魔盾安全分析报告
| 分析类型 | 开始时间 | 结束时间 | 持续时间 | 分析引擎版本 |
|---|---|---|---|---|
| FILE | 2017-08-22 22:16:07 | 2017-08-22 22:18:32 | 145 秒 | 1.4-Maldun |
| 虚拟机机器名 | 标签 | 虚拟机管理 | 开机时间 | 关机时间 |
|---|---|---|---|---|
| win7-sp1-x64-hpdapp03-2 | win7-sp1-x64-hpdapp03-2 | KVM | 2017-08-22 22:16:16 | 2017-08-22 22:18:32 |
| 魔盾分数 |
|---|
1.5正常的 |
文件详细信息
| 文件名 | info.exe |
|---|---|
| 文件大小 | 2225152 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| CRC32 | 3DE5AFF4 |
| MD5 | 5a0ea574c6e0a7afb20f1441a7732ca2 |
| SHA1 | 7505741a7b76e6662fdf087776f73c212e6d9213 |
| SHA256 | ff688dbeaef912c25356945067bbd5c3a590122da2e3c0703c9d637588b49c23 |
| SHA512 | 8bca538406eab94264238e805327cb80984b45ad34cf1580fe0d5c43632689dce63a71cb2384acfd5412f2b7873b9e28d490c76c7de99b6cd33082d786a922fa |
| Ssdeep | 49152:oheTl2Eq5F2gmnfT7JxzG2bHE2mQCpFFmqR:0qDfZxzfCFm |
| PEiD | 无匹配 |
| Yara | 无Yara规则匹配 |
| VirusTotal |
VirusTotal链接 VirusTotal扫描时间: 2017-08-22 04:24:43 扫描结果: 0/64 |
特征
创建RWX内存
二进制文件可能包含加密或压缩数据
section: name: .rsrc, entropy: 7.97, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x0013c200, virtual_size: 0x0013c0c1
运行截图
网络分析
静态分析
PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x004b8016 |
| 声明校验值 | 0x002297cf |
| 实际校验值 | 0x002297cf |
| 最低操作系统版本要求 | 5.0 |
| 编译时间 | 2017-05-19 06:59:04 |
| 载入哈希 | deaa8a23751bddf0090ee8db5432c4bf |
| 图标 |  |
| 图标精确哈希值 | b574ed4988f7c634af27b4a4b6f8039b |
| 图标相似性哈希值 | ad09383b017e160111bb9fda74793b8a |
| 导出DLL库名称 | AutoHotkey.exe |
版本信息
| LegalCopyright: | |
| InternalName: | |
| FileVersion: | |
| ProductName: | |
| ProductVersion: | |
| FileDescription: | |
| OriginalFilename: | |
| Translation: | 0x0409 0x04b0 |
PE数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x000b831d | 0x000b8400 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.62 |
| .rdata | 0x000ba000 | 0x000281f2 | 0x00028200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.88 |
| .data | 0x000e3000 | 0x00008498 | 0x00002600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.35 |
| .tls | 0x000ec000 | 0x00000002 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .rsrc | 0x000ed000 | 0x0013c0c1 | 0x0013c200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.97 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| LIB | 0x000f4bfc | 0x00000145 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.27 | Zip archive data |
| RT_ICON | 0x001302ac | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.89 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x001302ac | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.89 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x001302ac | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.89 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x001302ac | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.89 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x001302ac | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.89 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x001302ac | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.89 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x001302ac | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.89 