000004e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_STRING | 0x00b6fea8 | 0x0000004e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_STRING | 0x00b6fea8 | 0x0000004e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_STRING | 0x00b6fea8 | 0x0000004e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_STRING | 0x00b6fea8 | 0x0000004e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_GROUP_ICON | 0x00b68350 | 0x0000012c | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.42 | MS Windows icon resource - 21 icons, 48x48, 2 colors |
| RT_GROUP_ICON | 0x00b68350 | 0x0000012c | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.42 | MS Windows icon resource - 21 icons, 48x48, 2 colors |
| RT_VERSION | 0x00b68480 | 0x00000380 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.30 | 8086 relocatable (Microsoft) |
| RT_MANIFEST | 0x00b68800 | 0x00000825 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.45 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
导入
库: WSOCK32.dll:
• 0x180800000 WSAGetLastError
• 0x180800008 getpeername
• 0x180800010 socket
• 0x180800018 ioctlsocket
• 0x180800020 send
• 0x180800028 htonl
• 0x180800030 recv
• 0x180800038 inet_ntoa
• 0x180800040 connect
• 0x180800048 closesocket
• 0x180800050 __WSAFDIsSet
• 0x180800058 getsockopt
• 0x180800060 WSAStartup
• 0x180800068 select
• 0x180800070 WSACleanup
• 0x180800078 setsockopt
• 0x180800080 inet_addr
库: NETAPI32.dll:
• 0x180800090 Netbios
库: VERSION.dll:
• 0x1808000a0 VerQueryValueW
• 0x1808000a8 GetFileVersionInfoExW
• 0x1808000b0 GetFileVersionInfoSizeExW
库: IPHLPAPI.DLL:
• 0x1808000c0 GetIpForwardTable
库: KERNEL32.dll:
• 0x1808000d0 QueryPerformanceCounter
• 0x1808000d8 GetSystemTimeAsFileTime
• 0x1808000e0 InitializeSListHead
• 0x1808000e8 FindFirstFileA
• 0x1808000f0 FindNextFileA
• 0x1808000f8 FormatMessageA
• 0x180800100 GetEnvironmentStrings
• 0x180800108 FreeEnvironmentStringsA
• 0x180800110 GetVersionExA
• 0x180800118 lstrlenA
• 0x180800120 GetCommandLineW
• 0x180800128 GetEnvironmentVariableA
• 0x180800130 GetEnvironmentVariableW
• 0x180800138 ReleaseMutex
• 0x180800140 CreateMutexA
• 0x180800148 GetWindowsDirectoryA
• 0x180800150 GetVersion
• 0x180800158 GetLocalTime
• 0x180800160 GetTimeZoneInformation
• 0x180800168 GetModuleHandleA
• 0x180800170 FindNextFileW
• 0x180800178 GetProcessTimes
• 0x180800180 CreateEventA
• 0x180800188 GetDriveTypeA
• 0x180800190 GetVolumeInformationA
• 0x180800198 CreateFileA
• 0x1808001a0 DeviceIoControl
• 0x1808001a8 SetNamedPipeHandleState
• 0x1808001b0 SleepEx
• 0x1808001b8 WaitNamedPipeA
• 0x1808001c0 LoadLibraryExA
• 0x1808001c8 DefineDosDeviceA
• 0x1808001d0 QueryDosDeviceA
• 0x1808001d8 GetComputerNameW
• 0x1808001e0 CreateThread
• 0x1808001e8 GetTimeFormatW
• 0x1808001f0 FindFirstFileExW
• 0x1808001f8 SetStdHandle
• 0x180800200 VirtualQuery
• 0x180800208 VirtualAlloc
• 0x180800210 GetSystemInfo
• 0x180800218 HeapQueryInformation
• 0x180800220 GetCommandLineA
• 0x180800228 FreeLibraryAndExitThread
• 0x180800230 ExitThread
• 0x180800238 ExitProcess
• 0x180800240 UnhandledExceptionFilter
• 0x180800248 GetFileType
• 0x180800250 GetFileInformationByHandle
• 0x180800258 GetDriveTypeW
• 0x180800260 InterlockedFlushSList
• 0x180800268 RtlUnwindEx
• 0x180800270 RtlPcToFileHeader
• 0x180800278 GetStringTypeW
• 0x180800280 GetCPInfo
• 0x180800288 CompareStringEx
• 0x180800290 LCMapStringEx
• 0x180800298 TryEnterCriticalSection
• 0x1808002a0 AcquireSRWLockExclusive
• 0x1808002a8 ReleaseSRWLockExclusive
• 0x1808002b0 InitializeSRWLock
• 0x1808002b8 QueryPerformanceFrequency
• 0x1808002c0 OutputDebugStringW
• 0x1808002c8 GetStartupInfoW
• 0x1808002d0 IsDebuggerPresent
