魔盾安全分析报告

分析类型 开始时间 结束时间 持续时间 分析引擎版本
FILE 2021-09-22 09:17:21 2021-09-22 09:17:22 1 秒 1.4-Maldun
虚拟机机器名 标签 虚拟机管理 开机时间 关机时间
win7-sp1-x64-shaapp02-1 win7-sp1-x64-shaapp02-1 KVM 2021-09-22 09:17:22 2021-09-22 09:17:22
魔盾分数

9.95

恶意的

文件详细信息

文件名 匠石微信多开v2.4.exe
文件大小 5357568 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 FD544F8C
MD5 98417ec737c61fa2261638c16e986d1c
SHA1 c2f929433e8a18cc4f99e4bd586da93c1136870a
SHA256 3543267617c9d1badd183fa8003d63ebccdd375b6e59a28685ff3b86114f7fc0
SHA512 2eac15b5df88c891d93b08c60468d4d47af71891ab3fa694b5bd451753baa1eee506241f7a21abdb9bf793d7e66f27c065926e3b2f4e0ca2c21a5a69e05d1e69
Ssdeep 98304:IF2f2oTVAgxUL4jbEjB0AMG48xWVjbEYuSjbEhvEedkt:HHUsX/dVXVXjft
PEiD 无匹配
Yara
  • DebuggerTiming__Ticks (Detected timing ticks function)
  • network_http (Detected communications function over HTTP)
  • win_mutex (Create or check mutex)
  • screenshot (Detected take screenshot function)
  • create_process (Detection function for creating a new process)
  • persistence (Detected function for installing itself for autorun at Windows startup)
  • escalate_priv (Detected escalate priviledges function)
  • keylogger (Detected keylogger function)
  • win_registry (Detected system registries modification function)
  • change_win_registry (Change registries to affect system)
  • win_token (Affect system token)
  • win_files_operation (Affect private profile)
  • win_hook (Detected hook table access function)
  • win_private_profile (Detected private profile access function)
  • Maldun_Anomoly_Combined_Activities_Logging_Persistence (Spotted postential abnormal behaviors, like logging and persistenc3)
  • Maldun_Anomoly_Combined_Activities_Network_Logging (Spotted potential abnormal behaviors, like logging and network communications)
  • Maldun_Anomoly_Combined_Activities_7 (Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files)
  • IsPE32 (Detected a 32bit PE sample)
  • IsWindowsGUI (Detected a Windows GUI sample)
  • HasRichSignature (Detected Rich Signature)
  • Advapi_Hash_API (Looks for advapi API functions)
  • CRC32_poly_Constant (Look for CRC32 [poly])
  • CRC32_table (Look for CRC32 table)
  • MD5_Constants (Look for MD5 constants)
  • BASE64_table (Look for Base64 table)
  • with_images (Detected the presence of an or several images)
  • with_urls (Detected the presence of an or several urls)
  • Chinese_Hacktool_1014 (Detects a chinese hacktool with unknown use)
  • UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser ()
  • UPX (Detected UPX. Commonly used by RAT!)
VirusTotal VirusTotal查询失败

特征

二进制文件可能包含加密或压缩数据
section: name: .rdata, entropy: 6.97, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x003c0000, virtual_size: 0x003bf45a
魔盾安全Yara规则检测结果 - 高危
Warning: Detected function for installing itself for autorun at Windows startup
Critical: Spotted postential abnormal behaviors, like logging and persistenc3
Critical: Spotted potential abnormal behaviors, like logging and network communications
Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files
Warning: Looks for advapi API functions
Warning: Detects a chinese hacktool with unknown use
Warning: Detected UPX. Commonly used by RAT!

