魔盾安全分析报告

分析类型	开始时间	结束时间	持续时间	分析引擎版本
FILE	2020-02-19 12:39:48	2020-02-19 12:40:34	46 秒	1.4-Maldun

虚拟机机器名	标签	虚拟机管理	开机时间	关机时间
win7-sp1-x64-hpdapp01-1	win7-sp1-x64-hpdapp01-1	KVM	2020-02-19 12:39:56	2020-02-19 12:40:36

魔盾分数
3.15 可疑的

文件详细信息

文件名	TenBount.dll
文件大小	876544 字节
文件类型	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
CRC32	ED544E27
MD5	e571c94a8db9ef3ce730830f4e8b4cfa
SHA1	a924a16f59d2134b2fea98e9438d11b731aacb1e
SHA256	40f64a840bb74e6db96c4199302b656b8d6f8cec8ee85f19d998702d12bafdfd
SHA512	550410fef165ffc03ffd28c00dc9eaee231cfe2b9d6bafa957167d852f70dbe2c5314de1a5c14b8528f5d787168df3cd1badfb36612b4245310e91d81da9fcd5
Ssdeep	12288:Qovb393FLXN0Iuf2zHtZlDUuiEQGUNe66pY:Jvb391XSIq25PUulQrNP6K
PEiD	无匹配
Yara	DebuggerTiming__Ticks (Detected timing ticks function) disable_dep (Bypass DEP) screenshot (Detected take screenshot function) create_process (Detection function for creating a new process) keylogger (Detected keylogger function) win_registry (Detected system registries modification function) change_win_registry (Change registries to affect system) win_files_operation (Affect private profile) win_hook (Detected hook table access function) win_private_profile (Detected private profile access function) Maldun_Anomoly_Combined_Activities_7 (Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files) with_images (Detected the presence of an or several images) CRC32_poly_Constant (Look for CRC32 [poly]) CRC32_table (Look for CRC32 table) MD5_Constants (Look for MD5 constants) Armadillov1xxv2xx () IsPE32 (Detected a 32bit PE sample) IsDLL (Detect a DLL sample) IsWindowsGUI (Detected a Windows GUI sample) HasRichSignature (Detected Rich Signature)
VirusTotal	无此文件扫描结果

特征

创建RWX内存

魔盾安全Yara规则检测结果 - 安全告警

Warning: Bypass DEP

Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files

运行截图

无运行截图

网络分析

无信息

静态分析

PE 信息

初始地址	0x10000000
入口地址	0x100755c8
声明校验值	0x00000000
实际校验值	0x000e2441
最低操作系统版本要求	4.0
编译时间	2020-02-18 22:18:52
载入哈希	a051c53b883457f122411f8824512c3b
导出DLL库名称	\x38\x31\x31\x36\x31\x31\x31\x31\x34\x31\x31\x31

版本信息

LegalCopyright:	\u4f5c\u8005\u7248\u6743\u6240\u6709 \u8bf7\u5c0a\u91cd\u5e76\u4f7f\u7528\u6b63\u7248
FileVersion:	1.0.0.0
Comments:	\u672c\u7a0b\u5e8f\u4f7f\u7528\u6613\u8bed\u8a00\u7f16\u5199(http://www.eyuyan.com)
ProductName:	\u6613\u8bed\u8a00\u7a0b\u5e8f
ProductVersion:	1.0.0.0
FileDescription:	\u6613\u8bed\u8a00\u7a0b\u5e8f
Translation:	0x0804 0x04b0

PE数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x00093222	0x00094000	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.55
.rdata	0x00095000	0x00013fc6	0x00014000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.97
.data	0x000a9000	0x0003716e	0x00012000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	5.18
.rsrc	0x000e1000	0x00005958	0x00006000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.82
.reloc	0x000e7000	0x0001474e	0x00015000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	3.31

导入

库 WINMM.dll:

• 0x10095608 - midiOutReset

• 0x1009560c - midiStreamRestart

• 0x10095610 - waveOutUnprepareHeader

• 0x10095614 - waveOutPrepareHeader

• 0x10095618 - waveOutWrite

• 0x1009561c - waveOutPause

• 0x10095620 - waveOutReset

• 0x10095624 - waveOutClose

• 0x10095628 - midiStreamClose

• 0x1009562c - midiStreamStop

• 0x10095630 - midiStreamOut

• 0x10095634 - midiOutPrepareHeader

• 0x10095638 - midiStreamProperty

• 0x1009563c - midiStreamOpen

• 0x10095640 - midiOutUnprepareHeader

• 0x10095644 - waveOutOpen

• 0x10095648 - waveOutGetNumDevs

库 WS2_32.dll:

• 0x10095660 - inet_ntoa

• 0x10095664 - WSACleanup

• 0x10095668 - closesocket

• 0x1009566c - WSAAsyncSelect

• 0x10095670 - recvfrom

• 0x10095674 - ioctlsocket

• 0x10095678 - recv

• 0x1009567c - getpeername

• 0x10095680 - accept

库 KERNEL32.dll:

• 0x10095170 - GetFileSize

• 0x10095174 - TerminateProcess

• 0x10095178 - SetLastError

• 0x1009517c - GetTimeZoneInformation

• 0x10095180 - GetVersion

• 0x10095184 - SetFilePointer

• 0x10095188 - TerminateThread

• 0x1009518c - GetCurrentProcess

• 0x10095190 - GetWindowsDirectoryA

• 0x10095194 - GetSystemDirectoryA

• 0x10095198 - CreateSemaphoreA

• 0x1009519c - InterlockedExchange

• 0x100951a0 - SetStdHandle

• 0x100951a4 - IsBadCodePtr

• 0x100951a8 - IsBadReadPtr

• 0x100951ac - CompareStringW

• 0x100951b0 - CompareStringA

• 0x100951b4 - GetStringTypeW

• 0x100951b8 - GetStringTypeA

• 0x100951bc - SetUnhandledExceptionFilter

• 0x100951c0 - IsBadWritePtr

• 0x100951c4 - ResumeThread

• 0x100951c8 - LCMapStringW

• 0x100951cc - LCMapStringA

• 0x100951d0 - SetEnvironmentVariableA

• 0x100951d4 - VirtualFree

• 0x100951d8 - HeapCreate

• 0x100951dc - HeapDestroy

• 0x100951e0 - GetEnvironmentVariableA

• 0x100951e4 - GetEnvironmentStringsW

• 0x100951e8 - GetEnvironmentStrings

• 0x100951ec - FreeEnvironmentStringsW

• 0x100951f0 - FreeEnvironmentStringsA

• 0x100951f4 - GetStartupInfoA

• 0x100951f8 - GetFileType

• 0x100951fc - GetStdHandle

• 0x10095200 - SetHandleCount

• 0x10095204 - GetACP

• 0x10095208 - HeapSize

• 0x1009520c - RaiseException

• 0x10095210 - GetLocalTime

• 0x10095214 - GetSystemTime

• 0x10095218 - RtlUnwind

• 0x1009521c - GetOEMCP

• 0x10095220 - GetCPInfo

• 0x10095224 - GetProcessVersion

• 0x10095228 - SetErrorMode

• 0x1009522c - GlobalFlags

• 0x10095230 - GetCurrentThread

• 0x10095234 - GetFileTime

• 0x10095238 - TlsGetValue

• 0x1009523c - LocalReAlloc

• 0x10095240 - TlsSetValue

• 0x10095244 - TlsFree

• 0x10095248 - GlobalHandle

• 0x1009524c - TlsAlloc

• 0x10095250 - LocalAlloc

• 0x10095254 - lstrcmpA

• 0x10095258 - GlobalGetAtomNameA

• 0x1009525c - GlobalAddAtomA

• 0x10095260 - GlobalFindAtomA

• 0x10095264 - GlobalDeleteAtom

• 0x10095268 - lstrcmpiA

• 0x1009526c - SetEndOfFile

• 0x10095270 - UnlockFile

• 0x10095274 - LockFile

• 0x10095278 - FlushFileBuffers

• 0x1009527c - DuplicateHandle

• 0x10095280 - lstrcpynA

• 0x10095284 - FileTimeToLocalFileTime

• 0x10095288 - FileTimeToSystemTime

• 0x1009528c - LocalFree

• 0x10095290 - InterlockedDecrement

• 0x10095294 - InterlockedIncrement

• 0x10095298 - ReleaseSemaphore

• 0x1009529c - EnterCriticalSection

• 0x100952a0 - LeaveCriticalSection

• 0x100952a4 - GetProfileStringA

• 0x100952a8 - WriteFile

• 0x100952ac - VirtualAlloc

• 0x100952b0 - CloseHandle

• 0x100952b4 - WaitForSingleObject

• 0x100952b8 - GetTickCount

• 0x100952bc - GetCommandLineA

• 0x100952c0 - MulDiv

• 0x100952c4 - GetProcAddress

• 0x100952c8 - GetModuleHandleA

• 0x100952cc - GetVolumeInformationA

• 0x100952d0 - SetCurrentDirectoryA

• 0x100952d4 - GetFileAttributesA

• 0x100952d8 - WaitForMultipleObjects

• 0x100952dc - CreateFileA

• 0x100952e0 - SetEvent

• 0x100952e4 - FindResourceA

• 0x100952e8 - LoadResource

• 0x100952ec - LockResource

• 0x100952f0 - ReadFile

• 0x100952f4 - GetModuleFileNameA

• 0x100952f8 - WideCharToMultiByte

• 0x100952fc - MultiByteToWideChar

• 0x10095300 - GetCurrentThreadId

• 0x10095304 - ExitProcess

• 0x10095308 - GlobalSize

• 0x1009530c - GlobalFree

• 0x10095310 - DeleteCriticalSection

• 0x10095314 - InitializeCriticalSection

• 0x10095318 - lstrcatA

• 0x1009531c - lstrlenA

• 0x10095320 - WinExec

• 0x10095324 - lstrcpyA

• 0x10095328 - FindNextFileA

• 0x1009532c - GlobalReAlloc

• 0x10095330 - HeapFree

• 0x10095334 - HeapReAlloc

• 0x10095338 - GetProcessHeap

• 0x1009533c - HeapAlloc

• 0x10095340 - GetFullPathNameA

• 0x10095344 - FreeLibrary

• 0x10095348 - LoadLibraryA

• 0x1009534c - GetLastError

• 0x10095350 - GetVersionExA

• 0x10095354 - WritePrivateProfileStringA

• 0x10095358 - GetPrivateProfileStringA

• 0x1009535c - CreateThread

• 0x10095360 - CreateEventA

• 0x10095364 - Sleep

• 0x10095368 - GlobalAlloc

• 0x1009536c - GlobalLock

• 0x10095370 - GlobalUnlock

• 0x10095374 - GetTempPathA

• 0x10095378 - FindFirstFileA

• 0x1009537c - FindClose

库 USER32.dll:

• 0x100953a4 - SetClipboardData

• 0x100953a8 - OpenClipboard

• 0x100953ac - GetClipboardData

• 0x100953b0 - CloseClipboard

• 0x100953b4 - wsprintfA

• 0x100953b8 - EmptyClipboard

• 0x100953bc - GetSystemMetrics

• 0x100953c0 - GetCursorPos

• 0x100953c4 - GetSysColorBrush

• 0x100953c8 - GetWindowTextA

• 0x100953cc - GetDlgItem

• 0x100953d0 - GetClassNameA

• 0x100953d4 - GetDesktopWindow

• 0x100953d8 - GetForegroundWindow

• 0x100953dc - LoadIconA

• 0x100953e0 - TranslateMessage

• 0x100953e4 - DrawFrameControl

• 0x100953e8 - DrawEdge

• 0x100953ec - DrawFocusRect

• 0x100953f0 - WindowFromPoint

• 0x100953f4 - GetMessageA

• 0x100953f8 - DispatchMessageA

• 0x100953fc - SetRectEmpty

• 0x10095400 - RegisterClipboardFormatA

• 0x10095404 - CreateIconFromResourceEx

• 0x10095408 - CreateIconFromResource

• 0x1009540c - DrawIconEx

• 0x10095410 - CreatePopupMenu

• 0x10095414 - LoadStringA

• 0x10095418 - UnregisterClassA

• 0x1009541c - GetMenuCheckMarkDimensions

• 0x10095420 - AppendMenuA

• 0x10095424 - ModifyMenuA

• 0x10095428 - CreateMenu

• 0x1009542c - CreateAcceleratorTableA

• 0x10095430 - GetDlgCtrlID

• 0x10095434 - GetSubMenu

• 0x10095438 - EnableMenuItem

• 0x1009543c - ClientToScreen

• 0x10095440 - EnumDisplaySettingsA

• 0x10095444 - LoadImageA

• 0x10095448 - SystemParametersInfoA

• 0x1009544c - ShowWindow

• 0x10095450 - IsWindowEnabled

• 0x10095454 - TranslateAcceleratorA

• 0x10095458 - GetKeyState

• 0x1009545c - CopyAcceleratorTableA

• 0x10095460 - PostQuitMessage

• 0x10095464 - IsZoomed

• 0x10095468 - GetClassInfoA

• 0x1009546c - DefWindowProcA

• 0x10095470 - GetMenu

• 0x10095474 - SetMenu

• 0x10095478 - PeekMessageA

• 0x1009547c - IsIconic

• 0x10095480 - SetFocus

• 0x10095484 - GetActiveWindow

• 0x10095488 - GetWindow

• 0x1009548c - DestroyAcceleratorTable

• 0x10095490 - SetWindowRgn

• 0x10095494 - GetMessagePos

• 0x10095498 - ScreenToClient

• 0x1009549c - ChildWindowFromPointEx

• 0x100954a0 - CopyRect

• 0x100954a4 - LoadBitmapA

• 0x100954a8 - WinHelpA

• 0x100954ac - KillTimer

• 0x100954b0 - SetTimer

• 0x100954b4 - ReleaseCapture

• 0x100954b8 - GetCapture

• 0x100954bc - SetCapture

• 0x100954c0 - GetScrollRange

• 0x100954c4 - SetScrollRange

• 0x100954c8 - SetScrollPos

• 0x100954cc - SetRect