• 0x1808002d8 WaitForSingleObjectEx
• 0x1808002e0 ResetEvent
• 0x1808002e8 RtlVirtualUnwind
• 0x1808002f0 RtlLookupFunctionEntry
• 0x1808002f8 RtlCaptureContext
• 0x180800300 GetUserDefaultLCID
• 0x180800308 GetTempFileNameW
• 0x180800310 SearchPathW
• 0x180800318 GetProfileIntW
• 0x180800320 GetTickCount
• 0x180800328 GetTempPathW
• 0x180800330 VerifyVersionInfoW
• 0x180800338 VerSetConditionMask
• 0x180800340 SystemTimeToTzSpecificLocalTime
• 0x180800348 IsProcessorFeaturePresent
• 0x180800350 GetFileSizeEx
• 0x180800358 GetFileAttributesExW
• 0x180800360 FileTimeToLocalFileTime
• 0x180800368 GetWindowsDirectoryW
• 0x180800370 lstrcpyW
• 0x180800378 FindResourceExW
• 0x180800380 lstrcmpiW
• 0x180800388 GetCurrentProcess
• 0x180800390 DuplicateHandle
• 0x180800398 WriteFile
• 0x1808003a0 UnlockFile
• 0x1808003a8 SetFilePointer
• 0x1808003b0 SetEndOfFile
• 0x1808003b8 ReadFile
• 0x1808003c0 LockFile
• 0x1808003c8 GetVolumeInformationW
• 0x1808003d0 TerminateProcess
• 0x1808003d8 GetFullPathNameW
• 0x1808003e0 GetFileSize
• 0x1808003e8 FlushFileBuffers
• 0x1808003f0 FindFirstFileW
• 0x1808003f8 FindClose
• 0x180800400 CreateFileW
• 0x180800408 DeleteFileW
• 0x180800410 GetUserDefaultUILanguage
• 0x180800418 GetSystemDefaultUILanguage
• 0x180800420 GlobalFlags
• 0x180800428 SetErrorMode
• 0x180800430 GlobalGetAtomNameW
• 0x180800438 LocalReAlloc
• 0x180800440 LocalAlloc
• 0x180800448 GlobalHandle
• 0x180800450 GlobalReAlloc
• 0x180800458 TlsFree
• 0x180800460 TlsSetValue
• 0x180800468 TlsGetValue
• 0x180800470 TlsAlloc
• 0x180800478 InitializeCriticalSection
• 0x180800480 VirtualProtect
• 0x180800488 GetPrivateProfileIntW
• 0x180800490 lstrcmpA
• 0x180800498 GetVersionExW
• 0x1808004a0 GetCurrentThread
• 0x1808004a8 ResumeThread
• 0x1808004b0 SetThreadPriority
• 0x1808004b8 CreateEventW
• 0x1808004c0 WaitForSingleObject
• 0x1808004c8 SetEvent
• 0x1808004d0 FileTimeToSystemTime
• 0x1808004d8 CompareStringW
• 0x1808004e0 QueryActCtxW
• 0x1808004e8 FindActCtxSectionStringW
• 0x1808004f0 DeactivateActCtx
• 0x1808004f8 ActivateActCtx
• 0x180800500 CreateActCtxW
• 0x180800508 GlobalFindAtomW
• 0x180800510 GlobalAddAtomW
• 0x180800518 lstrcmpW
• 0x180800520 GlobalDeleteAtom
• 0x180800528 LoadLibraryExW
• 0x180800530 GetModuleHandleExW
• 0x180800538 GetSystemDirectoryW
• 0x180800540 GetCurrentThreadId
• 0x180800548 OutputDebugStringA
• 0x180800550 CopyFileW
• 0x180800558 LocalFree
• 0x180800560 GlobalFree
• 0x180800568 GlobalLock
• 0x180800570 GlobalUnlock
• 0x180800578 GlobalSize
• 0x180800580 GlobalAlloc
• 0x180800588 SetLastError
• 0x180800590 WideCharToMultiByte
• 0x180800598 MulDiv
• 0x1808005a0 Sleep
• 0x1808005a8 Process32NextW
• 0x1808005b0 Process32FirstW
• 0x1808005b8 CreateToolhelp32Snapshot
• 0x1808005c0 K32GetModuleBaseNameW
• 0x1808005c8 GetLocaleInfoW
• 0x1808005d0 FormatMessageW
• 0x1808005d8 LoadLibraryW
• 0x1808005e0 OpenProcess
• 0x1808005e8 GetCurrentProcessId
• 0x1808005f0 GetCurrentDirectoryW
• 0x1808005f8 UnmapViewOfFile
• 0x180800600 MapViewOfFile
• 0x180800608 CreateFileMappingW
• 0x180800610 CloseHandle
• 0x180800618 GetFileAttributesW
• 0x180800620 CreateDirectoryW
• 0x180800628 MultiByteToWideChar
• 0x180800630 GetProcessHeap
• 0x180800638 HeapSize
• 0x180800640 HeapFree
• 0x180800648 HeapReAlloc
• 0x180800650 HeapAlloc
• 0x180800658 RaiseException
• 0x180800660 GetDateFormatW
• 0x180800668 GetSystemTime
• 0x180800670 InitializeCriticalSectionAndSpinCount
• 0x180800678 WritePrivateProfileStringW
• 0x180800680 GetPrivateProfileStringW
• 0x180800688 SetThreadLocale
• 0x180800690 GetThreadLocale
• 0x180800698 GetModuleHandleW
• 0x1808006a0 GetModuleFileNameW
• 0x1808006a8 DeleteCriticalSection
