Analysis Report · CAPE Sandbox

Analysis

Category	Package	Started	Completed	Duration	Options	Log(s)
FILE	exe	2025-06-11 06:48:12	2025-06-11 07:05:41	1049 seconds	Show Options	Show Analysis Log

free=yes
procmemdump=1
import_reconstruction=1
unpacker=2
norefer=1
no-iat=1

2024-11-25 13:37:15,193 [root] INFO: Date set to: 20250611T05:41:16, timeout set to: 1000
2025-06-11 06:41:16,629 [root] DEBUG: Starting analyzer from: C:\tmp_gell1p8
2025-06-11 06:41:16,629 [root] DEBUG: Storing results at: C:\nvRcCS
2025-06-11 06:41:16,629 [root] DEBUG: Pipe server name: \\.\PIPE\ygcqzFMNOh
2025-06-11 06:41:16,629 [root] DEBUG: Python path: C:\Users\Packager\AppData\Local\Programs\Python\Python310-32
2025-06-11 06:41:16,629 [root] INFO: analysis running as an admin
2025-06-11 06:41:16,629 [root] INFO: analysis package specified: "exe"
2025-06-11 06:41:16,629 [root] DEBUG: importing analysis package module: "modules.packages.exe"...
2025-06-11 06:41:17,175 [root] DEBUG: imported analysis package "exe"
2025-06-11 06:41:17,175 [root] DEBUG: initializing analysis package "exe"...
2025-06-11 06:41:17,175 [lib.common.common] INFO: wrapping
2025-06-11 06:41:17,175 [lib.core.compound] INFO: C:\Users\Packager\AppData\Local\Temp already exists, skipping creation
2025-06-11 06:41:17,175 [root] DEBUG: New location of moved file: C:\Users\Packager\AppData\Local\Temp\IMTCPROP.exe
2025-06-11 06:41:17,175 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2025-06-11 06:41:17,175 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2025-06-11 06:41:17,175 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option
2025-06-11 06:41:17,175 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option
2025-06-11 06:41:17,425 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser"
2025-06-11 06:41:17,457 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig"
2025-06-11 06:41:17,488 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise"
2025-06-11 06:41:17,504 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human"
2025-06-11 06:41:17,520 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2025-06-11 06:41:17,520 [lib.api.screenshot] ERROR: No module named 'PIL'
2025-06-11 06:41:17,520 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots"
2025-06-11 06:41:17,520 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump"
2025-06-11 06:41:17,520 [root] DEBUG: Initialized auxiliary module "Browser"
2025-06-11 06:41:17,520 [root] DEBUG: attempting to configure 'Browser' from data
2025-06-11 06:41:17,520 [root] DEBUG: module Browser does not support data configuration, ignoring
2025-06-11 06:41:17,520 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"...
2025-06-11 06:41:17,520 [root] DEBUG: Started auxiliary module modules.auxiliary.browser
2025-06-11 06:41:17,520 [root] DEBUG: Initialized auxiliary module "DigiSig"
2025-06-11 06:41:17,520 [root] DEBUG: attempting to configure 'DigiSig' from data
2025-06-11 06:41:17,520 [root] DEBUG: module DigiSig does not support data configuration, ignoring
2025-06-11 06:41:17,520 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"...
2025-06-11 06:41:17,520 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature
2025-06-11 06:41:17,676 [modules.auxiliary.digisig] DEBUG: File is not signed
2025-06-11 06:41:17,676 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2025-06-11 06:41:18,348 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig
2025-06-11 06:41:18,348 [root] DEBUG: Initialized auxiliary module "Disguise"
2025-06-11 06:41:18,348 [root] DEBUG: attempting to configure 'Disguise' from data
2025-06-11 06:41:18,348 [root] DEBUG: module Disguise does not support data configuration, ignoring
2025-06-11 06:41:18,348 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"...
2025-06-11 06:41:18,348 [modules.auxiliary.disguise] INFO: Disguising GUID to 17f92b02-79d2-44f4-a080-01a9f0954dcc
2025-06-11 06:41:18,348 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise
2025-06-11 06:41:18,348 [root] DEBUG: Initialized auxiliary module "Human"
2025-06-11 06:41:18,348 [root] DEBUG: attempting to configure 'Human' from data
2025-06-11 06:41:18,348 [root] DEBUG: module Human does not support data configuration, ignoring
2025-06-11 06:41:18,348 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"...
2025-06-11 06:41:18,348 [root] DEBUG: Started auxiliary module modules.auxiliary.human
2025-06-11 06:41:18,348 [root] DEBUG: Initialized auxiliary module "Screenshots"
2025-06-11 06:41:18,348 [root] DEBUG: attempting to configure 'Screenshots' from data
2025-06-11 06:41:18,348 [root] DEBUG: module Screenshots does not support data configuration, ignoring
2025-06-11 06:41:18,348 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"...
2025-06-11 06:41:18,348 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled
2025-06-11 06:41:18,348 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots
2025-06-11 06:41:18,363 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets"
2025-06-11 06:41:18,363 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data
2025-06-11 06:41:18,363 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring
2025-06-11 06:41:18,363 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"...
2025-06-11 06:41:18,363 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 696
2025-06-11 06:41:18,394 [lib.api.process] INFO: Monitor config for <Process 696 lsass.exe>: C:\tmp_gell1p8\dll\696.ini
2025-06-11 06:41:18,394 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2025-06-11 06:41:18,394 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2025-06-11 06:41:18,394 [lib.api.process] INFO: Option 'unpacker' with value '2' sent to monitor
2025-06-11 06:41:18,394 [lib.api.process] INFO: Option 'norefer' with value '1' sent to monitor
2025-06-11 06:41:18,394 [lib.api.process] INFO: Option 'no-iat' with value '1' sent to monitor
2025-06-11 06:41:18,394 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor
2025-06-11 06:41:18,394 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmp_gell1p8\dll\SvhbRq.dll, loader C:\tmp_gell1p8\bin\DAYmMlFe.exe
2025-06-11 06:41:18,473 [root] DEBUG: Loader: IAT patching disabled.
2025-06-11 06:41:18,473 [root] DEBUG: Loader: Injecting process 696 with C:\tmp_gell1p8\dll\SvhbRq.dll.
2025-06-11 06:41:18,519 [root] DEBUG: 696: Python path set to 'C:\Users\Packager\AppData\Local\Programs\Python\Python310-32'.
2025-06-11 06:41:18,519 [root] INFO: Disabling sleep skipping.
2025-06-11 06:41:18,519 [root] DEBUG: 696: Full process memory dumps enabled.
2025-06-11 06:41:18,519 [root] DEBUG: 696: Import reconstruction of process dumps enabled.
2025-06-11 06:41:18,519 [root] DEBUG: 696: Active unpacking of payloads enabled
2025-06-11 06:41:18,519 [root] DEBUG: 696: CAPE debug - unrecognised key norefer.
2025-06-11 06:41:18,519 [root] DEBUG: 696: TLS secret dump mode enabled.
2025-06-11 06:41:18,519 [root] DEBUG: 696: InternalYaraScan: Scanning 0x00007FF84A790000, size 0x1f4542
2025-06-11 06:41:18,535 [root] DEBUG: 696: InternalYaraScan hit: RtlInsertInvertedFunctionTable
2025-06-11 06:41:18,535 [root] DEBUG: 696: RtlInsertInvertedFunctionTable 0x00007FF84A7A090E, LdrpInvertedFunctionTableSRWLock 0x00007FF84A8FB4F0
2025-06-11 06:41:18,551 [root] DEBUG: 696: Monitor initialised: 64-bit capemon loaded in process 696 at 0x00007FF824C00000, thread 2712, image base 0x00007FF60D500000, stack from 0x0000008EFACF4000-0x0000008EFAD00000
2025-06-11 06:41:18,551 [root] DEBUG: 696: Commandline: C:\Windows\system32\lsass.exe
2025-06-11 06:41:18,566 [root] DEBUG: 696: Hooked 5 out of 5 functions
2025-06-11 06:41:18,566 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2025-06-11 06:41:18,566 [root] DEBUG: Successfully injected DLL C:\tmp_gell1p8\dll\SvhbRq.dll.
2025-06-11 06:41:18,566 [lib.api.process] INFO: Injected into 64-bit <Process 696 lsass.exe>
2025-06-11 06:41:18,566 [root] DE <truncated>