运行截图

无运行截图

网络分析

无信息

静态分析

PE 信息

初始地址 0x00400000
入口地址 0x004d206d
声明校验值 0x00000000
实际校验值 0x0052275c
最低操作系统版本要求 4.0
编译时间 2020-07-12 17:21:09
载入哈希 473e4034e657ab440a123b16e6137cef

版本信息

LegalCopyright: \u7248\u6743\u6240\u6709\uff0c\u76d7\u7248\u5fc5\u7a76\u3002
FileVersion: 2.4.0.0
CompanyName: \u5320\u77f3\u80d6\u5b50
Comments: \u5320\u77f3\u79d1\u6280
ProductName: \u5320\u77f3\u591a\u5f00\u5fae\u4fe1
ProductVersion: 2.4.0.0
FileDescription: \u5320\u77f3\u79d1\u6280
Translation: 0x0804 0x04b0

PE数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000f8557 0x000f9000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.47
.rdata 0x000fa000 0x003bf45a 0x003c0000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.97
.data 0x004ba000 0x00063a2a 0x00019000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.59
.rsrc 0x0051e000 0x000488c0 0x00049000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 2.36

导入

库 RASAPI32.dll:
0x4fa480 - RasHangUpA
0x4fa484 - RasGetConnectStatusA
库 WINMM.dll:
0x4fa784 - midiOutPrepareHeader
0x4fa788 - PlaySoundA
0x4fa78c - waveOutUnprepareHeader
0x4fa790 - waveOutPrepareHeader
0x4fa794 - waveOutWrite
0x4fa798 - waveOutPause
0x4fa79c - waveOutReset
0x4fa7a0 - midiStreamStop
0x4fa7a4 - midiStreamRestart
0x4fa7a8 - midiStreamClose
0x4fa7ac - midiOutReset
0x4fa7b0 - midiStreamOut
0x4fa7b4 - midiStreamProperty
0x4fa7b8 - midiStreamOpen
0x4fa7bc - midiOutUnprepareHeader
0x4fa7c0 - waveOutOpen
0x4fa7c4 - waveOutGetNumDevs
0x4fa7c8 - waveOutClose
库 WS2_32.dll:
0x4fa7e0 - inet_ntoa
0x4fa7e4 - WSAStartup
0x4fa7e8 - select
0x4fa7ec - send
0x4fa7f0 - closesocket
0x4fa7f4 - WSAAsyncSelect
0x4fa7f8 - recvfrom
0x4fa7fc - ioctlsocket
0x4fa800 - recv
0x4fa804 - getpeername
0x4fa808 - accept
0x4fa80c - WSACleanup
库 MSVFW32.dll:
0x4fa414 - DrawDibDraw
库 AVIFIL32.dll:
0x4fa028 - AVIStreamInfoA
0x4fa02c - AVIStreamGetFrame
库 KERNEL32.dll:
0x4fa1cc - GetVersion
0x4fa1d0 - GetTempFileNameA
0x4fa1d4 - InterlockedIncrement
0x4fa1d8 - InterlockedDecrement
0x4fa1dc - LocalFree
0x4fa1e0 - FormatMessageA
0x4fa1e4 - FileTimeToLocalFileTime
0x4fa1e8 - lstrcpynA
0x4fa1ec - DuplicateHandle
0x4fa1f0 - FlushFileBuffers
0x4fa1f4 - LockFile
0x4fa1f8 - UnlockFile
0x4fa1fc - SetEndOfFile
0x4fa200 - GetThreadLocale
0x4fa204 - lstrcmpiA
0x4fa208 - GlobalDeleteAtom
0x4fa20c - GlobalFindAtomA
0x4fa210 - GlobalAddAtomA
0x4fa214 - GlobalGetAtomNameA
0x4fa218 - lstrcmpA
0x4fa21c - LocalAlloc
0x4fa220 - TlsAlloc
0x4fa224 - GlobalHandle