• 0x1808006b0 InitializeCriticalSectionEx
• 0x1808006b8 LeaveCriticalSection
• 0x1808006c0 EnterCriticalSection
• 0x1808006c8 GetLastError
• 0x1808006d0 DecodePointer
• 0x1808006d8 EncodePointer
• 0x1808006e0 FindResourceW
• 0x1808006e8 SizeofResource
• 0x1808006f0 LockResource
• 0x1808006f8 LoadResource
• 0x180800700 LoadLibraryA
• 0x180800708 GetProcAddress
• 0x180800710 FreeLibrary
• 0x180800718 GetFileTime
• 0x180800720 SetUnhandledExceptionFilter
• 0x180800728 LCMapStringW
• 0x180800730 IsValidLocale
• 0x180800738 EnumSystemLocalesW
• 0x180800740 GetStdHandle
• 0x180800748 GetConsoleOutputCP
• 0x180800750 GetConsoleMode
• 0x180800758 SetFilePointerEx
• 0x180800760 ReadConsoleW
• 0x180800768 IsValidCodePage
• 0x180800770 GetACP
• 0x180800778 GetOEMCP
• 0x180800780 GetEnvironmentStringsW
• 0x180800788 FreeEnvironmentStringsW
• 0x180800790 SetEnvironmentVariableW
• 0x180800798 WriteConsoleW
• 0x1808007a0 RtlUnwind
• 0x1808007a8 GetThreadPriority
• 0x1808007b0 GetThreadContext
• 0x1808007b8 SetThreadContext
• 0x1808007c0 GetSystemDirectoryA
• 0x1808007c8 GetProcessAffinityMask
• 0x1808007d0 SetThreadAffinityMask
• 0x1808007d8 PeekNamedPipe
库: USER32.dll:
• 0x1808007e8 WindowFromPoint
• 0x1808007f0 ReleaseCapture
• 0x1808007f8 SetCapture
• 0x180800800 GetNextDlgGroupItem
• 0x180800808 GetMenuDefaultItem
• 0x180800810 CreatePopupMenu
• 0x180800818 LoadImageW
• 0x180800820 TrackMouseEvent
• 0x180800828 CharUpperW
• 0x180800830 DestroyIcon
• 0x180800838 KillTimer
• 0x180800840 SetTimer
• 0x180800848 DeleteMenu
• 0x180800850 CopyImage
• 0x180800858 RealChildWindowFromPoint
• 0x180800860 GetSysColorBrush
• 0x180800868 OffsetRect
• 0x180800870 SetRectEmpty
• 0x180800878 SendDlgItemMessageA
• 0x180800880 SystemParametersInfoW
• 0x180800888 GetMenuItemInfoW
• 0x180800890 DestroyMenu
• 0x180800898 GetSystemMetrics
• 0x1808008a0 IntersectRect
• 0x1808008a8 InflateRect
• 0x1808008b0 LoadMenuW
• 0x1808008b8 MapDialogRect
• 0x1808008c0 GetAsyncKeyState
• 0x1808008c8 ShowOwnedPopups
• 0x1808008d0 PostQuitMessage
• 0x1808008d8 GetCursorPos
• 0x1808008e0 TranslateMessage
• 0x1808008e8 GetMessageW
• 0x1808008f0 GetWindowThreadProcessId
• 0x1808008f8 GetDesktopWindow
• 0x180800900 GetActiveWindow
• 0x180800908 GetNextDlgTabItem
• 0x180800910 EndDialog
• 0x180800918 CreateDialogIndirectParamW
• 0x180800920 IsDialogMessageW
• 0x180800928 SetWindowTextW
• 0x180800930 IsWindowEnabled
• 0x180800938 CheckDlgButton
• 0x180800940 GetDlgItemTextW
• 0x180800948 SetDlgItemTextW
• 0x180800950 MoveWindow
• 0x180800958 ShowWindow
• 0x180800960 GetMonitorInfoW
• 0x180800968 MonitorFromWindow
• 0x180800970 WinHelpW
• 0x180800978 GetScrollInfo
• 0x180800980 SetScrollInfo
• 0x180800988 CallNextHookEx
• 0x180800990 SetWindowsHookExW
• 0x180800998 GetWindow
• 0x1808009a0 GetLastActivePopup
• 0x1808009a8 DrawIconEx
• 0x1808009b0 GetClassNameW
• 0x1808009b8 UpdateLayeredWindow
• 0x1808009c0 MonitorFromPoint
• 0x1808009c8 LoadAcceleratorsW
• 0x1808009d0 GetClassLongPtrW
• 0x1808009d8 SetWindowLongPtrW
• 0x1808009e0 TranslateAcceleratorW
• 0x1808009e8 InsertMenuItemW
• 0x1808009f0 CharNextW
• 0x1808009f8 SendMessageW
• 0x180800a00 GetWindowLongPtrW
• 0x180800a08 SetWindowLongW
• 0x180800a10 GetWindowLongW
• 0x180800a18 PtInRect
• 0x180800a20 EqualRect
• 0x180800a28 CopyRect
• 0x180800a30 MapWindowPoints
• 0x180800a38 MessageBoxW
• 0x180800a40 UnpackDDElParam
• 0x180800a48 GetWindowTextLengthW
• 0x180800a50 GetWindowTextW
• 0x180800a58 RemovePropW
• 0x180800a60 GetPropW
• 0x180800a68 SetPropW
• 0x180800a70 ShowScrollBar
• 0x180800a78 OpenClipboard
• 0x180800a80 SetScrollRange
• 0x180800a88 GetScrollPos
• 0x180800a90 SetScrollPos