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x001302ac | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.89 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x001302ac | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.89 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x001302ac | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.89 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x001302ac | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.89 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x001302ac | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.89 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x001302ac | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.89 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x001302ac | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.89 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x001302ac | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.89 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x001302ac | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.89 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x001302ac | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.89 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x001302ac | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.89 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x001302ac | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.89 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x001302ac | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.89 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x001302ac | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.89 | GLS_BINARY_LSB_FIRST |
| RT_MENU | 0x00130714 | 0x000002c8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.37 | data |
| RT_DIALOG | 0x001309dc | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.82 | data |
| RT_ACCELERATOR | 0x00130ac4 | 0x00000048 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.96 | data |
| RT_RCDATA | 0x001c1c80 | 0x000666fa | LANG_ENGLISH | SUBLANG_ENGLISH_US | 8.00 | Zip archive data |
| RT_RCDATA | 0x001c1c80 | 0x000666fa | LANG_ENGLISH | SUBLANG_ENGLISH_US | 8.00 | Zip archive data |
| RT_RCDATA | 0x001c1c80 | 0x000666fa | LANG_ENGLISH | SUBLANG_ENGLISH_US | 8.00 | Zip archive data |
| RT_RCDATA | 0x001c1c80 | 0x000666fa | LANG_ENGLISH | SUBLANG_ENGLISH_US | 8.00 | Zip archive data |
| RT_GROUP_ICON | 0x002284b0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.08 | MS Windows icon resource - 1 icon, 16x16 |
| RT_GROUP_ICON | 0x002284b0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.08 | MS Windows icon resource - 1 icon, 16x16 |
| RT_GROUP_ICON | 0x002284b0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.08 | MS Windows icon resource - 1 icon, 16x16 |
| RT_GROUP_ICON | 0x002284b0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.08 | MS Windows icon resource - 1 icon, 16x16 |
| RT_GROUP_ICON | 0x002284b0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.08 | MS Windows icon resource - 1 icon, 16x16 |
| RT_VERSION | 0x002284c4 | 0x000001f0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.07 | MS Windows COFF PowerPC object file |