Machine

Name	Label	Manager	Started On	Shutdown On	Route
win10-2	win10-2	KVM	2025-06-11 06:48:12	2025-06-11 07:05:21	none

File Details

File Name	IMTCPROP.exe
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
File Size	446976 bytes
MD5	7c7a9d6bac8e295c6c97807cd82a9044
SHA1	1da0a8cc71179fab2268cf9605516fa4d205b88a
SHA256	255a65b31bf86c5137efd1c354a9a587c586e5a19005ae2d32409372cf5bca52 [VT] [MWDB] [Bazaar]
SHA3-384	3f296083ee71d06d23cf0ef0a62fc00eb8871c40c25279b67ab2e707242994205b7d0ce2b778caa0c7c4fc84456527e4
CRC32	905B1DE0
TLSH	T17A94D8613A94C612D26029344C67E6B95D6EFCB29E38424F32F43FDFBD312525C28B66
Ssdeep	6144:RGwjhMDTG5y/WCIPREdiUjINmKKRiT7fJXCp:RGwrA/WCIPREkKwBCp
PE	File Strings BinGraph Vba2Graph VirusTotal

4$4*4

LockResource

<A<T<`<n<

6 7F7t7

8"9/989D9O9Z9i9o9t9z9~9

j0QjPZ3

1...$$Y

<7<o<

InsertMenuW

SelectObject

Inline candidate switchCUse candidate switch key to change to some other candidate quickly.NChoose the phrase input key, which is used while composing Chinese characters.

Taiwan Pinyin

.idata$6

(100%)

callerModule

.idata$4

Select an output character type.

1$1,141<1D1L1T1\1d1l1t1|1

CloseThreadpoolTimer

j!j!h6

9 9O9

ReleaseMutex

callerReturnAddressOffset

no such process

GetStartupInfoW

e{veQ

3#3)383H3S3h3t3

k++OdaqN

&Fixed candidate order

1 - 31

GetParent

.rdata$T$brc

GetTokenInformation

Choose your &preferred keyboard layout.

ResolveDelayLoadedAPI

t%h,E@

__dllonexit

t$pVQ

connection_aborted

identifier removed

Punctuation auto-finalize;This scheme name had already exist, please use another one.4Some data may get lost due to incorrect file format.

New ChangJie 2012

Default

ImageList_Draw

CreateSemaphoreExW

0'0S0=1v1

not supported

1&121:1`1v1

0$0,080X0`0l0

Dictionary

not_a_socket

NQy{yyw

entryPoint

operation not supported

8 8(80888@8H8P8

cross device link

;C;N;k;

Big5 only

bad_file_descriptor

8 8/8

_CHT_IMTC_15.0_PROP_MUTEX_OBJ_{A0181BE1-8310-4bc7-934F-C372D934F88D}

&Settings:

B&IG5 characters only

COMCTL32.dll

"%s" 950

+L$HPSha

(&L):

PRh\>@

toedd720""

X-N@b

9/9@9Z9v9

FileVersion

no space on device

CreateWindowExW

Custom conversion scope

Select output character set. (Please make sure the required font is installed properly)

;3;:;q;x;

EndDialog

FeatureError

PolicyManager_GetPolicyInt

SetCursor

.?AVlength_error@std@@

QWERTYUIOP

??_V@YAXPAX@Z

%s /PHRUI /CJ /QK /TIP%s /PROF%s /TERM

FeatureVariantUsage

.didat$7

&Personal regulating

~qjcdOHC

network_down

onecoreuap\windows\feime\win8\ea-shared\libraries\imemdmpolicywrapper\imemdmpolicywrapper.cpp

memmove

Click Yes to reboot. Click No to cancel.

not a directory

GetSysColorBrush

This function is only available in an application that has standard authority. Please try to use in an application that has standard user authority.

Value

(caller: %p)

no link

wilResult

interrupted

WhpA@

??0exception@@QAE@ABQBDH@Z

8+9R9Y9e9w9

Keyboard

_callnewh

{B2F9C502-1742-11D4-9790-0080C882687E}

No change2Are you sure you want to delete all the new words?&Can't use learning under legacy mode !

bad address

LA@<6

2^2e2

>*>3>=>O>n>t>

:4:V:k:q:

__set_app_type

PLLMH

Click Yes to log out. Click No to cancel.

FeatureUsage

2IIIIJM

memcpy_s

\W[CQ

bad allocation

3%343X3q3z3

operation not permitted

QW[CQ

Auto input switch

</dependentAssembly>

DeleteObject

Custom Keyboard Mapping

~{qldOMH

9?:V:_:

Please drag the symbol from the left symbol list to the specific button ! Right click the mouse button can clear the symbol on the button.

J%%%''

`.data

=====,

vp^]<970,

~|rpp

SetLastError

SystemSettings

menuCommandId

mkmkm

0<1C1

tOj@S

MJIIIIIJMK

.rsrc$01

CallContext:[%hs]

&Reset

=H=H=H

DebugBreak

VPVj)

4FMMMMK

system

HFD;711,

vH $$

9E:N:

Legacy mode

040904B0

Microsoft Corporation

ddq[rGw<KKN

pW[9h8

uqSPWj

3=3U3^3v3

j.Xf;F

ext-ms-win-devmgmt-policy-l1-1-0.dll

LoadLibraryExW

KMMMMMMA"7EMM

:9:V:b:y:

memcmp

u$WSQ

DialogBoxIndirectParamW

TextInput

3 3<3@3H3P3X3\3d3x3

.rdata$zETW2

LineTo

.idata

type="win32"

ExcludeJapaneseIMEExceptShiftJIS

UI &font setting:

Customize IME intelligent settings to increase IME conversion accuracy and improve productivity.

{%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}

In&voke User Phrase Tool

_XcptFilter

(&T)

Fuzzy input

fff]D

3!313A3Q3a3q3

?$?4?=?M?[?l?t?

>8>S>f>m>v>

<8=j=t=

wrong_protocol_type

_lock

D$(PQ

0n0r0x0|0

Leading key

too many symbolic link levels

FindWindowExW

#RRich

not enough memory

AcquireSRWLockShared

ReleaseDC

l/SeQ@b

dkxe<P

9I:l:s:

5N5l5

?#?+?6???E?M?Z?c?i?q?|?

BACKSPACE

GF=;61/,*('%6Z

}qjdSMH,

.?AVbad_alloc@std@@

(&U)

AWQHPQj

1"12181w1

menuCommand

20282L2T2\2d2h2l2t2

PPPPP

CreateMutexExW

CoInitialize

{0B883BA0-C1C7-11D4-87F9-0080C882687E}

SysListView32

ClientToScreen

9V9}9

8eM>Ob

SVWQQ3

PeekMessageW

EventRegister

pk_JHFcv

Chinese

UP ARROW

GetWindowRect

;$;-;7;@;Y;l;~;

Input status feedback

9e:l:

Use left SHIFT to

EnableLUA

permission_denied

PPhD'@

(&S)

]"Intelligent auto input mode switch

resource unavailable try again

eW[2N

xhQW[

ChildWindowFromPointEx

TranslateMessage

_initterm

~h_^]

filename_too_long

e__JHFcv

.?AVlogic_error@std@@

4$4,444<4D4L4T4\4d4l4t4|4

_CxxThrowException

2012

GDI32.dll

Select the initial input mode when application started up.