0x4fa228 - TlsFree
0x4fa22c - TlsSetValue
0x4fa230 - LocalReAlloc
0x4fa234 - TlsGetValue
0x4fa238 - GetFileTime
0x4fa23c - GetCurrentThread
0x4fa240 - GlobalFlags
0x4fa244 - SetErrorMode
0x4fa248 - GetProcessVersion
0x4fa24c - GetCPInfo
0x4fa250 - GetOEMCP
0x4fa254 - GetStartupInfoA
0x4fa258 - RtlUnwind
0x4fa25c - GetSystemTime
0x4fa260 - GetLocalTime
0x4fa264 - RaiseException
0x4fa268 - HeapSize
0x4fa26c - GetACP
0x4fa270 - SetStdHandle
0x4fa274 - GetFileType
0x4fa278 - UnhandledExceptionFilter
0x4fa27c - FreeEnvironmentStringsA
0x4fa280 - FreeEnvironmentStringsW
0x4fa284 - GetEnvironmentStrings
0x4fa288 - GetEnvironmentStringsW
0x4fa28c - SetHandleCount
0x4fa290 - GetStdHandle
0x4fa294 - GetEnvironmentVariableA
0x4fa298 - HeapDestroy
0x4fa29c - HeapCreate
0x4fa2a0 - VirtualFree
0x4fa2a4 - SetEnvironmentVariableA
0x4fa2a8 - LCMapStringA
0x4fa2ac - LCMapStringW
0x4fa2b0 - VirtualAlloc
0x4fa2b4 - IsBadWritePtr
0x4fa2b8 - SetUnhandledExceptionFilter
0x4fa2bc - GetStringTypeA
0x4fa2c0 - GetStringTypeW
0x4fa2c4 - CompareStringA
0x4fa2c8 - CompareStringW
0x4fa2cc - IsBadReadPtr
0x4fa2d0 - IsBadCodePtr
0x4fa2d4 - TerminateProcess
0x4fa2d8 - GetFileSize
0x4fa2dc - SetFilePointer
0x4fa2e0 - CreateToolhelp32Snapshot
0x4fa2e4 - Process32First
0x4fa2e8 - Process32Next
0x4fa2ec - SetLastError
0x4fa2f0 - GetTimeZoneInformation
0x4fa2f4 - FileTimeToSystemTime
0x4fa2f8 - TerminateThread
0x4fa2fc - WideCharToMultiByte
0x4fa300 - MultiByteToWideChar
0x4fa304 - GetCurrentProcess
0x4fa308 - GetWindowsDirectoryA
0x4fa30c - GetSystemDirectoryA
0x4fa310 - CreateSemaphoreA
0x4fa314 - ResumeThread
0x4fa318 - ReleaseSemaphore
0x4fa31c - EnterCriticalSection
0x4fa320 - LeaveCriticalSection
0x4fa324 - GetProfileStringA
0x4fa328 - WriteFile
0x4fa32c - ReadFile
0x4fa330 - WaitForMultipleObjects
0x4fa334 - CreateFileA
0x4fa338 - SetEvent
0x4fa33c - FindResourceA
0x4fa340 - LoadResource
0x4fa344 - LockResource
0x4fa348 - lstrlenW
0x4fa34c - RemoveDirectoryA
0x4fa350 - GetModuleFileNameA
0x4fa354 - GetCurrentThreadId
0x4fa358 - ExitProcess
0x4fa35c - GlobalSize
0x4fa360 - GlobalFree
0x4fa364 - DeleteCriticalSection
0x4fa368 - InitializeCriticalSection
0x4fa36c - lstrcatA
0x4fa370 - lstrlenA
0x4fa374 - WinExec
0x4fa378 - lstrcpyA
0x4fa37c - FindNextFileA
0x4fa380 - GlobalReAlloc
0x4fa384 - HeapFree
0x4fa388 - HeapReAlloc
0x4fa38c - GetProcessHeap
0x4fa390 - HeapAlloc
0x4fa394 - GetUserDefaultLCID
0x4fa398 - GetFullPathNameA
0x4fa39c - FreeLibrary
0x4fa3a0 - LoadLibraryA
