魔盾安全分析报告

分析类型	开始时间	结束时间	持续时间	分析引擎版本
FILE	2022-07-01 20:55:23	2022-07-01 20:57:35	132 秒	1.4-Maldun

虚拟机机器名	标签	虚拟机管理	开机时间	关机时间
win7-sp1-x64-shaapp02-1	win7-sp1-x64-shaapp02-1	KVM	2022-07-01 20:55:25	2022-07-01 20:57:35

魔盾分数
1.75 正常的

文件详细信息

文件名	ROOT免费版.exe
文件大小	1404928 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
CRC32	8866A197
MD5	ebe6cfb0d265a7e425a4bb84c17df633
SHA1	31bc7e38d15d713cae358c1d40dd79565b6cd2f3
SHA256	7552aa3bddca49f2fc324953cd79227da21fd7e969f65ba4ad678bb6c1b58fe4
SHA512	e3607f4cc0347e39c2a77352e18b3a8f486a89662db954dc4bbc013709dbf2c2a2cf22f9f6143d5a182cf5b4e9b90f24f585b3315ab0d10edb3c1a2a33a47df0
Ssdeep	24576:uJf4qJ89L+TSJNRBf4ujNHEgfyz2cJzC6yYBlAJV3emgjmY4:EaSSD4uSnz/Blq3TgQ
PEiD	无匹配
Yara	DebuggerTiming__PerformanceCounter () DebuggerTiming__Ticks (Detected timing ticks function) anti_dbg (Detected self protection if being debugged) screenshot (Detected take screenshot function) create_process (Detection function for creating a new process) keylogger (Detected keylogger function) win_registry (Detected system registries modification function) change_win_registry (Change registries to affect system) win_files_operation (Affect private profile) win_hook (Detected hook table access function) win_private_profile (Detected private profile access function) Maldun_Anomoly_Combined_Activities_7 (Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files) IsPE32 (Detected a 32bit PE sample) IsWindowsGUI (Detected a Windows GUI sample) HasRichSignature (Detected Rich Signature) CRC32_poly_Constant (Look for CRC32 [poly]) CRC32_table (Look for CRC32 table) MD5_Constants (Look for MD5 constants) with_images (Detected the presence of an or several images) with_urls (Detected the presence of an or several urls)
VirusTotal	VirusTotal查询失败

特征

创建RWX内存

魔盾安全Yara规则检测结果 - 安全告警

Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files

运行截图

网络分析

TCP连接

IP地址	端口
42.99.140.178	80

UDP连接

IP地址	端口
192.168.122.1	53

HTTP请求

URL	HTTP数据
http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache

静态分析

PE 信息

初始地址	0x00400000
入口地址	0x0048cd09
声明校验值	0x00000000
实际校验值	0x00160127
最低操作系统版本要求	4.0
编译时间	2022-07-01 20:00:04
载入哈希	231440c11b542500389559836205422a

版本信息

LegalCopyright:	ROOT\u514d\u8d39\u7248QQ\u7fa4\uff1a816582314
FileVersion:	1.0.0.0
CompanyName:	ROOT\u514d\u8d39\u7248QQ\u7fa4\uff1a816582314
Comments:	ROOT\u514d\u8d39\u7248QQ\u7fa4\uff1a816582314
ProductName:	ROOT\u514d\u8d39\u7248QQ\u7fa4\uff1a816582314
ProductVersion:	1.0.0.0
FileDescription:	ROOT\u514d\u8d39\u7248QQ\u7fa4\uff1a816582314
Translation:	0x0804 0x04b0

PE数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x000aabae	0x000ab000	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.62
.rdata	0x000ac000	0x000844e2	0x00085000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	6.39
.data	0x00131000	0x0004354a	0x0001c000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	5.00
.rsrc	0x00175000	0x0000910c	0x0000a000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.81

导入

库 WINMM.dll:

• 0x4ac624 - midiStreamOut

• 0x4ac628 - midiOutPrepareHeader

• 0x4ac62c - waveOutWrite

• 0x4ac630 - waveOutPause

• 0x4ac634 - waveOutReset

• 0x4ac638 - waveOutClose

• 0x4ac63c - waveOutGetNumDevs

• 0x4ac640 - waveOutOpen

• 0x4ac644 - midiOutUnprepareHeader

• 0x4ac648 - midiStreamOpen

• 0x4ac64c - midiStreamProperty

• 0x4ac650 - midiStreamStop

• 0x4ac654 - midiOutReset

• 0x4ac658 - midiStreamClose

• 0x4ac65c - midiStreamRestart

• 0x4ac660 - waveOutUnprepareHeader

• 0x4ac664 - waveOutPrepareHeader

库 WS2_32.dll:

• 0x4ac67c - WSACleanup

• 0x4ac680 - closesocket

• 0x4ac684 - getpeername

• 0x4ac688 - accept

• 0x4ac68c - WSAAsyncSelect

• 0x4ac690 - recvfrom

• 0x4ac694 - ioctlsocket

• 0x4ac698 - inet_ntoa

• 0x4ac69c - recv

库 KERNEL32.dll:

• 0x4ac17c - GetFileSize

• 0x4ac180 - TerminateProcess

• 0x4ac184 - SetLastError

• 0x4ac188 - GetTimeZoneInformation

• 0x4ac18c - GetVersion

• 0x4ac190 - InterlockedIncrement

• 0x4ac194 - InterlockedDecrement

• 0x4ac198 - SetFilePointer

• 0x4ac19c - IsProcessorFeaturePresent

• 0x4ac1a0 - lstrcmpiA

• 0x4ac1a4 - FreeEnvironmentStringsA

• 0x4ac1a8 - UnhandledExceptionFilter

• 0x4ac1ac - GetACP

• 0x4ac1b0 - HeapSize

• 0x4ac1b4 - RaiseException

• 0x4ac1b8 - GetLocalTime

• 0x4ac1bc - GetSystemTime

• 0x4ac1c0 - RtlUnwind

• 0x4ac1c4 - GetStartupInfoA

• 0x4ac1c8 - GetOEMCP

• 0x4ac1cc - GetCPInfo

• 0x4ac1d0 - GetProcessVersion

• 0x4ac1d4 - SetErrorMode

• 0x4ac1d8 - GlobalFlags

• 0x4ac1dc - GetCurrentThread

• 0x4ac1e0 - GetFileTime

• 0x4ac1e4 - TlsGetValue

• 0x4ac1e8 - LocalReAlloc

• 0x4ac1ec - TlsSetValue

• 0x4ac1f0 - TlsFree

• 0x4ac1f4 - GlobalHandle

• 0x4ac1f8 - TlsAlloc

• 0x4ac1fc - LocalAlloc

• 0x4ac200 - lstrcmpA

• 0x4ac204 - GlobalGetAtomNameA

• 0x4ac208 - GlobalAddAtomA

• 0x4ac20c - GlobalFindAtomA

• 0x4ac210 - GlobalDeleteAtom

• 0x4ac214 - SetEndOfFile

• 0x4ac218 - UnlockFile

• 0x4ac21c - LockFile

• 0x4ac220 - FlushFileBuffers

• 0x4ac224 - DuplicateHandle

• 0x4ac228 - lstrcpynA

• 0x4ac22c - FileTimeToLocalFileTime

• 0x4ac230 - FileTimeToSystemTime

• 0x4ac234 - LocalFree

• 0x4ac238 - GetCurrentProcess

• 0x4ac23c - GetWindowsDirectoryA

• 0x4ac240 - GetSystemDirectoryA

• 0x4ac244 - CreateSemaphoreA

• 0x4ac248 - ResumeThread

• 0x4ac24c - ReleaseSemaphore

• 0x4ac250 - EnterCriticalSection

• 0x4ac254 - LeaveCriticalSection

• 0x4ac258 - GetProfileStringA

• 0x4ac25c - WriteFile

• 0x4ac260 - WaitForMultipleObjects

• 0x4ac264 - CreateFileA

• 0x4ac268 - SetEvent

• 0x4ac26c - FindResourceA

• 0x4ac270 - LoadResource

• 0x4ac274 - LockResource

• 0x4ac278 - ReadFile