• 0x180800a98 ScrollWindow
• 0x180800aa0 RedrawWindow
• 0x180800aa8 ValidateRect
• 0x180800ab0 SetForegroundWindow
• 0x180800ab8 GetForegroundWindow
• 0x180800ac0 SetActiveWindow
• 0x180800ac8 UpdateWindow
• 0x180800ad0 TrackPopupMenu
• 0x180800ad8 SetMenu
• 0x180800ae0 GetMenu
• 0x180800ae8 GetCapture
• 0x180800af0 GetKeyState
• 0x180800af8 SetFocus
• 0x180800b00 GetDlgCtrlID
• 0x180800b08 CloseClipboard
• 0x180800b10 UnionRect
• 0x180800b18 SetClipboardData
• 0x180800b20 EmptyClipboard
• 0x180800b28 DrawStateW
• 0x180800b30 SetClassLongPtrW
• 0x180800b38 SetWindowRgn
• 0x180800b40 SetParent
• 0x180800b48 DrawEdge
• 0x180800b50 DrawFrameControl
• 0x180800b58 IsZoomed
• 0x180800b60 BringWindowToTop
• 0x180800b68 SetCursorPos
• 0x180800b70 CopyIcon
• 0x180800b78 FrameRect
• 0x180800b80 DrawIcon
• 0x180800b88 GetIconInfo
• 0x180800b90 GetDlgItem
• 0x180800b98 IsIconic
• 0x180800ba0 MessageBeep
• 0x180800ba8 EnableScrollBar
• 0x180800bb0 HideCaret
• 0x180800bb8 InvertRect
• 0x180800bc0 NotifyWinEvent
• 0x180800bc8 MapVirtualKeyW
• 0x180800bd0 GetKeyNameTextW
• 0x180800bd8 SetLayeredWindowAttributes
• 0x180800be0 GetTopWindow
• 0x180800be8 EnumDisplayMonitors
• 0x180800bf0 EnableWindow
• 0x180800bf8 GetClientRect
• 0x180800c00 LoadIconW
• 0x180800c08 UnregisterClassW
• 0x180800c10 PostMessageW
• 0x180800c18 GetDC
• 0x180800c20 GetWindowRect
• 0x180800c28 IsRectEmpty
• 0x180800c30 GetParent
• 0x180800c38 InvalidateRect
• 0x180800c40 SetCursor
• 0x180800c48 DrawFocusRect
• 0x180800c50 FillRect
• 0x180800c58 LoadCursorW
• 0x180800c60 GetSystemMenu
• 0x180800c68 EnableMenuItem
• 0x180800c70 ReleaseDC
• 0x180800c78 GetMenuStringW
• 0x180800c80 GetMenuState
• 0x180800c88 GetSubMenu
• 0x180800c90 GetMenuItemID
• 0x180800c98 GetMenuItemCount
• 0x180800ca0 InsertMenuW
• 0x180800ca8 AppendMenuW
• 0x180800cb0 RemoveMenu
• 0x180800cb8 UnhookWindowsHookEx
• 0x180800cc0 DrawTextW
• 0x180800cc8 DrawTextExW
• 0x180800cd0 GrayStringW
• 0x180800cd8 TabbedTextOutW
• 0x180800ce0 GetWindowDC
• 0x180800ce8 ReuseDDElParam
• 0x180800cf0 BeginPaint
• 0x180800cf8 EndPaint
• 0x180800d00 ClientToScreen
• 0x180800d08 ScreenToClient
• 0x180800d10 GetSysColor
• 0x180800d18 GetFocus
• 0x180800d20 CheckMenuItem
• 0x180800d28 SetMenuItemBitmaps
• 0x180800d30 GetMenuCheckMarkDimensions
• 0x180800d38 SetMenuItemInfoW
• 0x180800d40 LoadBitmapW
• 0x180800d48 RegisterWindowMessageW
• 0x180800d50 DispatchMessageW
• 0x180800d58 PeekMessageW
• 0x180800d60 GetMessagePos
• 0x180800d68 GetMessageTime
• 0x180800d70 DefWindowProcW
• 0x180800d78 CallWindowProcW
• 0x180800d80 RegisterClassW
• 0x180800d88 GetClassInfoW
• 0x180800d90 GetClassInfoExW
• 0x180800d98 CreateWindowExW
• 0x180800da0 IsWindow
• 0x180800da8 IsMenu
• 0x180800db0 IsChild
• 0x180800db8 DestroyWindow
• 0x180800dc0 SetWindowPos
• 0x180800dc8 GetWindowPlacement
• 0x180800dd0 SetWindowPlacement
• 0x180800dd8 BeginDeferWindowPos
• 0x180800de0 DeferWindowPos
• 0x180800de8 EndDeferWindowPos
• 0x180800df0 IsWindowVisible
• 0x180800df8 GetComboBoxInfo
• 0x180800e00 PostThreadMessageW
• 0x180800e08 WaitMessage
• 0x180800e10 GetKeyboardLayout
• 0x180800e18 GetScrollRange
• 0x180800e20 IsCharLowerW
• 0x180800e28 MapVirtualKeyExW
• 0x180800e30 ToUnicodeEx
• 0x180800e38 GetKeyboardState
• 0x180800e40 CreateAcceleratorTableW
• 0x180800e48 DestroyAcceleratorTable
• 0x180800e50 CopyAcceleratorTableW
• 0x180800e58 SetRect
• 0x180800e60 LockWindowUpdate
• 0x180800e68 SetMenuDefaultItem
• 0x180800e70 GetDoubleClickTime
• 0x180800e78 ModifyMenuW
• 0x180800e80 RegisterClipboardFormatW
• 0x180800e88 CharUpperBuffW
• 0x180800e90 IsClipboardFormatAvailable
• 0x180800e98 GetUpdateRect