| RT_MANIFEST | 0x002286b4 | 0x00000a0d | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.21 | XML 1.0 document, ASCII text, with CRLF line terminators |
导入
库 WSOCK32.dll:
• 0x4ba914 - socket
• 0x4ba918 - getservbyname
• 0x4ba91c - WSASetLastError
• 0x4ba920 - closesocket
• 0x4ba924 - gethostbyaddr
• 0x4ba928 - gethostbyname
• 0x4ba92c - send
• 0x4ba930 - WSAAsyncSelect
• 0x4ba934 - recv
• 0x4ba938 - gethostname
• 0x4ba93c - inet_ntoa
• 0x4ba940 - connect
• 0x4ba944 - inet_addr
• 0x4ba948 - WSAStartup
• 0x4ba94c - ioctlsocket
• 0x4ba950 - htonl
• 0x4ba954 - WSAGetLastError
• 0x4ba958 - htons
• 0x4ba95c - ntohs
• 0x4ba960 - shutdown
• 0x4ba964 - getservbyport
• 0x4ba968 - WSACleanup
库 WINMM.dll:
• 0x4ba8e0 - mixerGetLineControlsW
• 0x4ba8e4 - mixerGetLineInfoW
• 0x4ba8e8 - mixerSetControlDetails
• 0x4ba8ec - waveOutGetVolume
• 0x4ba8f0 - mixerGetDevCapsW
• 0x4ba8f4 - mixerOpen
• 0x4ba8f8 - mixerGetControlDetailsW
• 0x4ba8fc - mixerClose
• 0x4ba900 - mciSendStringW
• 0x4ba904 - joyGetDevCapsW
• 0x4ba908 - waveOutSetVolume
• 0x4ba90c - joyGetPosEx
库 VERSION.dll:
• 0x4ba8d0 - GetFileVersionInfoSizeW
• 0x4ba8d4 - VerQueryValueW
• 0x4ba8d8 - GetFileVersionInfoW
库 COMCTL32.dll:
• 0x4ba06c - ImageList_ReplaceIcon
• 0x4ba070 - ImageList_GetIconSize
• 0x4ba074 - ImageList_Create
• 0x4ba078 - CreateStatusWindowW
• 0x4ba07c - InitCommonControlsEx
• 0x4ba080 - ImageList_AddMasked
• 0x4ba084 - ImageList_Destroy
库 SHLWAPI.dll:
• 0x4ba628 - HashData
库 CRYPT32.dll:
• 0x4ba09c - CryptBinaryToStringA
• 0x4ba0a0 - CryptStringToBinaryW
• 0x4ba0a4 - CryptStringToBinaryA
库 PSAPI.DLL:
• 0x4ba5e0 - GetModuleFileNameExW
• 0x4ba5e4 - GetModuleBaseNameW
库 KERNEL32.dll:
• 0x4ba138 - InitializeCriticalSection
• 0x4ba13c - SetErrorMode
• 0x4ba140 - GetCurrentDirectoryW
• 0x4ba144 - LoadLibraryW
• 0x4ba148 - AddVectoredExceptionHandler
• 0x4ba14c - GlobalLock
• 0x4ba150 - GlobalUnlock
• 0x4ba154 - GetEnvironmentVariableW
• 0x4ba158 - FreeLibrary
• 0x4ba15c - WideCharToMultiByte
• 0x4ba160 - GetSystemDirectoryA
• 0x4ba164 - LoadLibraryA
• 0x4ba168 - GetCurrentThreadId
• 0x4ba16c - SuspendThread
• 0x4ba170 - ResumeThread
• 0x4ba174 - EnterCriticalSection
• 0x4ba178 - LeaveCriticalSection
• 0x4ba17c - OpenThread
• 0x4ba180 - lstrcmpiW
• 0x4ba184 - CreateThread
• 0x4ba188 - SetThreadPriority
• 0x4ba18c - GetExitCodeThread
• 0x4ba190 - CloseHandle
• 0x4ba194 - CreateMutexW
• 0x4ba198 - GetLastError
• 0x4ba19c - GetModuleHandleW
• 0x4ba1a0 - MultiByteToWideChar
• 0x4ba1a4 - SystemTimeToFileTime
• 0x4ba1a8 - SetFilePointerEx
• 0x4ba1ac - ReadFile
• 0x4ba1b0 - SetFilePointer
• 0x4ba1b4 - GlobalSize
• 0x4ba1b8 - lstrcpyA
• 0x4ba1bc - lstrlenA
• 0x4ba1c0 - lstrcmpiA
• 0x4ba1c4 - lstrcmpA
• 0x4ba1c8 - LocalFileTimeToFileTime
• 0x4ba1cc - CreateDirectoryA
• 0x4ba1d0 - CreateDirectoryW
• 0x4ba1d4 - IsBadReadPtr
• 0x4ba1d8 - CreateFileW
• 0x4ba1dc - CreateFileA
• 0x4ba1e0 - WriteFile
• 0x4ba1e4 - VirtualProtect
• 0x4ba1e8 - DuplicateHandle
• 0x4ba1ec - LoadResource
• 0x4ba1f0 - LockResource
• 0x4ba1f4 - SizeofResource
• 0x4ba1f8 - GetCurrentDirectoryA
• 0x4ba1fc - FileTimeToSystemTime
• 0x4ba200 - GetLocalTime