LReduce the need to switch conversion mode between Chinese and English input.YThe option to set the length of undetermined strings for auto conversion (in character). ;Use ESC key to finalize input string or clear input string.+Use CTRL+punctuation to enter punctuations.gDefine the leading key. The default leading key is GRAVE ACCENT; the other leading key is SINGLE QUOTE.!Enable 'Z' key as wildcard input.

MMJJJJJJJMMMK

!!!!!!!!!!!

VlVlV

.idata$5

wdi2y

Surrogate

IsWindow

Invoke Learning &Wizard

JJJJMK

TonelessbUse all tone keys as toneless keys which means all tone keys will be treated as toneless wildcard.

(Disable under pinyin layout)1Please close another opened setting dialog first!

Software\Microsoft\Windows\CurrentVersion\Policies\System

GetClientRect

.?AVout_of_range@std@@

InvalidateRect

!ahYFqNtQueryWnfStateData

LeaveCriticalSection

HeapAlloc

InitOnceComplete

resource deadlock would occur

not connected

Clear input string

protocol_not_supported

originName

JHFD;61

4!4^4g4

too many files open in system

ReadFile

7M7d7q7}7

Please input the name0Are you sure you want to delete the user phrase?

%d.%d

destination address required

= =:=A=I=b=l=

operation_would_block

PtInRect

RegQueryValueExW

internal\sdk\inc\wil\Resource.h

4<4x4

(CNS11643)

ImageList_EndDrag

&Driver letters

Microsoft Hong Kong Cantonese

ImageList_DragLeave

ImageList_GetImageInfo

2$2,242<2D2L2T2\2l2t2|2

MMMMMMMMMMMM

address not available

Microsoft

VarFileInfo

GetLastActivePopup

!vwji

T$0QQV

<#<4<D<Z<e<l<

MMMMMMMMMMM.LL

.data$brc

file exists

ASDFGHJKL

no such file or directory

callContext

message size

.?AVexception@@

D$|PV

strstr

_acmdln

ImageList_Destroy

operation_in_progress

&UNC path

(CTRL+

Toneless key%Define a wildcard for toneless input.

;b<i<u<

InternalName

Unicode

.didat$2

FillRect

Quick 2012

&New phrase learning

_controlfp

CreatePen

AllowJapaneseNonPublishingStandardGlyph

.text$yd

u,SShG

malloc

Microsoft JhengHei UI

uQj@j

&Customize

IME

}X[(W

.data$r$brc

(&F):

originModule

7F7a7

_vsnwprintf

Unicode

Nzz<hu

&Traditional Chinese

RtlUnsubscribeWnfNotificationWaitForCompletion

8R8m8

Ph(+@

<A>Privacy statement</A>

host_unreachable

Quick

.rsrc$02

??0exception@@QAE@ABQBD@Z

KMMM/L6!

1.))

CreateFileW

_unlock

:%;4;f;

</requestedPrivileges>

iostream

9~(s2Wj

O:%sD:(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;%s)(A;;GA;;;RC)S:(ML;;0x1;;;LW)

*BMMK

{531fdebf-9b4c-4a43-a2aa-960e8fcdc732}

connection refused

read only file system

GetDC

474m4

wrong protocol type

SetTextColor

SleepConditionVariableSRW

_exit

6 6%6

Enable &personal regulating

Indicate the characters which have been changed by IME. The changed characters will be highlighted and can be corrected by using CTRL keys..(Disable in Simplified Chinese Language Model)

6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6

~|rppl

.SPWj

SetCapture

address family not supported

&Delete

Include the characters of CJK Unified Ideographs Extension &B

operation would block

?=?W?d?{?

1 1&151C1l1u1

AcquireSRWLockExclusive

stream timeout

.text$di

MM#MM

Iu\]B

O:%sD:(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;%s)S:(ML;;0x1;;;ME)

IME version error !

SPhPD@

FormatMessageW

>PWRQWW

originatingContextMessage

module

??3@YAXPAX@Z

'******,

MsgWaitForMultipleObjects

=)=i=

;#;);A;F;L;Q;V;[;`;f;n;

%hs!%p:

Tree1

&Export

originCallerModule

protocol not supported

Reserved words already exist !

LegalCopyright

CoUninitialize

0 1D1W1j1

vHr,g

bad message

function

CallWindowProcW

1L1x1:2@2F2L2S2r2

9:9e9

:::e:

chQb_

8/8L8

GetLayout

5H6O6m6|6

10.0.17763.1 (WinBuild.160101.0800)

SVj\3

GetCurrentProcessId

MenuSelected

AllowIMENetworkAccess

7)8j8

= >R>Y>

GetSaveFileNameW

vW[CQ

%s /PHRUI /CJ /TIP%s /PROF%s /TERM

Always half-width!This value must between 1 and 31.?Only lower alphabetic characters are alowed for reserved words!HAt least 3 to 12 lower alphabetic characters allowed for reserved words! Microsoft New ChangJie IME %d.%d

DeleteCriticalSection

.rdata$zETW0

/SYSSET

argument list too long

FSPWj

GetWindowLongW

CreateThreadpoolTimer

{<G\'1m

host unreachable

SPACE

{SOW[

Large font

3A3K3g3{3

toe]9720,

797?7m7A8

<assemblyIdentity

IME2012

originLineNumber

.tls$ZZZ

Big5

CoCreateInstance

Normal font

Use right SHIFT to

Microsoft

2?2a2

0@0o0

network_reset

64..)

4)4:4E4d4n4~4

6+666T6k6

DelayLoadFailureHook

io error

9,979A9N9i9

IMTCPROP.exe

language="*"

Keyboard Layout:

Pwytp

.CRT$XLA

WaitForSingleObjectEx

Microsoft ChangJie

iostream stream error

Unicode

Pq}!j

NUOyr

3&333S3[3g3t3

;J<]<

O:%sD:(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;%s)(A;;GA;;;RC)(A;;GA;;;AC)(A;;GA;;;S-1-15-3-1024-79080987-3398622760-2608912076-1085899501-4039864605-4024366022-736258278-368603348)S:(ML;;0x1;;;LW)

GetSystemMetrics

&Prompt associated phrases of the input character

operation canceled

Microsoft.Windows.Desktop.TextInput.BopomofoIme

vW[CQ

GetMessagePos

WilStaging_02

ImageList_DragEnter

Change UI font setting of candidate window for a better visual clarity.

argument out of domain

.rdata$zzzdbg

_vsnprintf_s

******

0S0h0t0

GetDeviceCaps

De&lete

bad file descriptor

DestroyMenu

ShPaA

ImageList_DragShowNolock

9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9

no such device or address

Include the characters of CJK Unified Ideographs E&xtension A

Intelligent mode

;#;-;8;?;K;U;`;g;s;};

.CRT$XIA

.rdata

Ozfga$R

%s /PHRUI /CT /TIP%s /PROF%s /TERM

SOFTWARE\Classes\CLSID\%s\InprocServer32

Confirm text before IP

!FS\?g

6 6/6<6C6^6f6~6

GetDlgItem

Phonetic"Sentence-final particle conversion

v{jc<OHC,"

MS Shell Dlg

too many files open

<B<S<~<

DispatchMessageW

publicKeyToken="6595b64144ccf1df"

;4<;<l<

Finish

CharLowerW

MMMMMMK

u$h@@@

465O5

Use right SHIFT key to toggle conversion modes, confirm text before insertion point without finalizing input string, or do nothing.