• 0x180800ea0 DrawMenuBar
• 0x180800ea8 DefFrameProcW
• 0x180800eb0 DefMDIChildProcW
• 0x180800eb8 TranslateMDISysAccel
• 0x180800ec0 SubtractRect
• 0x180800ec8 CreateMenu
• 0x180800ed0 GetWindowRgn
• 0x180800ed8 DestroyCursor
• 0x180800ee0 MessageBoxA
• 0x180800ee8 SendMessageA
• 0x180800ef0 SetDlgItemTextA
• 0x180800ef8 GetDlgItemTextA
• 0x180800f00 SetWindowTextA
• 0x180800f08 GetWindowLongA
• 0x180800f10 wsprintfA
• 0x180800f18 DialogBoxIndirectParamA
• 0x180800f20 AdjustWindowRectEx
• 0x180800f28 CreateDialogIndirectParamA
库: GDI32.dll:
• 0x180800f38 SaveDC
• 0x180800f40 SelectClipRgn
• 0x180800f48 ExtSelectClipRgn
• 0x180800f50 SelectObject
• 0x180800f58 SelectPalette
• 0x180800f60 SetBkColor
• 0x180800f68 SetBkMode
• 0x180800f70 SetMapMode
• 0x180800f78 SetLayout
• 0x180800f80 GetLayout
• 0x180800f88 SetPolyFillMode
• 0x180800f90 SetROP2
• 0x180800f98 SetTextColor
• 0x180800fa0 SetTextAlign
• 0x180800fa8 MoveToEx
• 0x180800fb0 TextOutW
• 0x180800fb8 ExtTextOutW
• 0x180800fc0 SetViewportExtEx
• 0x180800fc8 SetViewportOrgEx
• 0x180800fd0 SetWindowExtEx
• 0x180800fd8 SetWindowOrgEx
• 0x180800fe0 OffsetViewportOrgEx
• 0x180800fe8 OffsetWindowOrgEx
• 0x180800ff0 ScaleViewportExtEx
• 0x180800ff8 ScaleWindowExtEx
• 0x180801000 CombineRgn
• 0x180801008 CreateRectRgnIndirect
• 0x180801010 SetRectRgn
• 0x180801018 DPtoLP
• 0x180801020 EnumFontFamiliesExW
• 0x180801028 CreatePalette
• 0x180801030 RestoreDC
• 0x180801038 GetPaletteEntries
• 0x180801040 GetSystemPaletteEntries
• 0x180801048 RealizePalette
• 0x180801050 CreateDIBitmap
• 0x180801058 EnumFontFamiliesW
• 0x180801060 GetTextCharsetInfo
• 0x180801068 SetPixel
• 0x180801070 StretchBlt
• 0x180801078 CreateDIBSection
• 0x180801080 SetDIBColorTable
• 0x180801088 CreateEllipticRgn
• 0x180801090 Ellipse
• 0x180801098 GetTextColor
• 0x1808010a0 CreatePolygonRgn
• 0x1808010a8 Polygon
• 0x1808010b0 Polyline
• 0x1808010b8 CreateRoundRectRgn
• 0x1808010c0 LPtoDP
• 0x1808010c8 Rectangle
• 0x1808010d0 GetRgnBox
• 0x1808010d8 OffsetRgn
• 0x1808010e0 RoundRect
• 0x1808010e8 FillRgn
• 0x1808010f0 FrameRgn
• 0x1808010f8 GetBoundsRect
• 0x180801100 PtInRegion
• 0x180801108 ExtFloodFill
• 0x180801110 SetPaletteEntries
• 0x180801118 SetPixelV
• 0x180801120 GetWindowOrgEx
• 0x180801128 GetViewportOrgEx
• 0x180801130 GetTextFaceW
• 0x180801138 PtVisible
• 0x180801140 RectVisible
• 0x180801148 LineTo
• 0x180801150 IntersectClipRect
• 0x180801158 GetWindowExtEx
• 0x180801160 GetViewportExtEx
• 0x180801168 GetPixel
• 0x180801170 GetObjectType
• 0x180801178 GetClipBox
• 0x180801180 ExcludeClipRect
• 0x180801188 Escape
• 0x180801190 DeleteObject
• 0x180801198 CreateRectRgn
• 0x1808011a0 CreatePatternBrush
• 0x1808011a8 CreatePen
• 0x1808011b0 CreateHatchBrush
• 0x1808011b8 CreateDCW
• 0x1808011c0 CopyMetaFileW
• 0x1808011c8 PatBlt
• 0x1808011d0 MaskBlt
• 0x1808011d8 CreateCompatibleDC
• 0x1808011e0 CreateBitmap
• 0x1808011e8 BitBlt
• 0x1808011f0 GetTextMetricsW
• 0x1808011f8 GetDeviceCaps
• 0x180801200 GetBkColor
• 0x180801208 GetStockObject
• 0x180801210 GetTextExtentPoint32W
• 0x180801218 GetObjectW
• 0x180801220 CreateFontIndirectW
• 0x180801228 DeleteDC
• 0x180801230 GetNearestPaletteIndex
• 0x180801238 CreateCompatibleBitmap
• 0x180801240 CreateSolidBrush
库: COMDLG32.dll:
• 0x180801268 GetOpenFileNameA
库: WINSPOOL.DRV:
• 0x180801278 OpenPrinterW
• 0x180801280 ClosePrinter
• 0x180801288 DocumentPropertiesW
库: ADVAPI32.dll:
• 0x180801298 RegOpenKeyExA
• 0x1808012a0 RegDeleteKeyW
• 0x1808012a8 RegQueryInfoKeyA
• 0x1808012b0 StartServiceA
• 0x1808012b8 QueryServiceStatus
• 0x1808012c0 OpenServiceA
• 0x1808012c8 OpenSCManagerA
• 0x1808012d0 CloseServiceHandle
• 0x1808012d8 ReportEventA