0x4fa3a4 - GetLastError
0x4fa3a8 - GetVersionExA
0x4fa3ac - WritePrivateProfileStringA
0x4fa3b0 - CreateThread
0x4fa3b4 - CreateEventA
0x4fa3b8 - Sleep
0x4fa3bc - ExpandEnvironmentStringsA
0x4fa3c0 - GlobalAlloc
0x4fa3c4 - GlobalLock
0x4fa3c8 - GlobalUnlock
0x4fa3cc - GetTempPathA
0x4fa3d0 - FindFirstFileA
0x4fa3d4 - FindClose
0x4fa3d8 - GetFileAttributesA
0x4fa3dc - DeleteFileA
0x4fa3e0 - CopyFileA
0x4fa3e4 - CreateDirectoryA
0x4fa3e8 - SetCurrentDirectoryA
0x4fa3ec - GetVolumeInformationA
0x4fa3f0 - GetModuleHandleA
0x4fa3f4 - GetProcAddress
0x4fa3f8 - MulDiv
0x4fa3fc - GetCommandLineA
0x4fa400 - GetTickCount
0x4fa404 - WaitForSingleObject
0x4fa408 - CloseHandle
0x4fa40c - InterlockedExchange
库 USER32.dll:
0x4fa4a8 - GetNextDlgGroupItem
0x4fa4ac - PostThreadMessageA
0x4fa4b0 - LoadStringA
0x4fa4b4 - MapDialogRect
0x4fa4b8 - SetWindowContextHelpId
0x4fa4bc - CharNextA
0x4fa4c0 - GetMenuCheckMarkDimensions
0x4fa4c4 - GetMenuState
0x4fa4c8 - SetMenuItemBitmaps
0x4fa4cc - CheckMenuItem
0x4fa4d0 - MoveWindow
0x4fa4d4 - IsDialogMessageA
0x4fa4d8 - ScrollWindowEx
0x4fa4dc - SendDlgItemMessageA
0x4fa4e0 - MapWindowPoints
0x4fa4e4 - AdjustWindowRectEx
0x4fa4e8 - ScrollWindow
0x4fa4ec - GetScrollInfo
0x4fa4f0 - SetScrollInfo
0x4fa4f4 - ShowScrollBar
0x4fa4f8 - GetScrollPos
0x4fa4fc - RegisterClassA
0x4fa500 - GetMenuItemCount
0x4fa504 - GetMenuItemID
0x4fa508 - SetWindowsHookExA
0x4fa50c - CallNextHookEx
0x4fa510 - GetClassLongA
0x4fa514 - SetPropA
0x4fa518 - UnhookWindowsHookEx
0x4fa51c - GetPropA
0x4fa520 - RemovePropA
0x4fa524 - GetMessageTime
0x4fa528 - GetLastActivePopup
0x4fa52c - RegisterWindowMessageA
0x4fa530 - GetWindowPlacement
0x4fa534 - EndDialog
0x4fa538 - CreateDialogIndirectParamA
0x4fa53c - DestroyWindow
0x4fa540 - GrayStringA
0x4fa544 - DrawTextA
0x4fa548 - TabbedTextOutA
0x4fa54c - EndPaint
0x4fa550 - BeginPaint
0x4fa554 - GetWindowDC
0x4fa558 - CharUpperA
0x4fa55c - GetWindowTextLengthA
0x4fa560 - DrawStateA
0x4fa564 - FrameRect
0x4fa568 - GetNextDlgTabItem
0x4fa56c - UnregisterHotKey
0x4fa570 - RegisterHotKey
0x4fa574 - CreateWindowExA
0x4fa578 - CallWindowProcA
0x4fa57c - GetWindowTextA
0x4fa580 - FindWindowExA
0x4fa584 - GetDlgItem
0x4fa588 - FindWindowA
0x4fa58c - GetClassNameA
0x4fa590 - GetDesktopWindow
0x4fa594 - SetWindowTextA
0x4fa598 - GetForegroundWindow
0x4fa59c - LoadIconA
0x4fa5a0 - TranslateMessage
0x4fa5a4 - DrawFrameControl
0x4fa5a8 - DrawEdge
0x4fa5ac - DrawFocusRect
0x4fa5b0 - WindowFromPoint