• 0x4ba204 - GetFileInformationByHandle
• 0x4ba208 - GetFileSize
• 0x4ba20c - lstrlenW
• 0x4ba210 - FindFirstFileW
• 0x4ba214 - FindNextFileW
• 0x4ba218 - FindClose
• 0x4ba21c - UnmapViewOfFile
• 0x4ba220 - CreateFileMappingW
• 0x4ba224 - MapViewOfFile
• 0x4ba228 - SetLastError
• 0x4ba22c - VirtualAlloc
• 0x4ba230 - VirtualFree
• 0x4ba234 - GetTempPathA
• 0x4ba238 - GetNativeSystemInfo
• 0x4ba23c - HeapAlloc
• 0x4ba240 - GetProcessHeap
• 0x4ba244 - HeapFree
• 0x4ba248 - HeapDestroy
• 0x4ba24c - GetCommandLineW
• 0x4ba250 - WaitForSingleObject
• 0x4ba254 - GetThreadLocale
• 0x4ba258 - VirtualQuery
• 0x4ba25c - HeapCreate
• 0x4ba260 - FlushInstructionCache
• 0x4ba264 - GetVersionExW
• 0x4ba268 - InterlockedIncrement
• 0x4ba26c - InterlockedDecrement
• 0x4ba270 - GetModuleFileNameW
• 0x4ba274 - GetFileAttributesW
• 0x4ba278 - OpenProcess
• 0x4ba27c - GetCurrentProcessId
• 0x4ba280 - GetFullPathNameW
• 0x4ba284 - LocalFree
• 0x4ba288 - FileTimeToLocalFileTime
• 0x4ba28c - SetEnvironmentVariableW
• 0x4ba290 - Beep
• 0x4ba294 - MoveFileW
• 0x4ba298 - CreateProcessW
• 0x4ba29c - GetExitCodeProcess
• 0x4ba2a0 - WriteProcessMemory
• 0x4ba2a4 - ReadProcessMemory
• 0x4ba2a8 - TerminateProcess
• 0x4ba2ac - SetPriorityClass
• 0x4ba2b0 - GetDateFormatW
• 0x4ba2b4 - GetTimeFormatW
• 0x4ba2b8 - GetDiskFreeSpaceW
• 0x4ba2bc - SetVolumeLabelW
• 0x4ba2c0 - DeviceIoControl
• 0x4ba2c4 - GetDriveTypeW
• 0x4ba2c8 - GetVolumeInformationW
• 0x4ba2cc - DeleteFileW
• 0x4ba2d0 - CopyFileW
• 0x4ba2d4 - SetFileAttributesW
• 0x4ba2d8 - GetFileSizeEx
• 0x4ba2dc - GetSystemTime
• 0x4ba2e0 - GetSystemDefaultUILanguage
• 0x4ba2e4 - GetComputerNameW
• 0x4ba2e8 - GetWindowsDirectoryW
• 0x4ba2ec - GetTempPathW
• 0x4ba2f0 - GetShortPathNameW
• 0x4ba2f4 - TryEnterCriticalSection
• 0x4ba2f8 - QueryDosDeviceW
• 0x4ba2fc - CompareStringW
• 0x4ba300 - RemoveDirectoryW
• 0x4ba304 - FormatMessageW
• 0x4ba308 - GetPrivateProfileStringW
• 0x4ba30c - GetPrivateProfileSectionW
• 0x4ba310 - GetPrivateProfileSectionNamesW
• 0x4ba314 - WritePrivateProfileStringW
• 0x4ba318 - WritePrivateProfileSectionW
• 0x4ba31c - SetEndOfFile
• 0x4ba320 - GetACP
• 0x4ba324 - GetFileType
• 0x4ba328 - GetStdHandle
• 0x4ba32c - VirtualAllocEx
• 0x4ba330 - VirtualFreeEx
• 0x4ba334 - EnumResourceNamesW
• 0x4ba338 - LoadLibraryExW
• 0x4ba33c - RemoveVectoredExceptionHandler
• 0x4ba340 - ExitProcess
• 0x4ba344 - ExitThread
• 0x4ba348 - GetSystemTimeAsFileTime
• 0x4ba34c - GetProcessTimes
• 0x4ba350 - GetCurrentProcess
• 0x4ba354 - CheckRemoteDebuggerPresent
• 0x4ba358 - GetCurrentThread
• 0x4ba35c - GetProcAddress
• 0x4ba360 - GlobalFree
• 0x4ba364 - _lclose
• 0x4ba368 - _lopen
• 0x4ba36c - _lread
• 0x4ba370 - GetModuleFileNameA
• 0x4ba374 - GlobalAlloc
• 0x4ba378 - GetModuleHandleA
• 0x4ba37c - FindResourceW
• 0x4ba380 - GetCPInfo
• 0x4ba384 - OutputDebugStringW
• 0x4ba388 - SetCurrentDirectoryW
• 0x4ba38c - Sleep
• 0x4ba390 - GetTickCount
• 0x4ba394 - MulDiv
• 0x4ba398 - InterlockedExchange
• 0x4ba39c - InterlockedCompareExchange
• 0x4ba3a0 - HeapSetInformation
• 0x4ba3a4 - GetStartupInfoW
• 0x4ba3a8 - SetUnhandledExceptionFilter
• 0x4ba3ac - QueryPerformanceCounter