• 0x1808012e0 RegisterEventSourceA
• 0x1808012e8 DeregisterEventSource
• 0x1808012f0 RegEnumKeyExA
• 0x1808012f8 RegSetValueExA
• 0x180801300 RegQueryValueExA
• 0x180801308 GetUserNameW
• 0x180801310 GetUserNameA
• 0x180801318 RegCreateKeyExA
• 0x180801320 RegCloseKey
• 0x180801328 RegEnumValueA
• 0x180801330 RegDeleteValueA
• 0x180801338 RegEnumKeyExW
• 0x180801340 RegQueryValueW
• 0x180801348 RegEnumKeyW
• 0x180801350 RegCreateKeyExW
• 0x180801358 RegSetValueExW
• 0x180801360 RegEnumValueW
• 0x180801368 RegDeleteValueW
• 0x180801370 RegQueryValueExW
• 0x180801378 RegQueryInfoKeyW
• 0x180801380 RegOpenKeyExW
库: SHELL32.dll:
• 0x180801390 None
• 0x180801398 SHAppBarMessage
• 0x1808013a0 DragFinish
• 0x1808013a8 DragQueryFileW
• 0x1808013b0 SHBrowseForFolderW
• 0x1808013b8 SHGetDesktopFolder
• 0x1808013c0 SHGetSpecialFolderLocation
• 0x1808013c8 SHGetPathFromIDListW
• 0x1808013d0 SHGetFileInfoW
• 0x1808013d8 ShellExecuteW
• 0x1808013e0 SHGetSpecialFolderPathW
• 0x1808013e8 SHGetKnownFolderPath
库: COMCTL32.dll:
• 0x1808013f8 None
库: SHLWAPI.dll:
• 0x180801408 StrFormatKBSizeW
• 0x180801410 PathStripToRootW
• 0x180801418 PathIsUNCW
• 0x180801420 PathRemoveFileSpecW
• 0x180801428 PathFindFileNameW
• 0x180801430 PathFindExtensionW
• 0x180801438 PathFileExistsW
• 0x180801440 PathRemoveBackslashW
库: UxTheme.dll:
• 0x180801450 CloseThemeData
• 0x180801458 OpenThemeData
• 0x180801460 DrawThemeParentBackground
• 0x180801468 DrawThemeBackground
• 0x180801470 GetThemeColor
• 0x180801478 GetCurrentThemeName
• 0x180801480 GetWindowTheme
• 0x180801488 IsAppThemed
• 0x180801490 IsThemeBackgroundPartiallyTransparent
• 0x180801498 GetThemeSysColor
• 0x1808014a0 GetThemePartSize
• 0x1808014a8 DrawThemeText
库: ole32.dll:
• 0x1808014b8 OleLockRunning
• 0x1808014c0 RevokeDragDrop
• 0x1808014c8 RegisterDragDrop
• 0x1808014d0 CoLockObjectExternal
• 0x1808014d8 OleGetClipboard
• 0x1808014e0 CoInitializeEx
• 0x1808014e8 CreateStreamOnHGlobal
• 0x1808014f0 CoDisconnectObject
• 0x1808014f8 CoInitialize
• 0x180801500 CoCreateGuid
• 0x180801508 CoUninitialize
• 0x180801510 ReleaseStgMedium
• 0x180801518 OleDuplicateData
• 0x180801520 CoTaskMemAlloc
• 0x180801528 CoTaskMemFree
• 0x180801530 StringFromGUID2
• 0x180801538 CoCreateInstance
• 0x180801540 OleTranslateAccelerator
• 0x180801548 OleCreateMenuDescriptor
• 0x180801550 DoDragDrop
• 0x180801558 CoInitializeSecurity
• 0x180801560 CoSetProxyBlanket
• 0x180801568 IsAccelerator
• 0x180801570 OleDestroyMenuDescriptor
库: OLEAUT32.dll:
• 0x180801580 VariantTimeToSystemTime
• 0x180801588 SystemTimeToVariantTime
• 0x180801590 UnRegisterTypeLib
• 0x180801598 RegisterTypeLib
• 0x1808015a0 LoadTypeLib
• 0x1808015a8 SysStringLen
• 0x1808015b0 SysFreeString
• 0x1808015b8 SysAllocString
• 0x1808015c0 SafeArrayDestroy
• 0x1808015c8 VarUdateFromDate
• 0x1808015d0 VariantClear
• 0x1808015d8 SafeArrayAccessData
• 0x1808015e0 SafeArrayUnaccessData
• 0x1808015e8 VariantCopy
• 0x1808015f0 VarBstrFromDate
• 0x1808015f8 SysAllocStringLen
• 0x180801600 SafeArrayGetUBound
• 0x180801608 VariantInit
• 0x180801610 VariantChangeType
• 0x180801618 SafeArrayGetLBound
库: gdiplus.dll:
• 0x180801628 GdipAlloc
• 0x180801630 GdipFree
• 0x180801638 GdiplusStartup
• 0x180801640 GdipCloneImage
• 0x180801648 GdipDisposeImage
• 0x180801650 GdipGetImageGraphicsContext
• 0x180801658 GdipGetImageWidth
• 0x180801660 GdipGetImageHeight
• 0x180801668 GdipDrawImageRectI
• 0x180801670 GdipSetInterpolationMode
• 0x180801678 GdipCreateFromHDC
• 0x180801680 GdipCreateBitmapFromHBITMAP
• 0x180801688 GdipDrawImageI
• 0x180801690 GdipDeleteGraphics
• 0x180801698 GdipBitmapUnlockBits
• 0x1808016a0 GdipBitmapLockBits