Dynamic &candidate order based on usage

List1

New Quick 2012

connection_already_in_progress

address_in_use

.CRT$XIZ

Privacy setting:

https://go.microsoft.com/fwlink/?LinkId=521839&clcid=0x0409

no lock available

generic

PropertyInvoke

?_?u?

Alphanumeric

h]D@<

WriteFile

FD=;61/,*('7{Y

(120%)

GetSidSubAuthority

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

CreatePopupMenu

InitializeCriticalSectionEx

3$3,343<3D3L3T3\3d3l3t3|3

5m6s6

FileDescription

DllGetClassObject

!This program cannot be run in DOS mode.

&Unicode characters

Context sensitive conversion

enabled

Msg:[%ws]

D$4X:@

WaitForSingleObject

ExcludeJapaneseIMEExceptJIS0208andEUDC

D$HPh

95p`A

originFile

SetPixel

J!!!!!!

address in use

already connected

#Microsoft

invalid_argument

tj9D$

Microsoft Quick

OpenProcessToken

xmjD^V

2E2\2c2

RtlSubscribeWnfStateChangeNotification

Change user interface language.

= ?[?

Bopomofo

GetModuleFileNameA

152`2k2z2

L$l_^[3

ExtTextOutW

/SeQ(

SystemParametersInfoW

ntdll.dll

Match previous

MessageBoxW

no stream resources

owner dead

g_U(udk

>O>`>~>

D$$X:@

VVVPd

Button

FindResourceExW

SetWindowTextW

USER32.dll

'lThe system needs to be logged in again. Do you want to logout now?

network unreachable

10.0.17763.1

Export error.

directory not empty

|pppll|v

Include more characters defined by &CNS 11643

&[rGG<

WakeAllConditionVariable

Standard

<8=H=

020W0b0

(Disable under custom layout)

Ph|'@

8.8M8X8g8m8q8z8

Intelligent Legacy mode

memcpy

IED%7

SetForegroundWindow

.idata$3

SHIFT

>,>m?

vp^]<972,

network reset

SetWindowLongW

&&&&&&

OpenSemaphoreW

(Click to add...)

Auto Input Switch

(#!!

AllowIMELogging

8()GMM

ReleaseSRWLockExclusive

;O<V<g<p<|<

file too large

invalid seek

featureVersion

9>:G:y:

;/;Q;W;d;

uNPPV

LoadCursorW

Extra Large font

.didat$5

not a socket

F80**********

CreateFontIndirectW

FallbackError

version="6.0.0.0"

(uW[CQ

ESC

O:%sD:(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;%s)(A;;GA;;;RC)

EnterCriticalSection

is a directory

.CRT$XCU

VWj@3

t4f99t/

4&4P4o4

RtlDllShutdownInProgress

SysTabControl32

ConvertStringSecurityDescriptorToSecurityDescriptorW

C =;@MM

[%hs(%hs)]

Microsoft New ChangJie

SShh;@

LoadImageW

message

no protocol option

Ph@'@

QueryPerformanceCounter

*.KBD

originatingContextName

OYuW[

BIG5

ConvertSidToStringSidW

threadId

0"0:0^0h0v0~0

string too long

<(<3<D<Z<j<

=`=t=

Use ESC to

QQSV3

HanYu Pinyin

??0exception@@QAE@ABV0@@Z

msvcrt.dll

u!h$'@

&Default input mode:

ChangJie 2012

StringFileInfo

%hs(%d) tid(%x) %08X %ws

(200%)

ExpandEnvironmentStringsW

memmove_s

no child process

QW[.z

.rdata$zETW9

1#101d1

process

no buffer space

ole32.dll

GetCurrentProcess

"SPWj

9=p`A

3-3F3\3u3

PMingLiu

Enable &new phrase learning

GetSysColor

`_JHG>ct

%s /PHRUI /TC /TIP%s /PROF%s /TERM

0$0,040<0D0L0T0\0d0l0t0|0

Finalize input string

__setusermatherr

>$>D>L>T>`>

(&S):

??0exception@@QAE@XZ

?4?<?D?P?p?x?

~IHHHH

\W[CQ@b

HeapFree

"%""o

invalid string position

40.)##

already_connected

no message available

tH9|$

_except_handler4_common

&Clear All

currentContextId

GetOpenFileNameW

3!4D4e4p4|4

F@<66

GetTickCount

2Local\SM0:%d:%d:%hs

Warning beep feedbackdThe system needs to be rebooted. Do you want to reboot now?

Fine tuning options for your personal typing behavior.

22262<2@2Q2a2r2v2|2

fileName

>L?~?

0"060A0K0T0_0d0

pplaJHfv

1f;2u

vLh(&@

{B115690A-EA02-48D5-A231-E3578D2FDF80}

+j Yf;H

GetSidSubAuthorityCount

.text$mn

kfffq

broken pipe

SysLink

not a stream

LocalFree

8:9j9

&Clear

DllCanUnloadNow

2$303

Phrase input+Do you want to save this keyboard mapping ?(Custom keyboard mapping not finish yet !

.CRT$XIY

UI &language setting:

.?AVResultException@wil@@

failureId

Advanced

TerminateProcess

PostMessageW

</assembly>

T#32770

.didat$3

protocol error

:-:9:>:H:N:\:c:p:v:

Translation

L$ RW

ScreenToClient

5'5=5E5l5u5

Microsoft IME

505=5F5T5m5

=%=.=:=B=R=g=

FindWindowW

bceHO,g

General settings:

&Character Set

#Please launch from IME's tool menu!

text file busy

(&B)

(&I)

operation_not_supported

;.;5;};

KBD File(*.kbd)

CTRL

addend

S+T-N

WilError_02

EventWriteTransfer

GetDlgCtrlID

eQW[2N

0O0`0

Fuzzy Input

Phrase input key

uxj7Y

vp^^<;22,+

<Q=n=}=

Settings :

.2z2$

bad_address

address_not_available

;"<e<t<

Punctuation Input

connection_reset

EventSetInformation

5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5

Shift

QQhD'@

2QX[I

ProductVersion

address_family_not_supported

D$`SVW

<*=0=:=@=I=N=~=

.text$x

8h8w8

__p__commode

CreateMutexW

W[CQ

OutputDebugStringW

not_connected

6?6D6`6~8

x'`&N

too many links

UpdateWindow

3C4W4d4m4v4

KillTimer

Always full-width

.didat$4

465;5K5|5

featureStage

SetDlgItemTextW

Enter

__CxxFrameHandler3

Microsoft Phonetic

.didat$6

ReturnHr

ShowWindow

connection_refused

variantKind

_onexit

IsValidSid

.xdata$x

PPhH'@

SHELL32.dll

W[CQ(

IDI_ICON

Sound a warning beep.

.CRT$XIAA

GetModuleHandleW

D$@SV

Segoe UI

t$<WP

R'YW[

wcsnlen

no_protocol_option

9"909V9

inappropriate io control operation

VQPWV

ImmDisableIME

failureType

5>6G6x7

Character Set Settings

.rdata$sxdata

timed out

yr'YW[

Windows

Microsoft Bopomofo

function not supported

VWj43

;%%%%

IsDebuggerPresent

6 6,6F6R6u6

.CRT$XLZ

u3f9LF

8F8d8u8|8

HGD=76/

&Use the phrases defined in user phrase tool

jHh<h

.giats

kernelbase.dll

hresult

.rdata$zETW1

.rsrc

XPVSh

LineDDA

_ismbblead

Vc//1

=$=7=H=Z=l=~=

AllowJapaneseIMESurrogatePairCharacters

ChingYeah

OYuW[Bf

invalid argument

Use Z key as wildcard

r-+>+

connection reset

Microsoft.Windows.Wil.FeatureLogging

cJSb_

Cancel$Show input reading in candidate listJSpecify the phonetic format of input reading to display in candidate list.

permission denied

ReleaseCapture

no such device

.idata$2

141a1

4!5C5a5

A<<64

CreateProcessW

connection aborted

Cancel

7$7-7C7J7W7g7

OriginalFilename

RaiseFailFastException

state not recoverable

<3=G=p=

4<4K4

{F3BA907A-6C7E-11D4-97FA-0080C882687E}

Dictionary settings :

illegal byte sequence

?,?2?6?>?D?H?T?`?i?

