Server Load
创想兵团.exe    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis
Basic Information
file name:创想兵团.exe
file type:EXEx86
Submission time:2018-10-11 22:01:42
Threat level:clean
MD5:9fb9974acf2d57ea4173abeaaeea5899
sha256:0ad6810c998c42b9dea0731d2637652c366f08b52d17eb892698daef0684f341
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Abnormal flow detection system:0
Hunting system:0
DGA domain name recognition system:0
Network behavior report
domains:0
dns:0
http:0
Document release report
File release report not detected
File process number report
Process details:0
Document behavior signature report
api:OpenSCManagerA
category:services
type:call
category:url
ioc:http://www.w3.org/1999/02/22-rdf-syntax-ns#
type:ioc
category:url
ioc:http://ns.adobe.com/xap/1.0/
type:ioc
category:url
ioc:http://ns.adobe.com/xap/1.0/mm/
type:ioc
category:url
ioc:http://ns.adobe.com/xap/1.0/sType/ResourceRef#
type:ioc
category:url
ioc:http://ec.360bc.cnhttp://www.eyybc.com/forumdisplay.php?fid=17/memcp.php/ip.asp/time.asp/gonggao.txt/ec-user6.php/ec-bd
type:ioc
api:SetWindowsHookExA
category:system
type:call
api:SetWindowsHookExA
category:system
type:call
Static information
PE section table information
Section name:.text
Virtual address:0x00001000
Physical address:0x00001000
Physical size:0x0008e000
Section permissions:R-E
Section name:.rdata
Virtual address:0x0008f000
Physical address:0x0008f000
Physical size:0x0037f000
Section permissions:R--
Section name:.data
Virtual address:0x0040e000
Physical address:0x0040e000
Physical size:0x00012000
Section permissions:RW-
Section name:.rsrc
Virtual address:0x00451000
Physical address:0x00420000
Physical size:0x00016000
Section permissions:R--
PE basic information
import_hash:a000fb9d6f1b5fd77129280216cdc333
time_stamp:2018-10-10 21:26:15
entry_point_section:.text
entry_point_section:.text
image_base:0x400000
entry_point:0x70090
PE resource information
name:TEXTINCLUDE
language:LANG_CHINESE
filetype:ASCII text, with no line terminators
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00451e34
size:0x0000000b
name:TEXTINCLUDE
language:LANG_CHINESE
filetype:C source, ASCII text, with CRLF line terminators
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00451e40
size:0x00000016
name:TEXTINCLUDE
language:LANG_CHINESE
filetype:C source, ASCII text, with CRLF line terminators
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00451e58
size:0x00000151
name:RT_CURSOR
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00451fac
size:0x00000134
name:RT_CURSOR
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x004520e0
size:0x00000134
name:RT_CURSOR
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00452214
size:0x00000134
name:RT_CURSOR
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00452348
size:0x000000b4
name:RT_BITMAP
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x004523fc
size:0x0000016c
name:RT_BITMAP
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00452568
size:0x00000248
name:RT_BITMAP
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x004527b0
size:0x00000144
name:RT_BITMAP
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x004528f4
size:0x00000158
name:RT_BITMAP
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00452a4c
size:0x00000158
name:RT_BITMAP
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00452ba4
size:0x00000158
name:RT_BITMAP
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00452cfc
size:0x00000158
name:RT_BITMAP
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00452e54
size:0x00000158
name:RT_BITMAP
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00452fac
size:0x00000158
name:RT_BITMAP
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00453104
size:0x00000158
name:RT_BITMAP
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0045325c
size:0x00000158
name:RT_BITMAP
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x004533b4
size:0x000005e4
name:RT_BITMAP
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00453998
size:0x000000b8
name:RT_BITMAP
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00453a50
size:0x0000016c
name:RT_BITMAP
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00453bbc
size:0x00000144
name:RT_ICON
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00453d00
size:0x000002e8
name:RT_ICON
language:LANG_CHINESE
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00453fe8
size:0x00000128
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00454110
size:0x00000668
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00454778
size:0x000002e8
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00454a60
size:0x000001e8
name:RT_ICON
language:LANG_NEUTRAL
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_NEUTRAL
offset:0x00454c48
size:0x00000128
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00454d70
size:0x00000ea8
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00455c18
size:0x000008a8
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x004564c0
size:0x000006c8
name:RT_ICON
language:LANG_NEUTRAL
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_NEUTRAL
offset:0x00456b88
size:0x00000568
name:RT_ICON
language:LANG_NEUTRAL
filetype:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
sublanguage:SUBLANG_NEUTRAL
offset:0x004570f0
size:0x000093cb
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x004604bc
size:0x000025a8
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00462a64
size:0x000010a8
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00463b0c
size:0x00000988
name:RT_ICON
language:LANG_NEUTRAL
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_NEUTRAL
offset:0x00464494
size:0x00000468
name:RT_MENU
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x004648fc
size:0x0000000c
name:RT_MENU
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00464908
size:0x00000284
name:RT_DIALOG
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00464b8c
size:0x00000098
name:RT_DIALOG
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00464c24
size:0x0000017a
name:RT_DIALOG
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00464da0
size:0x000000fa
name:RT_DIALOG
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00464e9c
size:0x000000ea
name:RT_DIALOG
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00464f88
size:0x000008ae
name:RT_DIALOG
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00465838
size:0x000000b2
name:RT_DIALOG
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x004658ec
size:0x000000cc
name:RT_DIALOG
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x004659b8
size:0x000000b2
name:RT_DIALOG
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00465a6c
size:0x000000e2
name:RT_DIALOG
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00465b50
size:0x0000018c
name:RT_STRING
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00465cdc
size:0x00000050
name:RT_STRING
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00465d2c
size:0x0000002c
name:RT_STRING
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00465d58
size:0x00000078
name:RT_STRING
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00465dd0
size:0x000001c4
name:RT_STRING
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00465f94
size:0x0000012a
name:RT_STRING
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x004660c0
size:0x00000146
name:RT_STRING
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00466208
size:0x00000040
name:RT_STRING
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00466248
size:0x00000064
name:RT_STRING
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x004662ac
size:0x000001d8
name:RT_STRING
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00466484
size:0x00000114
name:RT_STRING
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00466598
size:0x00000024
name:RT_GROUP_CURSOR
language:LANG_CHINESE
filetype:Lotus 1-2-3
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x004665bc
size:0x00000014
name:RT_GROUP_CURSOR
language:LANG_CHINESE
filetype:Lotus 1-2-3
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x004665d0
size:0x00000014
name:RT_GROUP_CURSOR
language:LANG_CHINESE
filetype:Lotus 1-2-3
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x004665e4
size:0x00000022
name:RT_GROUP_ICON
language:LANG_NEUTRAL
filetype:MS Windows icon resource - 13 icons, 48x48, 16-colors
sublanguage:SUBLANG_NEUTRAL
offset:0x00466608
size:0x000000bc
name:RT_GROUP_ICON
language:LANG_CHINESE
filetype:MS Windows icon resource - 1 icon
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x004666c4
size:0x00000014
name:RT_GROUP_ICON
language:LANG_CHINESE
filetype:MS Windows icon resource - 1 icon
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x004666d8
size:0x00000014
name:RT_VERSION
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x004666ec
size:0x0000025c
name:RT_MANIFEST
language:LANG_NEUTRAL
filetype:XML document text
sublanguage:SUBLANG_NEUTRAL
offset:0x00466948
size:0x000001cd

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号