• 0x1808016a8 GdipCreateBitmapFromScan0
• 0x1808016b0 GdipGetImagePixelFormat
• 0x1808016b8 GdipGetImagePalette
• 0x1808016c0 GdipGetImagePaletteSize
• 0x1808016c8 GdipCreateBitmapFromStream
• 0x1808016d0 GdiplusShutdown
库: OLEACC.dll:
• 0x180801700 AccessibleObjectFromWindow
• 0x180801708 LresultFromObject
• 0x180801710 CreateStdAccessibleObject
库: IMM32.dll:
• 0x180801720 ImmReleaseContext
• 0x180801728 ImmGetContext
• 0x180801730 ImmGetOpenStatus
库: WINMM.dll:
• 0x180801740 PlaySoundW
库: WINHTTP.dll:
• 0x180801750 WinHttpSendRequest
• 0x180801758 WinHttpCrackUrl
• 0x180801760 WinHttpReceiveResponse
• 0x180801768 WinHttpSetOption
• 0x180801770 WinHttpOpenRequest
• 0x180801778 WinHttpConnect
• 0x180801780 WinHttpCloseHandle
• 0x180801788 WinHttpOpen
• 0x180801790 WinHttpQueryHeaders
库: KERNEL32.dll:
• 0x1808017a0 LocalAlloc
• 0x1808017a8 LocalFree
• 0x1808017b0 GetModuleFileNameW
• 0x1808017b8 GetProcessAffinityMask
• 0x1808017c0 SetProcessAffinityMask
• 0x1808017c8 SetThreadAffinityMask
• 0x1808017d0 Sleep
• 0x1808017d8 ExitProcess
• 0x1808017e0 FreeLibrary
• 0x1808017e8 LoadLibraryA
• 0x1808017f0 GetModuleHandleA
• 0x1808017f8 GetProcAddress
导出
| 序列 | 地址 | 名称 |
|---|---|---|
| 1 | 0x180038d40 | ??0AuthenticationAccess@MtbLicensing@@QEAA@XZ |
| 2 | 0x180030840 | ??0IAuthenticationAccess@MtbLicensing@@QEAA@AEBV01@@Z |
| 3 | 0x180030840 | ??0IAuthenticationAccess@MtbLicensing@@QEAA@XZ |
| 4 | 0x180030850 | ??0ILicenseStatus@MtbLicensing@@QEAA@AEBV01@@Z |
| 5 | 0x180030850 | ??0ILicenseStatus@MtbLicensing@@QEAA@XZ |
| 6 | 0x180030860 | ??0ILicenseStatusLine@MtbLicensing@@QEAA@AEBV01@@Z |
| 7 | 0x180030860 | ??0ILicenseStatusLine@MtbLicensing@@QEAA@XZ |
| 8 | 0x1800317e0 | ??1AuthenticationAccess@MtbLicensing@@UEAA@XZ |
| 9 | 0x180031820 | ??1IAuthenticationAccess@MtbLicensing@@UEAA@XZ |
| 10 | 0x180031830 | ??1ILicenseStatus@MtbLicensing@@UEAA@XZ |
| 11 | 0x180031840 | ??1ILicenseStatusLine@MtbLicensing@@UEAA@XZ |
| 12 | 0x180031a80 | ??4IAuthenticationAccess@MtbLicensing@@QEAAAEAV01@AEBV01@@Z |
| 13 | 0x180031a80 | ??4ILicenseStatus@MtbLicensing@@QEAAAEAV01@AEBV01@@Z |
| 14 | 0x180031a80 | ??4ILicenseStatusLine@MtbLicensing@@QEAAAEAV01@AEBV01@@Z |
| 15 | 0x180399260 | ??_7AuthenticationAccess@MtbLicensing@@6B@ |
| 16 | 0x180398448 | ??_7IAuthenticationAccess@MtbLicensing@@6B@ |
| 17 | 0x1803984c0 | ??_7ILicenseStatus@MtbLicensing@@6B@ |
| 18 | 0x1803984e8 | ??_7ILicenseStatusLine@MtbLicensing@@6B@ |
| 19 | 0x180038e50 | ?AcquireLicense@AuthenticationAccess@MtbLicensing@@UEAA_NXZ |
| 20 | 0x180038e60 | ?AcquireLicenseNoUI@AuthenticationAccess@MtbLicensing@@UEAA_NXZ |
| 21 | 0x180038e70 | ?GetDaysLeftInTrial@AuthenticationAccess@MtbLicensing@@UEAA?AV?$shared_ptr@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@std@@XZ |
| 22 | 0x180038e90 | ?GetPurchaseUrl@AuthenticationAccess@MtbLicensing@@UEAA?AV?$shared_ptr@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@std@@XZ |
| 23 | 0x180038eb0 | ?GetStatus@AuthenticationAccess@MtbLicensing@@UEAA?AV?$shared_ptr@VILicenseStatus@MtbLicensing@@@std@@XZ |
| 24 | 0x180038ed0 | ?Initialize@AuthenticationAccess@MtbLicensing@@UEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0000JW4LicenseType@2@PEAVILicenseStateUpdateReceiver@2@@Z |
| 25 | 0x180038ee0 | ?IsAddonLicensed@AuthenticationAccess@MtbLicensing@@UEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z |
| 26 | 0x180038ef0 | ?IsLicenseActive@AuthenticationAccess@MtbLicensing@@UEAA_NXZ |
| 27 | 0x180038f00 | ?IsTrial@AuthenticationAccess@MtbLicensing@@UEAA_NXZ |
| 28 | 0x180038f10 | ?PerformLicenseFunction@AuthenticationAccess@MtbLicensing@@UEAAXV?$shared_ptr@VILicenseStatusLine@MtbLicensing@@@std@@@Z |