_U(u8^(u

?what@exception@@UBEPBDXZ

ShellExecuteW

SetTimer

t:j8Y

>eeQ0R-N

(Custom)

destination_address_required

.tls$

wwwwwwwwp

5?&MMMK

SysTreeView32

1 1!1"1#1$1%1&1

GetExitCodeThread

;(<N<

9-949P9|:

General

1234567890

ChangJie

.CRT$XCA

.CRT$XCAA

originCallerReturnAddressOffset

processorArchitecture="*"

QQhH'@

.gfids

(&X)

/f&TI

Phonetic 2012

ImageList_BeginDrag

Dele&te

Warning: This computer program is protected by copyright law and international treaties. Unauthorized reproduction or distribution of this program, or any portion of it, may result in severe civil and criminal penalties, and will be prosecuted to the maximum extent possible under the law.

L$4^3

KERNEL32.dll

ReleaseSRWLockShared

tsSPj0V

8%8/878A8

ADVAPI32.dll

Alphanumeric mode

wcsncat_s

connection already in progress

t;j"Yf9

1!2(21282

MoveToEx

</security>

About

0ShPA@

no message

ImageList_DragMove

SetThreadpoolTimer

%hs(%d)\%hs!%p:

Operating System

https://go.microsoft.com/fwlink/?LinkId=521839&clcid=0x0404

Save &mis-conversions to file

CreateThread

.00cfg

Convert a particle-like character to a sentence-final particle automatically when it is followed by a corresponding punctuation.=Decide the input behavior when a sentence delimiter is input.SThe option for using Leading Key and defined shortcut (TWWR) to input user phrase. .Take Fuzzy (sound-like) Pairs into conversion.

wwwwp

TrackPopupMenu

vector<T> too long

Y__^[

EnableWindow

??1type_info@@UAE@XZ

@.didat

UnhandledExceptionFilter

091m1}1

0<1o1u1

Shift

FreeLibrary

GetModuleHandleExW

About 3

t.j9Y

GetWindowTextW

ppplgJkv

PropertySheetW

BUTTON

operation in progress

FailFast

EventUnregister

DefWindowProcW

NtUpdateWnfStateData

5#6L6

;2;6;B;F;R;V;b;h;q;

Change to &alphanumeric mode after auto input switch

_cexit

7f7w7

Output Settings:

>->D>L>w>~>

&Simplified Chinese

CloseHandle

&Restore Defaults

Auto input switch rule

Add new reserved words

currentContextName

GetVersionExW

@.reloc

RtlNtStatusToDosErrorNoTeb

-N@b-

: :>:I:X:a:

EPh4B@

internal\sdk\inc\wil/Staging.h

Hong Kong Cantonese 2012

Ph8%@

Bc\ZbK

2I2a2g2p2w2

https://go.microsoft.com/fwlink/?LinkId=521839&clcid=0x0c04

D$X8;@

CompanyName

131j1"2)2;2B2Q2W2

VS_VERSION_INFO

LoadResource

_purecall

J;'!!!!2!!!!!!!!!!!

*.txt

Settings

GetLastError

GetCurrentThreadId

5$5)5F5

<"<(<2<8<B<H<R<X<b<h<s<

+OOaaq[

timed_out

Auto detect

GetSystemTimeAsFileTime

failureCount

__getmainargs

8 878>8O8V8

WaitForThreadpoolTimerCallbacks

u'ShQ

</dependency>

s(W{v

>Y>{>

Text file(s)

LogHr

(None)2Are you sure you want to delete the learning file?

filename too long

_amsg_exit

__p__fmode

ExcludeJapaneseIMEExceptJIS0208

.CRT$XCZ

IMTCPROP.pdb

Secondary Bopomofo

?terminate@@YAXXZ

;+;X;

:SPWj

Please close EUDP tool first !SAre you sure you want to reset all the customize settings to the initial settings ?

>.?9?T?_?h?

11.Ld

Both side

featureBaseVersion

e~nlVlVVPVPPIIHE=E**%%%$$

41.))J

English

'1(1)1

currentContextMessage

061d1u1

message_size

Exception

GetProcessHeap

AllowJapaneseUserDictionary

Sleep

u$h(@@

1+1C1[1t1

kernel32

j0QjhZ3

SendMessageW

=,>6>C>^>}>

&Reserved words (Lower case letters)

too_many_files_open

<'<-<4<9<F<U<]<e<y<

D$,Pj

-N@bZP

223<3A3F3a3f3k3r3w3|3

no_buffer_space

SetUnhandledExceptionFilter

;";&;*;.;2;6;:;>;B;[;

EnabledFeatureUsage

Microsoft New Quick

.data

?)?o?w?

1$1D1P1p1|1

Include the characters of the &HKSCS

%*"###

&Import

{0AEC109C-7E96-11D4-B2EF-0080C882687E}

network down

Intelligent Learning Settings

IMM32.dll

5;5L5W5k5y5

name="Microsoft.Windows.Common-Controls"

L1MMMMMM

executable format error

GetUserDefaultUILanguage

SetProcessDEPPolicy

device or resource busy

0,0P0T0X0\0d0l0t0

??1exception@@UAE@XZ

.text

(&C)

InitOnceBeginInitialize

COMDLG32.dll

KMMMMMMMMMMM

7L8o8~8

;Z;a;j;~;

:';-;S;

memset

KMJIIIIIJMM

Use left SHIFT key to toggle conversion modes, confirm text before insertion point without finalizing input string, or do nothing.

9%9M9p9

value too large

A23t"

[%hs]

2012 Microsoft Corporation.

(&D):

unknown error

featureId

0Y0k0

)(&R)

VhP+A

=U>`>n>

result out of range

ZXCVBNM

Surrogate

.rdata$brc

RegOpenKeyExW

SetWindowPos

RegCloseKey

>">->4>F>L>R>X>^>d>k>r>y>

ReleaseSemaphore

SetFocus

network_unreachable

zz<hu

variant

wcsncpy_s

originatingContextId

SetBkColor

7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|7

:$:H:N:Z:a:p:

GetProcAddress

(&R)

Toggle conversion mode

GetDlgItemTextW

~qjed9M2="

D$HPW

E0s0z0

~VOHE=

GetUserDefaultLangID

</trustInfo>

lineNumber

IsWindowEnabled

\OKNhQ

O(uMR

3MMMMK

=5>;>H>S>l>w>

9 979N9e9u9

5&5/585A5J5S5

AllowJapaneseIVSCharacters

ProductName

_vsnwprintf_s

DOWN ARROW

:H;Y;

PE Information

Image Base	Entry Point	Reported Checksum	Actual Checksum	Minimum OS Version	PDB Path	Compile Time	Import Hash	Icon	Icon Exact Hash	Icon Similarity Hash	Icon DHash
0x00400000	0x00013b80	0x00078d93	0x00078d93	10.0	IMTCPROP.pdb	2050-10-14 05:18:29	922a2d0eaa6da5640ad5cc27428ee8a5		2f4cfc2f9bf7c4c36c6e0ec5d4a25efa	4f26df47260905b8c6a8a3746c530645	a6a4a666e6e4cec0