• 0x4ac27c - RemoveDirectoryA

• 0x4ac280 - GetModuleFileNameA

• 0x4ac284 - WideCharToMultiByte

• 0x4ac288 - MultiByteToWideChar

• 0x4ac28c - GetCurrentThreadId

• 0x4ac290 - ExitProcess

• 0x4ac294 - GlobalSize

• 0x4ac298 - GlobalFree

• 0x4ac29c - InterlockedExchange

• 0x4ac2a0 - DeleteCriticalSection

• 0x4ac2a4 - InitializeCriticalSection

• 0x4ac2a8 - lstrcatA

• 0x4ac2ac - lstrlenA

• 0x4ac2b0 - WinExec

• 0x4ac2b4 - lstrcpyA

• 0x4ac2b8 - FindNextFileA

• 0x4ac2bc - GlobalReAlloc

• 0x4ac2c0 - HeapFree

• 0x4ac2c4 - HeapReAlloc

• 0x4ac2c8 - GetProcessHeap

• 0x4ac2cc - HeapAlloc

• 0x4ac2d0 - GetFullPathNameA

• 0x4ac2d4 - FreeLibrary

• 0x4ac2d8 - LoadLibraryA

• 0x4ac2dc - GetLastError

• 0x4ac2e0 - GetVersionExA

• 0x4ac2e4 - WritePrivateProfileStringA

• 0x4ac2e8 - CreateThread

• 0x4ac2ec - CreateEventA

• 0x4ac2f0 - Sleep

• 0x4ac2f4 - GlobalAlloc

• 0x4ac2f8 - GlobalLock

• 0x4ac2fc - GlobalUnlock

• 0x4ac300 - GetTempPathA

• 0x4ac304 - FindFirstFileA

• 0x4ac308 - FindClose

• 0x4ac30c - SetFileAttributesA

• 0x4ac310 - GetFileAttributesA

• 0x4ac314 - DeleteFileA

• 0x4ac318 - SetCurrentDirectoryA

• 0x4ac31c - GetVolumeInformationA

• 0x4ac320 - GetModuleHandleA

• 0x4ac324 - GetProcAddress

• 0x4ac328 - MulDiv

• 0x4ac32c - GetCommandLineA

• 0x4ac330 - GetTickCount

• 0x4ac334 - WaitForSingleObject

• 0x4ac338 - CloseHandle

• 0x4ac33c - FreeEnvironmentStringsW

• 0x4ac340 - GetEnvironmentStrings

• 0x4ac344 - GetEnvironmentStringsW

• 0x4ac348 - SetHandleCount

• 0x4ac34c - GetStdHandle

• 0x4ac350 - GetFileType

• 0x4ac354 - GetEnvironmentVariableA

• 0x4ac358 - HeapDestroy

• 0x4ac35c - HeapCreate

• 0x4ac360 - VirtualFree

• 0x4ac364 - SetEnvironmentVariableA

• 0x4ac368 - LCMapStringA

• 0x4ac36c - LCMapStringW

• 0x4ac370 - VirtualAlloc

• 0x4ac374 - IsBadWritePtr

• 0x4ac378 - SetUnhandledExceptionFilter

• 0x4ac37c - GetStringTypeA

• 0x4ac380 - GetStringTypeW

• 0x4ac384 - CompareStringA

• 0x4ac388 - CompareStringW

• 0x4ac38c - IsBadReadPtr

• 0x4ac390 - IsBadCodePtr

• 0x4ac394 - SetStdHandle

• 0x4ac398 - GetSystemInfo

库 USER32.dll:

• 0x4ac3c0 - SetFocus

• 0x4ac3c4 - IsIconic

• 0x4ac3c8 - PeekMessageA

• 0x4ac3cc - SetMenu

• 0x4ac3d0 - GetMenu

• 0x4ac3d4 - GetActiveWindow

• 0x4ac3d8 - GetWindow

• 0x4ac3dc - DestroyAcceleratorTable

• 0x4ac3e0 - SetWindowRgn

• 0x4ac3e4 - GetMessagePos

• 0x4ac3e8 - GetSysColorBrush

• 0x4ac3ec - CopyAcceleratorTableA

• 0x4ac3f0 - GetKeyState

• 0x4ac3f4 - TranslateAcceleratorA

• 0x4ac3f8 - IsWindowEnabled

• 0x4ac3fc - ShowWindow

• 0x4ac400 - SystemParametersInfoA

• 0x4ac404 - LoadImageA

• 0x4ac408 - EnumDisplaySettingsA

• 0x4ac40c - ClientToScreen

• 0x4ac410 - EnableMenuItem

• 0x4ac414 - GetSubMenu

• 0x4ac418 - GetDlgCtrlID

• 0x4ac41c - CreateAcceleratorTableA

• 0x4ac420 - CreateMenu

• 0x4ac424 - ModifyMenuA

• 0x4ac428 - AppendMenuA

• 0x4ac42c - CreatePopupMenu

• 0x4ac430 - CreateIconFromResource

• 0x4ac434 - CreateIconFromResourceEx

• 0x4ac438 - RegisterClipboardFormatA

• 0x4ac43c - SetRectEmpty

• 0x4ac440 - DispatchMessageA

• 0x4ac444 - ScreenToClient

• 0x4ac448 - GetMessageA

• 0x4ac44c - CopyRect

• 0x4ac450 - LoadBitmapA

• 0x4ac454 - WinHelpA

• 0x4ac458 - KillTimer

• 0x4ac45c - SetTimer

• 0x4ac460 - ReleaseCapture

• 0x4ac464 - GetCapture

• 0x4ac468 - SetCapture

• 0x4ac46c - GetScrollRange

• 0x4ac470 - SetScrollRange

• 0x4ac474 - LoadStringA

• 0x4ac478 - GetMenuCheckMarkDimensions

• 0x4ac47c - GetMenuState

• 0x4ac480 - SetScrollPos

• 0x4ac484 - SetRect

• 0x4ac488 - InflateRect

• 0x4ac48c - IntersectRect

• 0x4ac490 - DestroyIcon

• 0x4ac494 - OffsetRect

• 0x4ac498 - IsWindowVisible

• 0x4ac49c - EnableWindow

• 0x4ac4a0 - RedrawWindow

• 0x4ac4a4 - GetWindowLongA

• 0x4ac4a8 - SetWindowLongA

• 0x4ac4ac - GetSysColor

• 0x4ac4b0 - SetActiveWindow

• 0x4ac4b4 - SetCursorPos

• 0x4ac4b8 - LoadCursorA

• 0x4ac4bc - SetCursor

• 0x4ac4c0 - GetDC

• 0x4ac4c4 - FillRect

• 0x4ac4c8 - IsRectEmpty

• 0x4ac4cc - ReleaseDC

• 0x4ac4d0 - IsChild

• 0x4ac4d4 - DestroyMenu

• 0x4ac4d8 - SetForegroundWindow

• 0x4ac4dc - GetWindowRect

• 0x4ac4e0 - EqualRect

• 0x4ac4e4 - UpdateWindow

• 0x4ac4e8 - ValidateRect

• 0x4ac4ec - InvalidateRect

• 0x4ac4f0 - GetClientRect