| 29 | 0x180038fa0 | ?RefreshAddonFeatures@AuthenticationAccess@MtbLicensing@@UEAAXXZ |
| 30 | 0x180038fb0 | ?RelinquishLicense@AuthenticationAccess@MtbLicensing@@UEAAXXZ |
| 31 | 0x180038fc0 | ?ReportLicensePortalData@AuthenticationAccess@MtbLicensing@@UEAA_NHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@00000_N@Z |
| 32 | 0x1800388d0 | DllCanUnloadNow |
| 33 | 0x180038930 | DllGetClassObject |
| 34 | 0x180038a80 | DllInstall |
| 35 | 0x180038b40 | DllRegisterServer |
| 36 | 0x180038bb0 | DllUnregisterServer |
.text
`.rdata
@.data
.pdata
@_RDATA
@.vmp0
`.vmp1
h.reloc
@.rsrc
EnumFontFamiliesExW
LocalFree
FindResourceExW
GetThreadContext
f+rf1
CoDisconnectObject
zzZOb
RaiseException
RegSetValueExW
SetWindowOrgEx
FrameRgn
GetProcessHeap
RegisterClipboardFormatW
DefineDosDeviceA
GlobalDeleteAtom
Rectangle
d@GF(
RegEnumValueW
FlushFileBuffers
Nx'-
FreeLibraryAndExitThread
IsChild
LPtoDP
SetErrorMode
FillRgn
PeekMessageW
VirtualProtect
SetFilePointer
CopyRect
SetWindowTextW
lstrcmpA
SaveDC
DestroyAcceleratorTable
P:/:=p
GetTextCharsetInfo
CreateStdAccessibleObject
RegQueryValueExA
8TEfc
CloseServiceHandle
SetMenu
GdipGetImageWidth
wg-Z)}b}
GlobalFlags
GetMenuStringW
GetDoubleClickTime
B8ge1
GetPaletteEntries
TryEnterCriticalSection
BitBlt
CharUpperBuffW
CreateStreamOnHGlobal
GetClassNameW
Polygon
SystemTimeToTzSpecificLocalTime
NotifyWinEvent
1S<oz
IsZoomed
LoadLibraryA
DeactivateActCtx
GetWindowTextLengthW
CopyAcceleratorTableW
SetPropW
GetLastActivePopup
ReleaseCapture
CallWindowProcW
CallNextHookEx
SystemParametersInfoW
BeginDeferWindowPos
PtInRegion
EnumSystemLocalesW
RegQueryInfoKeyW
RemovePropW
K32GetModuleBaseNameW
DeleteMenu
InitializeCriticalSection
OutputDebugStringW
};KSGB
,Z<?!
hz*7&>
502*g
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49157 | 2.21.22.176 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49157 | 2.21.22.176 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 23.085 seconds )
- 11.404 Suricata
- 4.777 NetworkAnalysis
- 4.262 Static
- 1.513 TargetInfo
- 0.464 AnalysisInfo
- 0.452 peid
- 0.188 BehaviorAnalysis
- 0.012 config_decoder
- 0.011 Strings
- 0.002 Memory
Signatures ( 1.53 seconds )
- 1.38 proprietary_url_bl
- 0.021 antiav_detectreg
- 0.009 api_spamming
- 0.009 infostealer_ftp
- 0.008 antiav_detectfile
- 0.008 proprietary_domain_bl
- 0.007 stealth_decoy_document
- 0.007 stealth_timeout
- 0.006 infostealer_im
- 0.005 anomaly_persistence_autorun
- 0.005 infostealer_bitcoin
- 0.004 antianalysis_detectreg
- 0.004 geodo_banking_trojan
- 0.004 ransomware_extensions
- 0.004 ransomware_files
- 0.003 antivm_vbox_files
- 0.003 infostealer_mail
- 0.003 network_http
- 0.002 tinba_behavior
- 0.002 mimics_filetime
- 0.002 injection_createremotethread
- 0.002 reads_self
- 0.002 virus
- 0.002 browser_security
- 0.002 disables_browser_warn
- 0.001 antiemu_wine_func
- 0.001 network_tor
- 0.001 bootkit
- 0.001 rat_nanocore
- 0.001 stealth_file
- 0.001 proprietary_anomaly_massive_file_ops
- 0.001 betabot_behavior
- 0.001 kibex_behavior
- 0.001 shifu_behavior
- 0.001 antivm_generic_disk
- 0.001 infostealer_browser_password
- 0.001 antidbg_windows
- 0.001 cerber_behavior
- 0.001 injection_runpe
- 0.001 kovter_behavior
- 0.001 hancitor_behavior
- 0.001 antidbg_devices
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 modify_proxy
- 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
- 0.001 proprietary_bad_drop
- 0.001 network_cnc_http
- 0.001 stealth_modify_uac_prompt
Reporting ( 0.547 seconds )
- 0.537 ReportHTMLSummary
- 0.01 Malheur
| Task ID | 743102 |
|---|---|
| Mongo ID | 6603a5717e769a7996a5a842 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号