Version Infos

CompanyName	Microsoft Corporation
FileDescription	IMTCPROP.exe
FileVersion	10.0.17763.1 (WinBuild.160101.0800)
InternalName	IMTCPROP.exe
LegalCopyright	Â© Microsoft Corporation. All rights reserved.
OriginalFilename	IMTCPROP.exe
ProductName	MicrosoftÂ® WindowsÂ® Operating System
ProductVersion	10.0.17763.1
Translation	0x0409 0x04b0

Sections

Name	RAW Address	Virtual Address	Virtual Size	Size of Raw Data	Characteristics	Entropy
.text	0x00000400	0x00001000	0x00014408	0x00014600	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.38
.data	0x00014a00	0x00016000	0x00005694	0x00004400	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	0.86
.idata	0x00018e00	0x0001c000	0x000017c4	0x00001800	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.63
.didat	0x0001a600	0x0001e000	0x00000008	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	0.06
.rsrc	0x0001a800	0x0001f000	0x00051408	0x00051600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	3.18
.reloc	0x0006be00	0x00071000	0x000013fc	0x00001400	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	6.73

Name	Offset	Size	Language	Sub-language	Entropy	File type
RT_ICON	0x00020e00	0x000002e8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	3.21	None
RT_ICON	0x000210e8	0x00000128	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.65	None
RT_ICON	0x00021210	0x00000ea8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	5.46	None
RT_ICON	0x000220b8	0x000008a8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	5.42	None
RT_ICON	0x00022960	0x000006c8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	5.48	None
RT_ICON	0x00023028	0x00000568	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	3.38	None
RT_ICON	0x00023590	0x000025a8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	4.41	None
RT_ICON	0x00025b38	0x000010a8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	4.83	None
RT_ICON	0x00026be0	0x00000988	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	4.93	None
RT_ICON	0x00027568	0x00000468	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	4.67	None
RT_ICON	0x00027a68	0x00000ea8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.02	None
RT_ICON	0x00028910	0x00000ba8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.15	None
RT_ICON	0x000294b8	0x000008a8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.43	None
RT_ICON	0x00029d60	0x000006c8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.10	None
RT_ICON	0x0002a428	0x00000608	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.92	None
RT_ICON	0x0002aa30	0x00000568	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.98	None
RT_ICON	0x0002af98	0x000025a8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.40	None
RT_ICON	0x0002d540	0x00001a68	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.54	None
RT_ICON	0x0002efa8	0x000010a8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.03	None
RT_ICON	0x00030050	0x00000988	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.05	None
RT_ICON	0x000309d8	0x000006b8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.19	None
RT_ICON	0x00031090	0x00000468	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.86	None
RT_ICON	0x000315a8	0x00000ea8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.96	None
RT_ICON	0x00032450	0x00000ba8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.38	None
RT_ICON	0x00032ff8	0x000008a8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.34	None
RT_ICON	0x000338a0	0x000006c8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.03	None
RT_ICON	0x00033f68	0x00000608	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.52	None
RT_ICON	0x00034570	0x00000568	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.45	None
RT_ICON	0x00034ad8	0x000025a8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.31	None
RT_ICON	0x00037080	0x00001a68	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.42	None
RT_ICON	0x00038ae8	0x000010a8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.88	None
RT_ICON	0x00039b90	0x00000988	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.84	None
RT_ICON	0x0003a518	0x000006b8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.95	None
RT_ICON	0x0003abd0	0x00000468	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.23	None
RT_ICON	0x0003b0e8	0x00000ea8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.66	None
RT_ICON	0x0003bf90	0x00000ba8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.76	None
RT_ICON	0x0003cb38	0x000008a8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.89	None
RT_ICON	0x0003d3e0	0x000006c8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.75	None
RT_ICON	0x0003daa8	0x00000608	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.62	None
RT_ICON	0x0003e0b0	0x00000568	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.48	None
RT_ICON	0x0003e618	0x000025a8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.06	None
RT_ICON	0x00040bc0	0x00001a68	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.19	None
RT_ICON	0x00042628	0x000010a8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.38	None
RT_ICON	0x000436d0	0x00000988	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.56	None
RT_ICON	0x00044058	0x000006b8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.71	None
RT_ICON	0x00044710	0x00000468	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.03	None
RT_ICON	0x00044c28	0x00000ea8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.56	None
RT_ICON	0x00045ad0	0x00000ba8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.61	None
RT_ICON	0x00046678	0x000008a8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.77	None
RT_ICON	0x00046f20	0x000006c8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.65	None
RT_ICON	0x000475e8	0x00000608	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.45	None
RT_ICON	0x00047bf0	0x00000568	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.30	None
RT_ICON	0x00048158	0x000025a8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	0.96	None
RT_ICON	0x0004a700	0x00001a68	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.05	None
RT_ICON	0x0004c168	0x000010a8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.22	None
RT_ICON	0x0004d210	0x00000988	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.47	None
RT_ICON	0x0004db98	0x000006b8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.46	None
RT_ICON	0x0004e250	0x00000468	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.72	None
RT_ICON	0x0004e768	0x00000ea8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.98	None
RT_ICON	0x0004f610	0x00000ba8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.03	None
RT_ICON	0x000501b8	0x000008a8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.25	None
RT_ICON	0x00050a60	0x000006c8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.91	None
RT_ICON	0x00051128	0x00000608	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.13	None
RT_ICON	0x00051730	0x00000568	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.87	None
RT_ICON	0x00051c98	0x000025a8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.58	None
RT_ICON	0x00054240	0x00001a68	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.76	None
RT_ICON	0x00055ca8	0x000010a8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.07	None
RT_ICON	0x00056d50	0x00000988	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.03	None
RT_ICON	0x000576d8	0x000006b8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.39	None
RT_ICON	0x00057d90	0x00000468	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.64	None
RT_ICON	0x000582a8	0x00000ea8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.89	None
RT_ICON	0x00059150	0x00000ba8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.89	None
RT_ICON	0x00059cf8	0x000008a8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.12	None
RT_ICON	0x0005a5a0	0x000006c8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.75	None
RT_ICON	0x0005ac68	0x00000608	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.03	None
RT_ICON	0x0005b270	0x00000568	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.73	None
RT_ICON	0x0005b7d8	0x000025a8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.48	None
RT_ICON	0x0005dd80	0x00001a68	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.63	None
RT_ICON	0x0005f7e8	0x000010a8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.91	None
RT_ICON	0x00060890	0x00000988	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	1.81	None
RT_ICON	0x00061218	0x000006b8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.17	None
RT_ICON	0x000618d0	0x00000468	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.37	None
RT_ICON	0x00061de8	0x00000668	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	3.96	None
RT_ICON	0x00062450	0x000002e8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	4.09	None
RT_ICON	0x00062738	0x000001e8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	4.05	None
RT_ICON	0x00062920	0x00000128	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	3.26	None
RT_ICON	0x00062a48	0x00000ea8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	5.64	None
RT_ICON	0x000638f0	0x000008a8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	4.95	None
RT_ICON	0x00064198	0x000006c8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	4.69	None
RT_ICON	0x00064860	0x00000568	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	3.70	None
RT_ICON	0x00064dc8	0x000025a8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	4.78	None
RT_ICON	0x00067370	0x000010a8	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	4.40	None
RT_ICON	0x00068418	0x00000988	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	4.11	None
RT_ICON	0x00068da0	0x00000468	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	4.47	None
RT_DIALOG	0x00069e28	0x000004c4	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	4.28	None
RT_DIALOG	0x0006b7d8	0x00000782	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.38	None
RT_DIALOG	0x00069598	0x000000bc	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.98	None
RT_DIALOG	0x0006b118	0x0000008e	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.88	None
RT_DIALOG	0x00069658	0x0000011c	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	3.58	None
RT_DIALOG	0x0006c918	0x00000118	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.05	None
RT_DIALOG	0x00069778	0x00000210	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	4.10	None
RT_DIALOG	0x0006ae50	0x000002c4	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.52	None
RT_DIALOG	0x00069c28	0x000001fc	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	3.52	None
RT_DIALOG	0x0006b1a8	0x0000020e	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.29	None
RT_DIALOG	0x0006a808	0x00000270	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	3.69	None
RT_DIALOG	0x0006bf60	0x000002b6	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.28	None
RT_DIALOG	0x0006a2f0	0x000003be	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	4.11	None
RT_DIALOG	0x0006c218	0x0000056c	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.36	None
RT_DIALOG	0x0006a6b0	0x00000158	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	3.71	None
RT_DIALOG	0x0006c788	0x00000190	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.24	None
RT_DIALOG	0x00069988	0x0000029c	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	3.85	None
RT_DIALOG	0x0006b3b8	0x000002f8	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.17	None
RT_DIALOG	0x0006aa78	0x00000140	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.98	None
RT_DIALOG	0x0006b6b0	0x00000128	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.76	None
RT_DIALOG	0x0006abb8	0x00000294	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	4.24	None
RT_DIALOG	0x0006ca30	0x0000039a	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.38	None
RT_STRING	0x0006cdd0	0x000000e6	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	5.50	None
RT_STRING	0x0006df10	0x00000186	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.33	None
RT_STRING	0x0006da00	0x0000012c	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	5.94	None
RT_STRING	0x0006fba8	0x00000214	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.50	None
RT_STRING	0x0006d920	0x000000de	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	6.06	None
RT_STRING	0x0006f928	0x00000280	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.38	None
RT_STRING	0x0006ceb8	0x0000019a	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	6.27	None
RT_STRING	0x0006e098	0x00000424	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.37	None
RT_STRING	0x0006d058	0x0000017e	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	6.41	None
RT_STRING	0x0006e4c0	0x00000402	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.32	None
RT_STRING	0x0006db30	0x0000039c	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	6.62	None
RT_STRING	0x0006fdc0	0x000005e8	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.35	None
RT_STRING	0x0006d390	0x0000035c	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	6.05	None
RT_STRING	0x0006eda8	0x00000544	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.45	None
RT_STRING	0x0006d6f0	0x0000022e	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	6.24	None
RT_STRING	0x0006f2f0	0x00000634	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.34	None
RT_STRING	0x0006d1d8	0x00000120	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	6.19	None
RT_STRING	0x0006e8c8	0x0000032a	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.29	None
RT_STRING	0x0006d2f8	0x00000096	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	5.29	None
RT_STRING	0x0006ebf8	0x000001ae	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.22	None
RT_STRING	0x0006ded0	0x0000003a	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.88	None
RT_STRING	0x000703a8	0x0000005a	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.31	None
RT_GROUP_ICON	0x000279d0	0x00000092	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	2.99	None
RT_GROUP_ICON	0x000314f8	0x000000ae	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	3.12	None
RT_GROUP_ICON	0x0003b038	0x000000ae	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	3.14	None
RT_GROUP_ICON	0x00044b78	0x000000ae	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	3.17	None
RT_GROUP_ICON	0x0004e6b8	0x000000ae	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	3.18	None
RT_GROUP_ICON	0x000581f8	0x000000ae	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	3.20	None
RT_GROUP_ICON	0x00061d38	0x000000ae	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	3.20	None
RT_GROUP_ICON	0x00069208	0x000000ae	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	3.20	None
RT_VERSION	0x00020a70	0x00000390	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.46	None
RT_MANIFEST	0x000692b8	0x000002d9	LANG_CHINESE	SUBLANG_CHINESE_TRADITIONAL	4.96	None