• 0x4ba3b0 - UnhandledExceptionFilter
• 0x4ba3b4 - IsDebuggerPresent
• 0x4ba3b8 - SetFileTime
• 0x4ba3bc - IsProcessorFeaturePresent
库 USER32.dll:
• 0x4ba630 - ScrollWindow
• 0x4ba634 - SetScrollInfo
• 0x4ba638 - ExitWindowsEx
• 0x4ba63c - GetMenuStringW
• 0x4ba640 - GetSubMenu
• 0x4ba644 - GetMenuItemID
• 0x4ba648 - GetMenuItemCount
• 0x4ba64c - GetLastInputInfo
• 0x4ba650 - GetCursor
• 0x4ba654 - ClientToScreen
• 0x4ba658 - MessageBeep
• 0x4ba65c - SetDlgItemTextW
• 0x4ba660 - GetDlgItem
• 0x4ba664 - SendDlgItemMessageW
• 0x4ba668 - DialogBoxParamW
• 0x4ba66c - SetForegroundWindow
• 0x4ba670 - DefWindowProcW
• 0x4ba674 - FillRect
• 0x4ba678 - DrawIconEx
• 0x4ba67c - GetSysColorBrush
• 0x4ba680 - GetSysColor
• 0x4ba684 - RegisterWindowMessageW
• 0x4ba688 - IsIconic
• 0x4ba68c - IsZoomed
• 0x4ba690 - EnumWindows
• 0x4ba694 - GetWindowTextLengthW
• 0x4ba698 - EnableWindow
• 0x4ba69c - InvalidateRect
• 0x4ba6a0 - SetLayeredWindowAttributes
• 0x4ba6a4 - SetWindowPos
• 0x4ba6a8 - SetWindowRgn
• 0x4ba6ac - SetFocus
• 0x4ba6b0 - GetGUIThreadInfo
• 0x4ba6b4 - SetActiveWindow
• 0x4ba6b8 - EnumChildWindows
• 0x4ba6bc - MoveWindow
• 0x4ba6c0 - GetQueueStatus
• 0x4ba6c4 - GetWindowRect
• 0x4ba6c8 - GetClientRect
• 0x4ba6cc - SystemParametersInfoW
• 0x4ba6d0 - AdjustWindowRectEx
• 0x4ba6d4 - DrawTextW
• 0x4ba6d8 - SetRect
• 0x4ba6dc - GetIconInfo
• 0x4ba6e0 - SetWindowTextW
• 0x4ba6e4 - IsWindowVisible
• 0x4ba6e8 - GetMenu
• 0x4ba6ec - CheckMenuItem
• 0x4ba6f0 - SetMenu
• 0x4ba6f4 - FlashWindow
• 0x4ba6f8 - GetPropW
• 0x4ba6fc - SetPropW
• 0x4ba700 - RemovePropW
• 0x4ba704 - MapWindowPoints
• 0x4ba708 - RedrawWindow
• 0x4ba70c - SetParent
• 0x4ba710 - GetClassInfoExW
• 0x4ba714 - GetAncestor
• 0x4ba718 - UpdateWindow
• 0x4ba71c - GetMessagePos
• 0x4ba720 - GetClassLongW
• 0x4ba724 - DefDlgProcW
• 0x4ba728 - CallWindowProcW
• 0x4ba72c - CheckRadioButton
• 0x4ba730 - LoadImageW
• 0x4ba734 - ChangeClipboardChain
• 0x4ba738 - SetClipboardViewer
• 0x4ba73c - LoadAcceleratorsW
• 0x4ba740 - CreateWindowExW
• 0x4ba744 - RegisterClassExW
• 0x4ba748 - DestroyAcceleratorTable
• 0x4ba74c - IntersectRect
• 0x4ba750 - PtInRect
• 0x4ba754 - GetTopWindow
• 0x4ba758 - BringWindowToTop
• 0x4ba75c - GetWindow
• 0x4ba760 - EnumClipboardFormats
• 0x4ba764 - CreateIconFromResourceEx
• 0x4ba768 - CopyImage
• 0x4ba76c - GetDesktopWindow
• 0x4ba770 - CreateIconIndirect
• 0x4ba774 - TrackPopupMenuEx
• 0x4ba778 - DestroyMenu
• 0x4ba77c - AppendMenuW
• 0x4ba780 - SetMenuInfo
• 0x4ba784 - CreatePopupMenu
• 0x4ba788 - CreateMenu
• 0x4ba78c - GetMenuItemInfoW
• 0x4ba790 - IsMenu
• 0x4ba794 - SetMenuItemInfoW
• 0x4ba798 - RemoveMenu
• 0x4ba79c - UnregisterClassW
• 0x4ba7a0 - DestroyIcon
• 0x4ba7a4 - DestroyWindow
• 0x4ba7a8 - IsCharAlphaW
• 0x4ba7ac - MapVirtualKeyW
• 0x4ba7b0 - MapVirtualKeyExW
• 0x4ba7b4 - VkKeyScanExW
• 0x4ba7b8 - GetWindowTextW
• 0x4ba7bc - mouse_event
• 0x4ba7c0 - GetSystemMetrics
• 0x4ba7c4 - keybd_event
• 0x4ba7c8 - SetKeyboardState
• 0x4ba7cc - GetKeyboardState
• 0x4ba7d0 - GetCursorPos
• 0x4ba7d4 - GetAsyncKeyState
• 0x4ba7d8 - AttachThreadInput
• 0x4ba7dc - SendInput
• 0x4ba7e0 - UnregisterHotKey
• 0x4ba7e4 - RegisterHotKey