• 0x4ac4f4 - GetFocus

• 0x4ac4f8 - GetParent

• 0x4ac4fc - GetTopWindow

• 0x4ac500 - PostMessageA

• 0x4ac504 - IsWindow

• 0x4ac508 - SetParent

• 0x4ac50c - DestroyCursor

• 0x4ac510 - SendMessageA

• 0x4ac514 - SetWindowPos

• 0x4ac518 - MessageBoxA

• 0x4ac51c - GetCursorPos

• 0x4ac520 - GetSystemMetrics

• 0x4ac524 - EmptyClipboard

• 0x4ac528 - SetClipboardData

• 0x4ac52c - OpenClipboard

• 0x4ac530 - GetClipboardData

• 0x4ac534 - CloseClipboard

• 0x4ac538 - wsprintfA

• 0x4ac53c - WindowFromPoint

• 0x4ac540 - DrawFocusRect

• 0x4ac544 - DrawEdge

• 0x4ac548 - DrawFrameControl

• 0x4ac54c - TranslateMessage

• 0x4ac550 - LoadIconA

• 0x4ac554 - GetForegroundWindow

• 0x4ac558 - GetDesktopWindow

• 0x4ac55c - GetClassNameA

• 0x4ac560 - GetDlgItem

• 0x4ac564 - GetWindowTextA

• 0x4ac568 - DefWindowProcA

• 0x4ac56c - GetClassInfoA

• 0x4ac570 - IsZoomed

• 0x4ac574 - PtInRect

• 0x4ac578 - PostQuitMessage

• 0x4ac57c - ChildWindowFromPointEx

• 0x4ac580 - UnregisterClassA

• 0x4ac584 - DrawIconEx

• 0x4ac588 - GetWindowTextLengthA

• 0x4ac58c - CharUpperA

• 0x4ac590 - GetWindowDC

• 0x4ac594 - BeginPaint

• 0x4ac598 - EndPaint

• 0x4ac59c - TabbedTextOutA

• 0x4ac5a0 - DrawTextA

• 0x4ac5a4 - GrayStringA

• 0x4ac5a8 - DestroyWindow

• 0x4ac5ac - CreateDialogIndirectParamA

• 0x4ac5b0 - EndDialog

• 0x4ac5b4 - GetNextDlgTabItem

• 0x4ac5b8 - GetWindowPlacement

• 0x4ac5bc - RegisterWindowMessageA

• 0x4ac5c0 - GetLastActivePopup

• 0x4ac5c4 - GetMessageTime

• 0x4ac5c8 - RemovePropA

• 0x4ac5cc - CallWindowProcA

• 0x4ac5d0 - GetPropA

• 0x4ac5d4 - UnhookWindowsHookEx

• 0x4ac5d8 - SetPropA

• 0x4ac5dc - GetClassLongA

• 0x4ac5e0 - CallNextHookEx

• 0x4ac5e4 - SetWindowsHookExA

• 0x4ac5e8 - CreateWindowExA

• 0x4ac5ec - GetMenuItemID

• 0x4ac5f0 - GetMenuItemCount

• 0x4ac5f4 - RegisterClassA

• 0x4ac5f8 - GetScrollPos

• 0x4ac5fc - AdjustWindowRectEx

• 0x4ac600 - MapWindowPoints

• 0x4ac604 - SendDlgItemMessageA

• 0x4ac608 - ScrollWindowEx

• 0x4ac60c - IsDialogMessageA

• 0x4ac610 - SetWindowTextA

• 0x4ac614 - MoveWindow

• 0x4ac618 - CheckMenuItem

• 0x4ac61c - SetMenuItemBitmaps

库 GDI32.dll:

• 0x4ac030 - GetViewportExtEx

• 0x4ac034 - ExtSelectClipRgn

• 0x4ac038 - LineTo

• 0x4ac03c - MoveToEx

• 0x4ac040 - CreateRectRgn

• 0x4ac044 - FillRgn

• 0x4ac048 - CreateSolidBrush

• 0x4ac04c - GetStockObject

• 0x4ac050 - CreateFontIndirectA

• 0x4ac054 - EndPage

• 0x4ac058 - EndDoc

• 0x4ac05c - DeleteDC

• 0x4ac060 - StartDocA

• 0x4ac064 - StartPage

• 0x4ac068 - BitBlt

• 0x4ac06c - CreateCompatibleDC

• 0x4ac070 - Ellipse

• 0x4ac074 - Rectangle

• 0x4ac078 - PtVisible

• 0x4ac07c - DPtoLP

• 0x4ac080 - GetCurrentObject

• 0x4ac084 - RoundRect

• 0x4ac088 - GetTextExtentPoint32A

• 0x4ac08c - GetDeviceCaps

• 0x4ac090 - CreatePolygonRgn

• 0x4ac094 - GetClipRgn

• 0x4ac098 - SetStretchBltMode

• 0x4ac09c - CreateRectRgnIndirect

• 0x4ac0a0 - SetBkColor

• 0x4ac0a4 - ExcludeClipRect

• 0x4ac0a8 - GetClipBox

• 0x4ac0ac - ScaleWindowExtEx

• 0x4ac0b0 - SetWindowExtEx

• 0x4ac0b4 - SetWindowOrgEx

• 0x4ac0b8 - ScaleViewportExtEx

• 0x4ac0bc - SetViewportExtEx

• 0x4ac0c0 - OffsetViewportOrgEx

• 0x4ac0c4 - SetViewportOrgEx

• 0x4ac0c8 - SetMapMode

• 0x4ac0cc - SetTextColor

• 0x4ac0d0 - RectVisible

• 0x4ac0d4 - TextOutA

• 0x4ac0d8 - ExtTextOutA

• 0x4ac0dc - Escape

• 0x4ac0e0 - GetTextMetricsA

• 0x4ac0e4 - CombineRgn

• 0x4ac0e8 - PatBlt

• 0x4ac0ec - CreatePen

• 0x4ac0f0 - GetObjectA

• 0x4ac0f4 - SelectObject

• 0x4ac0f8 - CreateBitmap

• 0x4ac0fc - CreateDCA

• 0x4ac100 - CreateCompatibleBitmap

• 0x4ac104 - GetPolyFillMode

• 0x4ac108 - GetStretchBltMode

• 0x4ac10c - GetROP2

• 0x4ac110 - GetBkColor

• 0x4ac114 - GetBkMode

• 0x4ac118 - GetTextColor

• 0x4ac11c - CreateRoundRectRgn

• 0x4ac120 - CreateEllipticRgn

• 0x4ac124 - PathToRegion

• 0x4ac128 - EndPath

• 0x4ac12c - BeginPath

• 0x4ac130 - SetROP2

• 0x4ac134 - SetPolyFillMode

• 0x4ac138 - SetBkMode

• 0x4ac13c - RestoreDC

• 0x4ac140 - SaveDC

• 0x4ac144 - GetWindowOrgEx

• 0x4ac148 - GetViewportOrgEx

• 0x4ac14c - GetWindowExtEx

• 0x4ac150 - SelectClipRgn

• 0x4ac154 - RealizePalette

• 0x4ac158 - SelectPalette

• 0x4ac15c - StretchBlt

• 0x4ac160 - CreatePalette

• 0x4ac164 - GetSystemPaletteEntries

• 0x4ac168 - CreateDIBitmap

• 0x4ac16c - LPtoDP

• 0x4ac170 - GetDIBits

• 0x4ac174 - DeleteObject

库 WINSPOOL.DRV:

• 0x4ac66c - OpenPrinterA

• 0x4ac670 - DocumentPropertiesA

• 0x4ac674 - ClosePrinter

库 ADVAPI32.dll:

• 0x4ac000 - RegQueryValueExA

• 0x4ac004 - RegOpenKeyExA

• 0x4ac008 - RegSetValueExA

• 0x4ac00c - RegCreateKeyA

• 0x4ac010 - RegQueryValueA

• 0x4ac014 - RegCreateKeyExA

• 0x4ac018 - RegOpenKeyA

• 0x4ac01c - RegCloseKey

库 SHELL32.dll:

• 0x4ac3b0 - SHGetSpecialFolderPathA

• 0x4ac3b4 - ShellExecuteA

• 0x4ac3b8 - Shell_NotifyIconA

库 ole32.dll:

• 0x4ac6b8 - CLSIDFromString

• 0x4ac6bc - OleUninitialize

• 0x4ac6c0 - OleInitialize

库 OLEAUT32.dll:

• 0x4ac3a0 - LoadTypeLib

• 0x4ac3a4 - RegisterTypeLib

• 0x4ac3a8 - UnRegisterTypeLib

库 COMCTL32.dll:

• 0x4ac024 - None

• 0x4ac028 - ImageList_Destroy

库 comdlg32.dll:

• 0x4ac6a4 - ChooseColorA

• 0x4ac6a8 - GetFileTitleA

• 0x4ac6ac - GetSaveFileNameA

• 0x4ac6b0 - GetOpenFileNameA

投放文件

无信息

行为分析

互斥量(Mutexes) 无信息

执行的命令 无信息

创建的服务 无信息

启动的服务 无信息

进程

ROOT_________.exe PID: 2644, 上一级进程 PID: 2300

访问的文件

C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\test\AppData\Local\Temp\d3dx11_43.dll
C:\Windows\System32\d3dx11_43.dll
C:\Windows\system\d3dx11_43.dll
C:\Windows\d3dx11_43.dll
C:\ProgramData\Oracle\Java\javapath\d3dx11_43.dll
C:\Windows\System32\wbem\d3dx11_43.dll
C:\Windows\System32\WindowsPowerShell\v1.0\d3dx11_43.dll
C:\Program Files (x86)\WinRAR\d3dx11_43.dll