Imports

Name	Address
ConvertStringSecurityDescriptorToSecurityDescriptorW	0x41c000
EventWriteTransfer	0x41c004
EventUnregister	0x41c008
EventSetInformation	0x41c00c
EventRegister	0x41c010
OpenProcessToken	0x41c014
GetTokenInformation	0x41c018
ConvertSidToStringSidW	0x41c01c
RegCloseKey	0x41c020
RegQueryValueExW	0x41c024
RegOpenKeyExW	0x41c028
GetSidSubAuthority	0x41c02c
GetSidSubAuthorityCount	0x41c030
IsValidSid	0x41c034

Name	Address
ResolveDelayLoadedAPI	0x41c0b8
FreeLibrary	0x41c0bc
LoadLibraryExW	0x41c0c0
ExpandEnvironmentStringsW	0x41c0c4
GetVersionExW	0x41c0c8
DeleteCriticalSection	0x41c0cc
AcquireSRWLockShared	0x41c0d0
CreateThreadpoolTimer	0x41c0d4
ReleaseSRWLockShared	0x41c0d8
SetThreadpoolTimer	0x41c0dc
CloseThreadpoolTimer	0x41c0e0
WaitForThreadpoolTimerCallbacks	0x41c0e4
InitializeCriticalSectionEx	0x41c0e8
LeaveCriticalSection	0x41c0ec
EnterCriticalSection	0x41c0f0
GetTickCount	0x41c0f4
GetSystemTimeAsFileTime	0x41c0f8
QueryPerformanceCounter	0x41c0fc
SleepConditionVariableSRW	0x41c100
WakeAllConditionVariable	0x41c104
AcquireSRWLockExclusive	0x41c108
ReleaseSRWLockExclusive	0x41c10c
TerminateProcess	0x41c110
GetCurrentProcess	0x41c114
SetUnhandledExceptionFilter	0x41c118
UnhandledExceptionFilter	0x41c11c
GetStartupInfoW	0x41c120
CreateSemaphoreExW	0x41c124
HeapFree	0x41c128
SetLastError	0x41c12c
ReleaseSemaphore	0x41c130
WaitForSingleObject	0x41c134
GetCurrentThreadId	0x41c138
ReleaseMutex	0x41c13c
FormatMessageW	0x41c140
GetLastError	0x41c144
OutputDebugStringW	0x41c148
WaitForSingleObjectEx	0x41c14c
OpenSemaphoreW	0x41c150
CloseHandle	0x41c154
HeapAlloc	0x41c158
GetProcAddress	0x41c15c
CreateMutexExW	0x41c160
GetCurrentProcessId	0x41c164
GetProcessHeap	0x41c168
GetModuleHandleW	0x41c16c
DebugBreak	0x41c170
IsDebuggerPresent	0x41c174
LocalFree	0x41c178
CreateProcessW	0x41c17c
CreateFileW	0x41c180
WriteFile	0x41c184
ReadFile	0x41c188
GetUserDefaultLangID	0x41c18c
InitOnceBeginInitialize	0x41c190
InitOnceComplete	0x41c194
CreateMutexW	0x41c198
CreateThread	0x41c19c
GetExitCodeThread	0x41c1a0
Sleep	0x41c1a4
GetUserDefaultUILanguage	0x41c1a8
FindResourceExW	0x41c1ac
LoadResource	0x41c1b0
LockResource	0x41c1b4
DelayLoadFailureHook	0x41c1b8
GetModuleHandleExW	0x41c1bc
GetModuleFileNameA	0x41c1c0

Name	Address
GetLayout	0x41c078
ExtTextOutW	0x41c07c
DeleteObject	0x41c080
CreateFontIndirectW	0x41c084
SelectObject	0x41c088
SetTextColor	0x41c08c
SetBkColor	0x41c090
CreatePen	0x41c094
MoveToEx	0x41c098
LineTo	0x41c09c
LineDDA	0x41c0a0
GetDeviceCaps	0x41c0a4
SetPixel	0x41c0a8