• 0x4ba7e8 - PostQuitMessage
• 0x4ba7ec - SendMessageTimeoutW
• 0x4ba7f0 - UnhookWindowsHookEx
• 0x4ba7f4 - SetWindowsHookExW
• 0x4ba7f8 - PostThreadMessageW
• 0x4ba7fc - IsCharUpperW
• 0x4ba800 - IsCharLowerW
• 0x4ba804 - IsCharAlphaNumericW
• 0x4ba808 - ToUnicodeEx
• 0x4ba80c - GetKeyboardLayout
• 0x4ba810 - CallNextHookEx
• 0x4ba814 - CharLowerW
• 0x4ba818 - ReleaseDC
• 0x4ba81c - GetDC
• 0x4ba820 - MessageBoxW
• 0x4ba824 - OpenClipboard
• 0x4ba828 - GetClipboardData
• 0x4ba82c - GetClipboardFormatNameW
• 0x4ba830 - CloseClipboard
• 0x4ba834 - SetClipboardData
• 0x4ba838 - EmptyClipboard
• 0x4ba83c - PostMessageW
• 0x4ba840 - FindWindowW
• 0x4ba844 - EndDialog
• 0x4ba848 - IsWindow
• 0x4ba84c - DispatchMessageW
• 0x4ba850 - TranslateMessage
• 0x4ba854 - ShowWindow
• 0x4ba858 - CountClipboardFormats
• 0x4ba85c - SetWindowLongW
• 0x4ba860 - ScreenToClient
• 0x4ba864 - IsDialogMessageW
• 0x4ba868 - WindowFromPoint
• 0x4ba86c - SendMessageW
• 0x4ba870 - IsWindowEnabled
• 0x4ba874 - GetWindowLongW
• 0x4ba878 - GetKeyState
• 0x4ba87c - TranslateAcceleratorW
• 0x4ba880 - KillTimer
• 0x4ba884 - PeekMessageW
• 0x4ba888 - GetFocus
• 0x4ba88c - GetClassNameW
• 0x4ba890 - GetWindowThreadProcessId
• 0x4ba894 - GetForegroundWindow
• 0x4ba898 - GetMessageW
• 0x4ba89c - SetTimer
• 0x4ba8a0 - GetScrollInfo
• 0x4ba8a4 - GetParent
• 0x4ba8a8 - GetDlgCtrlID
• 0x4ba8ac - CharUpperW
• 0x4ba8b0 - IsClipboardFormatAvailable
• 0x4ba8b4 - SetMenuDefaultItem
• 0x4ba8b8 - InsertMenuItemW
• 0x4ba8bc - CreateAcceleratorTableW
• 0x4ba8c0 - CharLowerA
• 0x4ba8c4 - CreateDialogIndirectParamW
• 0x4ba8c8 - LoadCursorW
库 GDI32.dll:
• 0x4ba0ac - GetClipBox
• 0x4ba0b0 - FillRgn
• 0x4ba0b4 - GetClipRgn
• 0x4ba0b8 - GetCharABCWidthsW
• 0x4ba0bc - SetTextColor
• 0x4ba0c0 - CreateDIBSection
• 0x4ba0c4 - GdiFlush
• 0x4ba0c8 - SetBkMode
• 0x4ba0cc - CreatePatternBrush
• 0x4ba0d0 - ExcludeClipRect
• 0x4ba0d4 - EnumFontFamiliesExW
• 0x4ba0d8 - SetBkColor
• 0x4ba0dc - GetPixel
• 0x4ba0e0 - BitBlt
• 0x4ba0e4 - CreateCompatibleBitmap
• 0x4ba0e8 - GetSystemPaletteEntries
• 0x4ba0ec - GetDIBits
• 0x4ba0f0 - CreateCompatibleDC
• 0x4ba0f4 - CreatePolygonRgn
• 0x4ba0f8 - CreateRectRgn
• 0x4ba0fc - CreateRoundRectRgn
• 0x4ba100 - CreateEllipticRgn
• 0x4ba104 - DeleteDC
• 0x4ba108 - GetObjectW
• 0x4ba10c - GetTextMetricsW
• 0x4ba110 - GetTextFaceW
• 0x4ba114 - SelectObject
• 0x4ba118 - GetStockObject
• 0x4ba11c - CreateDCW
• 0x4ba120 - CreateSolidBrush
• 0x4ba124 - CreateFontW
• 0x4ba128 - DeleteObject
• 0x4ba12c - SetBrushOrgEx
• 0x4ba130 - GetDeviceCaps
库 COMDLG32.dll:
• 0x4ba08c - GetOpenFileNameW
• 0x4ba090 - GetSaveFileNameW
• 0x4ba094 - CommDlgExtendedError
库 ADVAPI32.dll:
• 0x4ba000 - RegDeleteKeyW
• 0x4ba004 - RegConnectRegistryW
• 0x4ba008 - RegCloseKey
• 0x4ba00c - RegOpenKeyExW
• 0x4ba010 - RegQueryInfoKeyW
• 0x4ba014 - CryptReleaseContext
• 0x4ba018 - CryptDestroyKey
• 0x4ba01c - CryptDestroyHash
• 0x4ba020 - CryptDeriveKey
• 0x4ba024 - CryptHashData
• 0x4ba028 - CryptCreateHash
• 0x4ba02c - CryptAcquireContextW
• 0x4ba030 - RegDeleteValueW
• 0x4ba034 - RegEnumValueW
• 0x4ba038 - RegEnumKeyExW
• 0x4ba03c - GetUserNameW
• 0x4ba040 - OpenSCManagerW