0x4fa5b4 - GetMessageA
0x4fa5b8 - DispatchMessageA
0x4fa5bc - RegisterClipboardFormatA
0x4fa5c0 - CreateIconFromResourceEx
0x4fa5c4 - CreateIconFromResource
0x4fa5c8 - DrawIconEx
0x4fa5cc - CreatePopupMenu
0x4fa5d0 - AppendMenuA
0x4fa5d4 - ModifyMenuA
0x4fa5d8 - CreateMenu
0x4fa5dc - CreateAcceleratorTableA
0x4fa5e0 - GetDlgCtrlID
0x4fa5e4 - GetSubMenu
0x4fa5e8 - EnableMenuItem
0x4fa5ec - ClientToScreen
0x4fa5f0 - EnumDisplaySettingsA
0x4fa5f4 - LoadImageA
0x4fa5f8 - SystemParametersInfoA
0x4fa5fc - ShowWindow
0x4fa600 - IsWindowEnabled
0x4fa604 - TranslateAcceleratorA
0x4fa608 - GetKeyState
0x4fa60c - CopyAcceleratorTableA
0x4fa610 - PostQuitMessage
0x4fa614 - IsZoomed
0x4fa618 - GetClassInfoA
0x4fa61c - DefWindowProcA
0x4fa620 - GetSystemMenu
0x4fa624 - DeleteMenu
0x4fa628 - GetMenu
0x4fa62c - SetMenu
0x4fa630 - PeekMessageA
0x4fa634 - IsIconic
0x4fa638 - SetFocus
0x4fa63c - GetActiveWindow
0x4fa640 - GetWindow
0x4fa644 - DestroyAcceleratorTable
0x4fa648 - SetWindowRgn
0x4fa64c - GetMessagePos
0x4fa650 - ScreenToClient
0x4fa654 - ChildWindowFromPointEx
0x4fa658 - CopyRect
0x4fa65c - LoadBitmapA
0x4fa660 - KillTimer
0x4fa664 - SetTimer
0x4fa668 - ReleaseCapture
0x4fa66c - GetCapture
0x4fa670 - SetCapture
0x4fa674 - GetScrollRange
0x4fa678 - SetScrollRange
0x4fa67c - SetScrollPos
0x4fa680 - SetRect
0x4fa684 - InflateRect
0x4fa688 - IntersectRect
0x4fa68c - DestroyIcon
0x4fa690 - PtInRect
0x4fa694 - OffsetRect
0x4fa698 - IsWindowVisible
0x4fa69c - EnableWindow
0x4fa6a0 - RedrawWindow
0x4fa6a4 - GetWindowLongA
0x4fa6a8 - SetWindowLongA
0x4fa6ac - GetSysColor
0x4fa6b0 - SetActiveWindow
0x4fa6b4 - SetCursorPos
0x4fa6b8 - LoadCursorA
0x4fa6bc - SetCursor
0x4fa6c0 - GetDC
0x4fa6c4 - FillRect
0x4fa6c8 - IsRectEmpty
0x4fa6cc - ReleaseDC
0x4fa6d0 - IsChild
0x4fa6d4 - TrackPopupMenu
0x4fa6d8 - DestroyMenu
0x4fa6dc - SetForegroundWindow
0x4fa6e0 - GetWindowRect
0x4fa6e4 - EqualRect
0x4fa6e8 - UpdateWindow
0x4fa6ec - ValidateRect
0x4fa6f0 - InvalidateRect
0x4fa6f4 - GetClientRect
0x4fa6f8 - GetFocus
0x4fa6fc - GetParent
0x4fa700 - GetTopWindow
0x4fa704 - PostMessageA
0x4fa708 - IsWindow
0x4fa70c - SetParent
0x4fa710 - DestroyCursor
0x4fa714 - SendMessageA
0x4fa718 - SetWindowPos
0x4fa71c - MessageBeep
0x4fa720 - MessageBoxA
0x4fa724 - GetCursorPos
0x4fa728 - GetSystemMetrics
0x4fa72c - EmptyClipboard
0x4fa730 - SetClipboardData
0x4fa734 - OpenClipboard
0x4fa738 - GetClipboardData
0x4fa73c - CloseClipboard
0x4fa740 - wsprintfA
0x4fa744 - GetSysColorBrush