• 0x100954d0 - InflateRect

• 0x100954d4 - IntersectRect

• 0x100954d8 - DestroyIcon

• 0x100954dc - PtInRect

• 0x100954e0 - OffsetRect

• 0x100954e4 - IsWindowVisible

• 0x100954e8 - EnableWindow

• 0x100954ec - RedrawWindow

• 0x100954f0 - GetWindowLongA

• 0x100954f4 - SetWindowLongA

• 0x100954f8 - GetSysColor

• 0x100954fc - SetActiveWindow

• 0x10095500 - SetCursorPos

• 0x10095504 - LoadCursorA

• 0x10095508 - SetCursor

• 0x1009550c - GetDC

• 0x10095510 - FillRect

• 0x10095514 - IsRectEmpty

• 0x10095518 - ReleaseDC

• 0x1009551c - IsChild

• 0x10095520 - DestroyMenu

• 0x10095524 - SetForegroundWindow

• 0x10095528 - GetWindowRect

• 0x1009552c - EqualRect

• 0x10095530 - UpdateWindow

• 0x10095534 - ValidateRect

• 0x10095538 - InvalidateRect

• 0x1009553c - GetClientRect

• 0x10095540 - GetFocus

• 0x10095544 - GetParent

• 0x10095548 - GetTopWindow

• 0x1009554c - PostMessageA

• 0x10095550 - IsWindow

• 0x10095554 - SetParent

• 0x10095558 - DestroyCursor

• 0x1009555c - SendMessageA

• 0x10095560 - SetWindowPos

• 0x10095564 - MessageBoxA

• 0x10095568 - GetMenuState

• 0x1009556c - GetWindowTextLengthA

• 0x10095570 - CharUpperA

• 0x10095574 - GetWindowDC

• 0x10095578 - BeginPaint

• 0x1009557c - EndPaint

• 0x10095580 - TabbedTextOutA

• 0x10095584 - DrawTextA

• 0x10095588 - GrayStringA

• 0x1009558c - DestroyWindow

• 0x10095590 - CreateDialogIndirectParamA

• 0x10095594 - EndDialog

• 0x10095598 - GetNextDlgTabItem

• 0x1009559c - GetWindowPlacement

• 0x100955a0 - RegisterWindowMessageA

• 0x100955a4 - GetLastActivePopup

• 0x100955a8 - GetMessageTime

• 0x100955ac - RemovePropA

• 0x100955b0 - CallWindowProcA

• 0x100955b4 - GetPropA

• 0x100955b8 - UnhookWindowsHookEx

• 0x100955bc - SetPropA

• 0x100955c0 - GetClassLongA

• 0x100955c4 - CallNextHookEx

• 0x100955c8 - SetWindowsHookExA

• 0x100955cc - CreateWindowExA

• 0x100955d0 - GetMenuItemID

• 0x100955d4 - GetMenuItemCount

• 0x100955d8 - RegisterClassA

• 0x100955dc - GetScrollPos

• 0x100955e0 - AdjustWindowRectEx

• 0x100955e4 - MapWindowPoints

• 0x100955e8 - SendDlgItemMessageA

• 0x100955ec - ScrollWindowEx

• 0x100955f0 - IsDialogMessageA

• 0x100955f4 - SetWindowTextA

• 0x100955f8 - MoveWindow

• 0x100955fc - CheckMenuItem

• 0x10095600 - SetMenuItemBitmaps

库 GDI32.dll:

• 0x10095024 - ExtSelectClipRgn

• 0x10095028 - LineTo

• 0x1009502c - MoveToEx

• 0x10095030 - ExcludeClipRect

• 0x10095034 - GetClipBox

• 0x10095038 - ScaleWindowExtEx

• 0x1009503c - SetWindowExtEx

• 0x10095040 - SetWindowOrgEx

• 0x10095044 - ScaleViewportExtEx

• 0x10095048 - GetViewportExtEx

• 0x1009504c - SetBkColor

• 0x10095050 - CreateRectRgnIndirect

• 0x10095054 - SetStretchBltMode

• 0x10095058 - GetClipRgn

• 0x1009505c - CreatePolygonRgn

• 0x10095060 - SelectClipRgn

• 0x10095064 - CreateDIBitmap

• 0x10095068 - GetSystemPaletteEntries

• 0x1009506c - CreatePalette

• 0x10095070 - StretchBlt

• 0x10095074 - SelectPalette

• 0x10095078 - RealizePalette

• 0x1009507c - GetDIBits

• 0x10095080 - GetWindowExtEx

• 0x10095084 - GetViewportOrgEx

• 0x10095088 - GetWindowOrgEx

• 0x1009508c - BeginPath

• 0x10095090 - EndPath

• 0x10095094 - PathToRegion

• 0x10095098 - CreateEllipticRgn

• 0x1009509c - CreateRoundRectRgn

• 0x100950a0 - GetTextColor

• 0x100950a4 - GetBkMode

• 0x100950a8 - GetBkColor

• 0x100950ac - GetROP2

• 0x100950b0 - GetStretchBltMode

• 0x100950b4 - GetPolyFillMode

• 0x100950b8 - CreateCompatibleBitmap

• 0x100950bc - CreateDCA

• 0x100950c0 - CreateBitmap

• 0x100950c4 - SelectObject

• 0x100950c8 - GetObjectA

• 0x100950cc - CreatePen

• 0x100950d0 - PatBlt

• 0x100950d4 - CombineRgn

• 0x100950d8 - CreateRectRgn

• 0x100950dc - FillRgn

• 0x100950e0 - CreateSolidBrush

• 0x100950e4 - GetStockObject

• 0x100950e8 - CreateFontIndirectA

• 0x100950ec - EndPage

• 0x100950f0 - EndDoc

• 0x100950f4 - DeleteDC

• 0x100950f8 - StartDocA

• 0x100950fc - StartPage

• 0x10095100 - BitBlt

• 0x10095104 - CreateCompatibleDC

• 0x10095108 - Ellipse

• 0x1009510c - Rectangle

• 0x10095110 - LPtoDP

• 0x10095114 - DPtoLP

• 0x10095118 - GetCurrentObject

• 0x1009511c - RoundRect

• 0x10095120 - GetTextExtentPoint32A

• 0x10095124 - GetDeviceCaps

• 0x10095128 - PtVisible

• 0x1009512c - RectVisible

• 0x10095130 - TextOutA

• 0x10095134 - ExtTextOutA

• 0x10095138 - Escape

• 0x1009513c - GetTextMetricsA

• 0x10095140 - DeleteObject

• 0x10095144 - SaveDC

• 0x10095148 - RestoreDC

• 0x1009514c - SetBkMode

• 0x10095150 - SetPolyFillMode

• 0x10095154 - SetROP2

• 0x10095158 - SetTextColor

• 0x1009515c - SetMapMode

• 0x10095160 - SetViewportOrgEx

• 0x10095164 - OffsetViewportOrgEx

• 0x10095168 - SetViewportExtEx

库 WINSPOOL.DRV:

• 0x10095650 - OpenPrinterA

• 0x10095654 - DocumentPropertiesA

• 0x10095658 - ClosePrinter

库 ADVAPI32.dll:

• 0x10095000 - RegQueryValueA

• 0x10095004 - RegSetValueExA

• 0x10095008 - RegOpenKeyExA

• 0x1009500c - RegCloseKey

• 0x10095010 - RegCreateKeyExA

库 SHELL32.dll:

• 0x10095394 - SHGetSpecialFolderPathA

• 0x10095398 - ShellExecuteA

• 0x1009539c - Shell_NotifyIconA

库 ole32.dll:

• 0x1009569c - OleInitialize

• 0x100956a0 - OleUninitialize

• 0x100956a4 - CLSIDFromString

库 OLEAUT32.dll:

• 0x10095384 - UnRegisterTypeLib

• 0x10095388 - RegisterTypeLib

• 0x1009538c - LoadTypeLib

库 COMCTL32.dll:

• 0x10095018 - ImageList_Destroy

• 0x1009501c - None

库 comdlg32.dll:

• 0x10095688 - GetFileTitleA

• 0x1009568c - ChooseColorA

• 0x10095690 - GetOpenFileNameA

• 0x10095694 - GetSaveFileNameA

导出

序列	地址	名称
1	0x100186ed	gumeng

投放文件

无信息

行为分析

互斥量(Mutexes) 无信息

执行的命令 无信息

创建的服务 无信息

启动的服务 无信息

进程

rundll32.exe PID: 2704, 上一级进程 PID: 2332

访问的文件

C:\Users\test\AppData\Local\Temp\TenBount.dll
C:\Users\test\AppData\Local\Temp\TenBount.dll.123.Manifest
C:\Users\test\AppData\Local\Temp\TenBount.dll.124.Manifest
C:\Users\test\AppData\Local\Temp\TenBount.dll.2.Manifest
C:\Windows\SysWOW64\rundll32.exe
C:\Users\test\AppData\Local\Temp\WINMM.dll
C:\Windows\System32\winmm.dll
C:\Windows\SysWOW64\rundll32.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
C:\Windows\SysWOW64
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\SysWOW64\tcj.dll
C:\Windows\System32\tcj.dll
C:\Windows\system\tcj.dll
C:\Windows\tcj.dll
C:\ProgramData\Oracle\Java\javapath\tcj.dll
C:\Windows\System32\wbem\tcj.dll
C:\Windows\System32\WindowsPowerShell\v1.0\tcj.dll
C:\Program Files (x86)\WinRAR\tcj.dll
C:\Windows\SysWOW64\DNFBase.dll
C:\Windows\System32\DNFBase.dll
C:\Windows\system\DNFBase.dll
C:\Windows\DNFBase.dll
C:\ProgramData\Oracle\Java\javapath\DNFBase.dll
C:\Windows\System32\wbem\DNFBase.dll
C:\Windows\System32\WindowsPowerShell\v1.0\DNFBase.dll
C:\Program Files (x86)\WinRAR\DNFBase.dll

读取的文件

C:\Users\test\AppData\Local\Temp\TenBount.dll
C:\Users\test\AppData\Local\Temp\TenBount.dll.123.Manifest
C:\Users\test\AppData\Local\Temp\TenBount.dll.124.Manifest
C:\Users\test\AppData\Local\Temp\TenBount.dll.2.Manifest
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\System32\winmm.dll
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
C:\Windows\Globalization\Sorting\sortdefault.nls

修改的文件 无信息

删除的文件 无信息

注册表键

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\UseFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\TenBount.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

读取的注册表键

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\UseFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\TenBount.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

修改的注册表键 无信息

删除的注册表键 无信息

API解析

kernel32.dll.FlsAlloc
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.FlsFree
kernelbase.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.ProcessIdToSessionId
imm32.dll.ImmCreateContext
imm32.dll.ImmDestroyContext
imm32.dll.ImmNotifyIME
imm32.dll.ImmAssociateContext
imm32.dll.ImmReleaseContext
imm32.dll.ImmGetContext
imm32.dll.ImmGetCompositionStringA
imm32.dll.ImmSetCompositionStringA
imm32.dll.ImmGetCompositionStringW
imm32.dll.ImmSetCompositionStringW
imm32.dll.ImmSetCandidateWindow
kernel32.dll.IsProcessorFeaturePresent
cryptbase.dll.SystemFunction036
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
kernel32.dll.LoadLibraryA
kernel32.dll.GetCurrentProcessId
kernel32.dll.VirtualQueryEx
kernel32.dll.IsBadReadPtr
ntdll.dll.ZwProtectVirtualMemory
tenbount.dll.#1
oleaut32.dll.#500