• 0x4ba044 - LockServiceDatabase
• 0x4ba048 - UnlockServiceDatabase
• 0x4ba04c - CloseServiceHandle
• 0x4ba050 - OpenProcessToken
• 0x4ba054 - LookupPrivilegeValueW
• 0x4ba058 - AdjustTokenPrivileges
• 0x4ba05c - RegQueryValueExW
• 0x4ba060 - RegCreateKeyExW
• 0x4ba064 - RegSetValueExW
库 SHELL32.dll:
• 0x4ba5ec - DragQueryFileW
• 0x4ba5f0 - DragFinish
• 0x4ba5f4 - ExtractIconW
• 0x4ba5f8 - DragQueryPoint
• 0x4ba5fc - SHEmptyRecycleBinW
• 0x4ba600 - SHFileOperationW
• 0x4ba604 - SHGetPathFromIDListW
• 0x4ba608 - SHBrowseForFolderW
• 0x4ba60c - SHGetDesktopFolder
• 0x4ba610 - SHGetMalloc
• 0x4ba614 - SHGetFolderPathW
• 0x4ba618 - ShellExecuteExW
• 0x4ba61c - CommandLineToArgvW
• 0x4ba620 - Shell_NotifyIconW
库 ole32.dll:
• 0x4ba970 - OleInitialize
• 0x4ba974 - CoInitialize
• 0x4ba978 - CoCreateInstance
• 0x4ba97c - CoUninitialize
• 0x4ba980 - CLSIDFromString
• 0x4ba984 - CoGetObject
• 0x4ba988 - StringFromGUID2
• 0x4ba98c - CreateStreamOnHGlobal
库 OLEAUT32.dll:
• 0x4ba58c - SafeArrayCreate
• 0x4ba590 - GetActiveObject
• 0x4ba594 - SysStringLen
• 0x4ba598 - SysFreeString
• 0x4ba59c - OleLoadPicture
• 0x4ba5a0 - SafeArrayUnaccessData
• 0x4ba5a4 - SafeArrayGetElemsize
• 0x4ba5a8 - SafeArrayAccessData
• 0x4ba5ac - SafeArrayUnlock
• 0x4ba5b0 - SafeArrayPtrOfIndex
• 0x4ba5b4 - SafeArrayLock
• 0x4ba5b8 - SafeArrayGetDim
• 0x4ba5bc - SafeArrayGetLBound
• 0x4ba5c0 - SafeArrayGetUBound
• 0x4ba5c4 - VariantCopyInd
• 0x4ba5c8 - SafeArrayCopy
• 0x4ba5cc - SysAllocString
• 0x4ba5d0 - VariantChangeType
• 0x4ba5d4 - VariantClear
• 0x4ba5d8 - SafeArrayDestroy
库 MSVCR100.dll:
• 0x4ba3c4 - ftell
• 0x4ba3c8 - _ultoa
• 0x4ba3cc - strcpy_s
• 0x4ba3d0 - __RTtypeid
• 0x4ba3d4 - fread
• 0x4ba3d8 - fgets
• 0x4ba3dc - strtol
• 0x4ba3e0 - _wfopen
• 0x4ba3e4 - atoi
• 0x4ba3e8 - strchr
• 0x4ba3ec - strstr
• 0x4ba3f0 - calloc
• 0x4ba3f4 - _wtoi
• 0x4ba3f8 - strncmp
• 0x4ba3fc - memmove
• 0x4ba400 - _atoi64
• 0x4ba404 - sprintf_s
• 0x4ba408 - _itoa
• 0x4ba40c - _strnicmp
• 0x4ba410 - sprintf
• 0x4ba414 - _stricmp
• 0x4ba418 - wcschr
• 0x4ba41c - _purecall
• 0x4ba420 - __iob_func
• 0x4ba424 - setvbuf
• 0x4ba428 - wcsrchr
• 0x4ba42c - ??2@YAPAXI@Z
• 0x4ba430 - _swprintf
• 0x4ba434 - __wargv
• 0x4ba438 - __argc
• 0x4ba43c - _wcsnicmp
• 0x4ba440 - realloc
• 0x4ba444 - free
• 0x4ba448 - ??3@YAXPAX@Z
• 0x4ba44c - malloc
• 0x4ba450 - _wtoi64
• 0x4ba454 - _wcstoi64
• 0x4ba458 - isxdigit
• 0x4ba45c - _wcsicmp
• 0x4ba460 - _i64tow
• 0x4ba464 - wcstombs
• 0x4ba468 - wcstoul
• 0x4ba46c - fwrite
• 0x4ba470 - _wsplitpath
• 0x4ba474 - wcstod
• 0x4ba478 - wcscspn
• 0x4ba47c - _msize
• 0x4ba480 - _expand
• 0x4ba484 - strcat_s
• 0x4ba488 - fseek
• 0x4ba48c - atof
• 0x4ba490 - _isctype
• 0x4ba494 - fclose
• 0x4ba498 - strncpy_s
• 0x4ba49c - wcsstr
• 0x4ba4a0 - ??_U@YAPAXI@Z
• 0x4ba4a4 - qsort
• 0x4ba4a8 - ??_V@YAXPAX@Z
• 0x4ba4ac - _itow
• 0x4ba4b0 - exit
• 0x4ba4b4 - wcstol
• 0x4ba4b8 - isdigit
• 0x4ba4bc - rand
• 0x4ba4c0 - _beginthreadex
• 0x4ba4c4 - wcsncpy
• 0x4ba4c8 - _snwprintf
• 0x4ba4cc - iswspace
• 0x4ba4d0 - _wtof
• 0x4ba4d4 - iswdigit
• 0x4ba4d8 - wcsncmp
• 0x4ba4dc - tolower
• 0x4ba4e0 - toupper
• 0x4ba4e4 - iswxdigit
• 0x4ba4e8 - fwprintf