读取的文件

C:\Windows\Globalization\Sorting\sortdefault.nls

修改的文件 无信息

删除的文件 无信息

注册表键 无信息

读取的注册表键 无信息

修改的注册表键 无信息

删除的注册表键 无信息

API解析

kernel32.dll.IsProcessorFeaturePresent
cryptbase.dll.SystemFunction036
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
d3d9.dll.Direct3DCreate9
ntdll.dll.RtlMoveMemory
kernel32.dll.GetTickCount
kernel32.dll.GlobalAlloc
kernel32.dll.GlobalLock
kernel32.dll.GlobalUnlock
kernel32.dll.QueryPerformanceFrequency
kernel32.dll.QueryPerformanceCounter
kernel32.dll.SetEndOfFile
kernel32.dll.WriteConsoleW
kernel32.dll.HeapReAlloc
kernel32.dll.HeapSize
kernel32.dll.CreateFileW
kernel32.dll.GetStringTypeW
kernel32.dll.SetStdHandle
kernel32.dll.FreeEnvironmentStringsW
kernel32.dll.GetEnvironmentStringsW
kernel32.dll.GetCommandLineW
kernel32.dll.GetCommandLineA
kernel32.dll.GetCPInfo
kernel32.dll.WideCharToMultiByte
kernel32.dll.GetACP
kernel32.dll.IsValidCodePage
kernel32.dll.FindNextFileW
kernel32.dll.FindFirstFileExW
kernel32.dll.FindClose
kernel32.dll.GetFileSizeEx
kernel32.dll.GetConsoleCP
kernel32.dll.WriteFile
kernel32.dll.FlushFileBuffers
kernel32.dll.LCMapStringW
kernel32.dll.HeapFree
kernel32.dll.GetFileType
kernel32.dll.GetStdHandle
kernel32.dll.ReadConsoleW
kernel32.dll.GetProcessHeap
kernel32.dll.HeapAlloc
kernel32.dll.Sleep
kernel32.dll.GetOEMCP
kernel32.dll.MultiByteToWideChar
kernel32.dll.CloseHandle
kernel32.dll.EnterCriticalSection
kernel32.dll.LeaveCriticalSection
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.DeleteCriticalSection
kernel32.dll.SetEvent
kernel32.dll.ResetEvent
kernel32.dll.WaitForSingleObjectEx
kernel32.dll.CreateEventW
kernel32.dll.GetModuleHandleW
kernel32.dll.GetProcAddress
kernel32.dll.UnhandledExceptionFilter
kernel32.dll.SetUnhandledExceptionFilter
kernel32.dll.GetCurrentProcess
kernel32.dll.TerminateProcess
kernel32.dll.IsDebuggerPresent
kernel32.dll.GetStartupInfoW
kernel32.dll.GetCurrentProcessId
kernel32.dll.GetCurrentThreadId
kernel32.dll.GetSystemTimeAsFileTime
kernel32.dll.InitializeSListHead
kernel32.dll.RtlUnwind
kernel32.dll.InterlockedFlushSList
kernel32.dll.GetLastError
kernel32.dll.SetLastError
kernel32.dll.TlsAlloc
kernel32.dll.TlsGetValue
kernel32.dll.TlsSetValue
kernel32.dll.TlsFree
kernel32.dll.FreeLibrary
kernel32.dll.LoadLibraryExW
kernel32.dll.RaiseException
kernel32.dll.ReadFile
kernel32.dll.ExitProcess
kernel32.dll.GetModuleHandleExW
kernel32.dll.GetModuleFileNameW
kernel32.dll.SetFilePointerEx
kernel32.dll.GetConsoleMode
user32.dll.GetCursorPos
user32.dll.UpdateWindow
user32.dll.PostQuitMessage
user32.dll.GetClientRect
user32.dll.TranslateMessage
user32.dll.GetKeyState
user32.dll.LoadCursorW
user32.dll.SetCursor
user32.dll.SetCursorPos
user32.dll.OpenClipboard
user32.dll.CloseClipboard
user32.dll.EmptyClipboard
user32.dll.GetClipboardData
user32.dll.SetClipboardData
user32.dll.DefWindowProcW
user32.dll.SetWindowPos
user32.dll.CreateWindowExW
user32.dll.RegisterClassExW
user32.dll.ShowWindow
user32.dll.IsWindow
user32.dll.GetAsyncKeyState
user32.dll.DispatchMessageW
user32.dll.ClientToScreen
user32.dll.PeekMessageW
user32.dll.MoveWindow
user32.dll.SetLayeredWindowAttributes
dwmapi.dll.DwmExtendFrameIntoClientArea
d3d11.dll.D3D11CreateDeviceAndSwapChain