0x4fa748 - SetRectEmpty
0x4fa74c - WinHelpA
0x4fa750 - UnregisterClassA
库 GDI32.dll:
0x4fa064 - GetROP2
0x4fa068 - GetBkColor
0x4fa06c - GetBkMode
0x4fa070 - GetTextColor
0x4fa074 - CreateRoundRectRgn
0x4fa078 - CreateEllipticRgn
0x4fa07c - PathToRegion
0x4fa080 - GetStretchBltMode
0x4fa084 - GetPolyFillMode
0x4fa088 - EndPath
0x4fa08c - CreateCompatibleBitmap
0x4fa090 - CreateDCA
0x4fa094 - CreateBitmap
0x4fa098 - CreatePatternBrush
0x4fa09c - BeginPath
0x4fa0a0 - SelectObject
0x4fa0a4 - CreatePen
0x4fa0a8 - PatBlt
0x4fa0ac - GetWindowOrgEx
0x4fa0b0 - CombineRgn
0x4fa0b4 - SaveDC
0x4fa0b8 - RestoreDC
0x4fa0bc - SetPolyFillMode
0x4fa0c0 - SetROP2
0x4fa0c4 - SetMapMode
0x4fa0c8 - SetViewportOrgEx
0x4fa0cc - OffsetViewportOrgEx
0x4fa0d0 - CreateRectRgn
0x4fa0d4 - ScaleViewportExtEx
0x4fa0d8 - SetWindowOrgEx
0x4fa0dc - SetWindowExtEx
0x4fa0e0 - FillRgn
0x4fa0e4 - GetClipBox
0x4fa0e8 - ExcludeClipRect
0x4fa0ec - MoveToEx
0x4fa0f0 - LineTo
0x4fa0f4 - ExtSelectClipRgn
0x4fa0f8 - GetViewportExtEx
0x4fa0fc - PtVisible
0x4fa100 - RectVisible
0x4fa104 - ExtTextOutA
0x4fa108 - Escape
0x4fa10c - GetTextMetricsA
0x4fa110 - GetMapMode
0x4fa114 - TextOutA
0x4fa118 - TranslateCharsetInfo
0x4fa11c - CreateFontA
0x4fa120 - SetBkColor
0x4fa124 - CreateRectRgnIndirect
0x4fa128 - CreateDIBSection
0x4fa12c - SetStretchBltMode
0x4fa130 - GetClipRgn
0x4fa134 - CreatePolygonRgn
0x4fa138 - SelectClipRgn
0x4fa13c - DeleteObject
0x4fa140 - CreateDIBitmap
0x4fa144 - GetSystemPaletteEntries
0x4fa148 - CreatePalette
0x4fa14c - StretchBlt
0x4fa150 - CreateSolidBrush
0x4fa154 - CreateFontIndirectA
0x4fa158 - GetStockObject
0x4fa15c - GetObjectA
0x4fa160 - EndPage
0x4fa164 - EndDoc
0x4fa168 - DeleteDC
0x4fa16c - ScaleWindowExtEx
0x4fa170 - StartDocA
0x4fa174 - StartPage
0x4fa178 - BitBlt
0x4fa17c - GetPixel
0x4fa180 - CreateCompatibleDC
0x4fa184 - Ellipse
0x4fa188 - Rectangle
0x4fa18c - LPtoDP
0x4fa190 - DPtoLP
0x4fa194 - GetCurrentObject
0x4fa198 - SetDIBitsToDevice
0x4fa19c - SetTextColor
0x4fa1a0 - RoundRect
0x4fa1a4 - GetTextExtentPoint32A
0x4fa1a8 - SetViewportExtEx
0x4fa1ac - GetDeviceCaps
0x4fa1b0 - SelectPalette
0x4fa1b4 - RealizePalette
0x4fa1b8 - GetDIBits
0x4fa1bc - GetWindowExtEx
0x4fa1c0 - GetViewportOrgEx
0x4fa1c4 - SetBkMode
库 WINSPOOL.DRV:
0x4fa7d0 - DocumentPropertiesA
0x4fa7d4 - ClosePrinter
0x4fa7d8 - OpenPrinterA
库 comdlg32.dll:
0x4fa814 - GetFileTitleA
0x4fa818 - GetSaveFileNameA
0x4fa81c - GetOpenFileNameA
0x4fa820 - ChooseColorA
库 ADVAPI32.dll:
0x4fa000 - RegCreateKeyExA
0x4fa004 - RegQueryValueA
0x4fa008 - RegDeleteKeyA
0x4fa00c - RegDeleteValueA
0x4fa010 - RegCreateKeyA
0x4fa014 - RegSetValueExA
0x4fa018 - RegOpenKeyExA
0x4fa01c - RegQueryValueExA
0x4fa020 - RegCloseKey
库 SHELL32.dll:
0x4fa48c - Shell_NotifyIconA
0x4fa490 - SHGetSpecialFolderPathA
0x4fa494 - ShellExecuteA
0x4fa498 - DragAcceptFiles
0x4fa49c - DragFinish
0x4fa4a0 - DragQueryFileA
库 ole32.dll:
0x4fa828 - CoRegisterMessageFilter
0x4fa82c - CoFreeUnusedLibraries
0x4fa830 - CreateILockBytesOnHGlobal
0x4fa834 - StgCreateDocfileOnILockBytes
0x4fa838 - StgOpenStorageOnILockBytes
0x4fa83c - CoGetClassObject
0x4fa840 - CoDisconnectObject
0x4fa844 - OleFlushClipboard
0x4fa848 - CoTaskMemFree
0x4fa84c - CoTaskMemAlloc
0x4fa850 - CLSIDFromProgID
0x4fa854 - OleInitialize
0x4fa858 - OleUninitialize
0x4fa85c - CLSIDFromString
0x4fa860 - CoCreateInstance
0x4fa864 - OleIsCurrentClipboard
0x4fa868 - CoRevokeClassObject
库 OLEAUT32.dll:
0x4fa41c - SafeArrayGetElement
0x4fa420 - SafeArrayAccessData
0x4fa424 - SafeArrayUnaccessData
0x4fa428 - SafeArrayGetDim
0x4fa42c - SafeArrayGetLBound
0x4fa430 - SafeArrayGetUBound
0x4fa434 - VariantChangeType
0x4fa438 - VariantClear
0x4fa43c - VariantCopy
0x4fa440 - LoadTypeLib
0x4fa444 - VariantTimeToSystemTime
0x4fa448 - SysStringLen
0x4fa44c - VariantCopyInd
0x4fa450 - VariantInit
0x4fa454 - SysAllocString
0x4fa458 - SafeArrayCreate
0x4fa45c - RegisterTypeLib
0x4fa460 - LHashValOfNameSys
0x4fa464 - OleCreateFontIndirect
0x4fa468 - UnRegisterTypeLib
0x4fa46c - SysFreeString
0x4fa470 - SafeArrayGetElemsize
0x4fa474 - SysAllocStringLen
0x4fa478 - SysAllocStringByteLen
库 COMCTL32.dll:
0x4fa034 - ImageList_Add
0x4fa038 - ImageList_BeginDrag
0x4fa03c - ImageList_Create
0x4fa040 - ImageList_Destroy
0x4fa044 - ImageList_DragEnter
0x4fa048 - ImageList_DragLeave
0x4fa04c - ImageList_DragMove
0x4fa050 - ImageList_DragShowNolock
0x4fa054 - ImageList_EndDrag
0x4fa058 - None
0x4fa05c - _TrackMouseEvent
库 oledlg.dll:
0x4fa870 - None
库 WININET.dll:
0x4fa758 - InternetCrackUrlA
0x4fa75c - HttpOpenRequestA
0x4fa760 - HttpSendRequestA
0x4fa764 - HttpQueryInfoA
0x4fa768 - InternetReadFile
0x4fa76c - InternetConnectA
0x4fa770 - InternetSetOptionA
0x4fa774 - InternetCloseHandle
0x4fa778 - InternetCanonicalizeUrlA
0x4fa77c - InternetOpenA

投放文件

无信息

行为分析

互斥量(Mutexes) 无信息
执行的命令 无信息
创建的服务 无信息
启动的服务 无信息

进程

无信息
访问的文件 无信息
读取的文件 无信息
修改的文件 无信息
删除的文件 无信息
注册表键 无信息
读取的注册表键 无信息
修改的注册表键 无信息
删除的注册表键 无信息
API解析 无信息