Name	Address
GetDlgItem	0x41c1d0
GetParent	0x41c1d4
SendMessageW	0x41c1d8
EnableWindow	0x41c1dc
CreatePopupMenu	0x41c1e0
GetWindowTextW	0x41c1e4
InsertMenuW	0x41c1e8
ClientToScreen	0x41c1ec
TrackPopupMenu	0x41c1f0
DestroyMenu	0x41c1f4
GetWindowRect	0x41c1f8
GetSystemMetrics	0x41c1fc
IsWindowEnabled	0x41c200
SetCapture	0x41c204
SetFocus	0x41c208
ChildWindowFromPointEx	0x41c20c
GetDlgItemTextW	0x41c210
SetCursor	0x41c214
LoadCursorW	0x41c218
ReleaseCapture	0x41c21c
GetWindowLongW	0x41c220
SetWindowLongW	0x41c224
GetClientRect	0x41c228
InvalidateRect	0x41c22c
UpdateWindow	0x41c230
ShowWindow	0x41c234
MessageBoxW	0x41c238
SetTimer	0x41c23c
KillTimer	0x41c240
CharLowerW	0x41c244
GetMessagePos	0x41c248
FillRect	0x41c24c
GetSysColorBrush	0x41c250
SetWindowTextW	0x41c254
PtInRect	0x41c258
GetSysColor	0x41c25c
FindWindowW	0x41c260
GetLastActivePopup	0x41c264
SetForegroundWindow	0x41c268
IsWindow	0x41c26c
SetDlgItemTextW	0x41c270
FindWindowExW	0x41c274
LoadImageW	0x41c278
ReleaseDC	0x41c27c
GetDC	0x41c280
DialogBoxIndirectParamW	0x41c284
DispatchMessageW	0x41c288
TranslateMessage	0x41c28c
PeekMessageW	0x41c290
GetDlgCtrlID	0x41c294
EndDialog	0x41c298
PostMessageW	0x41c29c
MsgWaitForMultipleObjects	0x41c2a0
SetWindowPos	0x41c2a4
CreateWindowExW	0x41c2a8
SystemParametersInfoW	0x41c2ac
ScreenToClient	0x41c2b0
DefWindowProcW	0x41c2b4
CallWindowProcW	0x41c2b8

Name	Address
??_V@YAXPAX@Z	0x41c2c0
__CxxFrameHandler3	0x41c2c4
_vsnwprintf	0x41c2c8
??3@YAXPAX@Z	0x41c2cc
_purecall	0x41c2d0
??1exception@@UAE@XZ	0x41c2d4
??0exception@@QAE@XZ	0x41c2d8
??0exception@@QAE@ABV0@@Z	0x41c2dc
_vsnprintf_s	0x41c2e0
_vsnwprintf_s	0x41c2e4
memcmp	0x41c2e8
_except_handler4_common	0x41c2ec
_controlfp	0x41c2f0
??1type_info@@UAE@XZ	0x41c2f4
?terminate@@YAXXZ	0x41c2f8
_onexit	0x41c2fc
__dllonexit	0x41c300
_unlock	0x41c304
_lock	0x41c308
_acmdln	0x41c30c
_initterm	0x41c310
__setusermatherr	0x41c314
_ismbblead	0x41c318
__p__fmode	0x41c31c
wcsncpy_s	0x41c320
_exit	0x41c324
exit	0x41c328
__set_app_type	0x41c32c
__getmainargs	0x41c330
_amsg_exit	0x41c334
__p__commode	0x41c338
_XcptFilter	0x41c33c
memmove	0x41c340
memcpy	0x41c344
_CxxThrowException	0x41c348
?what@exception@@UBEPBDXZ	0x41c34c
??0exception@@QAE@ABQBDH@Z	0x41c350
??0exception@@QAE@ABQBD@Z	0x41c354
_callnewh	0x41c358
malloc	0x41c35c
strstr	0x41c360
wcsncat_s	0x41c364
wcsnlen	0x41c368
memmove_s	0x41c36c
_cexit	0x41c370
memcpy_s	0x41c374
memset	0x41c378

Name	Address
ImmDisableIME	0x41c0b0

Name	Address
ShellExecuteW	0x41c1c8

Name	Address
GetOpenFileNameW	0x41c06c
GetSaveFileNameW	0x41c070

Name	Address
ImageList_DragMove	0x41c03c
ImageList_BeginDrag	0x41c040
ImageList_DragEnter	0x41c044
PropertySheetW	0x41c048
ImageList_Draw	0x41c050
ImageList_DragLeave	0x41c054
ImageList_EndDrag	0x41c058
ImageList_DragShowNolock	0x41c05c
ImageList_GetImageInfo	0x41c060
ImageList_Destroy	0x41c064

Name	Address
CoInitialize	0x41c380
CoUninitialize	0x41c384
CoCreateInstance	0x41c388

Reports: JSON

Statistics (0.70)

Usage

Processing ( 0.63 seconds )

0.628 CAPE
0.004 AnalysisInfo
0.001 Debug

Signatures ( 0.07 seconds )

0.008 ransomware_files
0.007 antianalysis_detectfile
0.006 antiav_detectreg
0.005 ransomware_extensions
0.004 ursnif_behavior
0.003 territorial_disputes_sigs
0.002 antiav_detectfile
0.002 browser_security
0.002 infostealer_bitcoin
0.002 infostealer_ftp
0.002 infostealer_im
0.002 poullight_files
0.001 antianalysis_detectreg
0.001 antivm_vbox_files
0.001 antivm_vbox_keys
0.001 antivm_vmware_keys
0.001 geodo_banking_trojan
0.001 uac_bypass_cmstpcom
0.001 disables_backups
0.001 disables_browser_warn
0.001 disables_power_options
0.001 azorult_mutexes
0.001 cryptbot_files
0.001 echelon_files
0.001 infostealer_mail
0.001 qulab_files
0.001 masquerade_process_name
0.001 revil_mutexes
0.001 modirat_behavior
0.001 removes_startmenu_defaults
0.001 tampers_etw
0.001 lokibot_mutexes

Reporting ( 0.00 seconds )

0.002 CAPASummary
0.001 JsonDump

Signatures

The PE file contains a PDB path

pdbpath: IMTCPROP.pdb

The binary contains an unknown PE section name indicative of packing

unknown section: {'name': '.didat', 'raw_address': '0x0001a600', 'virtual_address': '0x0001e000', 'virtual_size': '0x00000008', 'size_of_data': '0x00000200', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE', 'characteristics_raw': '0xc0000040', 'entropy': '0.06'}

Anomalous binary characteristics

anomaly: Entrypoint of binary is located outside of any mapped sections

Binary compilation timestomping detected

anomaly: Compilation timestamp is in the future

Screenshots

No screenshots available.

Hosts

No hosts contacted.

DNS

No domains contacted.

Summary

No results

Sorry! No behavior.

Sorry! No strace.

Sorry! No tracee.

No hosts contacted.

No TCP connections recorded.

No UDP connections recorded.

No domains contacted.

HTTP Requests

No HTTP(s) requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No Suricata Extracted files.

Sorry! No dropped files.

Sorry! No process dumps.

Analysis

Machine

File Details

PE Information

Version Infos

Sections

Resources

Imports

ADVAPI32

KERNEL32

GDI32

USER32

msvcrt

IMM32

SHELL32

COMDLG32

COMCTL32

ole32

Usage

Processing ( 0.63 seconds )

Signatures ( 0.07 seconds )

Reporting ( 0.00 seconds )

Signatures

Screenshots

Hosts

DNS

Summary

HTTP Requests

SMTP traffic

IRC traffic

CIF Results

Suricata Alerts

Suricata TLS

Suricata HTTP