• 0x4ba4ec - fputws
• 0x4ba4f0 - _vsnwprintf
• 0x4ba4f4 - _wcstoui64
• 0x4ba4f8 - _ultow
• 0x4ba4fc - towupper
• 0x4ba500 - _wcsupr
• 0x4ba504 - _wcsdup
• 0x4ba508 - _scwprintf
• 0x4ba50c - ?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
• 0x4ba510 - _vsnprintf
• 0x4ba514 - _unlock
• 0x4ba518 - __dllonexit
• 0x4ba51c - _lock
• 0x4ba520 - _onexit
• 0x4ba524 - _amsg_exit
• 0x4ba528 - __wgetmainargs
• 0x4ba52c - _cexit
• 0x4ba530 - _exit
• 0x4ba534 - _XcptFilter
• 0x4ba538 - _wcmdln
• 0x4ba53c - _initterm
• 0x4ba540 - _initterm_e
• 0x4ba544 - _configthreadlocale
• 0x4ba548 - __setusermatherr
• 0x4ba54c - _commode
• 0x4ba550 - _fmode
• 0x4ba554 - __set_app_type
• 0x4ba558 - ?terminate@@YAXXZ
• 0x4ba55c - ?_type_info_dtor_internal_method@type_info@@QAEXXZ
• 0x4ba560 - _except_handler4_common
• 0x4ba564 - _invoke_watson
• 0x4ba568 - _controlfp_s
• 0x4ba56c - _crt_debugger_hook
• 0x4ba570 - memcpy
• 0x4ba574 - memset
• 0x4ba578 - __RTDynamicCast
• 0x4ba57c - __CxxFrameHandler3
• 0x4ba580 - _except_handler3
• 0x4ba584 - strtoul
导出
| 序列 | 地址 | 名称 |
|---|---|---|
| 1 | 0x40c8c0 | ADDFILE |
| 2 | 0x40cb90 | ADDSCRIPT |
| 3 | 0x40c420 | AHKASSIGN |
| 4 | 0x40ce60 | AHKEXEC |
| 5 | 0x40c4c0 | AHKEXECUTELINE |
| 6 | 0x40c150 | AHKFINDFUNC |
| 7 | 0x40c170 | AHKFINDLABEL |
| 8 | 0x40d0e0 | AHKFUNCTION |
| 9 | 0x40c190 | AHKGETVAR |
| 10 | 0x40c080 | AHKISUNICODE |
| 11 | 0x40c540 | AHKLABEL |
| 12 | 0x40c090 | AHKPAUSE |
| 13 | 0x40c5a0 | AHKPOSTFUNCTION |
| 14 | 0x40c8c0 | AddFile |
| 15 | 0x40cb90 | AddScript |
| 16 | 0x40c8c0 | Addfile |
| 17 | 0x40cb90 | Addscript |
| 18 | 0x40c420 | AhkAssign |
| 19 | 0x40ce60 | AhkExec |
| 20 | 0x40c4c0 | AhkExecuteLine |
| 21 | 0x40c4c0 | AhkExecuteline |
| 22 | 0x40c150 | AhkFindFunc |
| 23 | 0x40c170 | AhkFindLabel |
| 24 | 0x40c150 | AhkFindfunc |
| 25 | 0x40c170 | AhkFindlabel |
| 26 | 0x40d0e0 | AhkFunction |
| 27 | 0x40c190 | AhkGetVar |
| 28 | 0x40c190 | AhkGetvar |
| 29 | 0x40c080 | AhkIsUnicode |
| 30 | 0x40c080 | AhkIsunicode |
| 31 | 0x40c540 | AhkLabel |
| 32 | 0x40c090 | AhkPause |
| 33 | 0x40c5a0 | AhkPostFunction |
| 34 | 0x40c5a0 | AhkPostfunction |
| 35 | 0x40c420 | Ahkassign |
| 36 | 0x40ce60 | Ahkexec |
| 37 | 0x40c4c0 | AhkexecuteLine |
| 38 | 0x40c4c0 | Ahkexecuteline |
| 39 | 0x40c150 | AhkfindFunc |
| 40 | 0x40c170 | AhkfindLabel |
| 41 | 0x40c150 | Ahkfindfunc |
| 42 | 0x40c170 | Ahkfindlabel |
| 43 | 0x40d0e0 | Ahkfunction |
| 44 | 0x40c190 | AhkgetVar |
| 45 | 0x40c190 | Ahkgetvar |
| 46 | 0x40c080 | AhkisUnicode |
| 47 | 0x40c080 | Ahkisunicode |
| 48 | 0x40c540 | Ahklabel |
| 49 | 0x40c090 | Ahkpause |
| 50 | 0x40c5a0 | AhkpostFunction |
| 51 | 0x40c5a0 | Ahkpostfunction |
| 52 | 0x40c8c0 | addFile |
| 53 | 0x40cb90 | addScript |
| 65 | 0x40c8c0 | addfile |
| 66 | 0x40cb90 | addscript |
| 67 | 0x40c420 | ahkAssign |
| 54 | 0x40ce60 | ahkExec |
| 55 | 0x40c4c0 | ahkExecuteLine |
| 68 | 0x40c4c0 | ahkExecuteline |
| 56 | 0x40c150 | ahkFindFunc |
| 57 | 0x40c170 | ahkFindLabel |
| 69 | 0x40c150 | ahkFindfunc |
| 70 | 0x40c170 | ahkFindlabel |
| 58 | 0x40d0e0 | ahkFunction |
| 71 | 0x40c190 | ahkGetVar |
| 72 | 0x40c190 | ahkGetvar |
| 59 | 0x40c080 | ahkIsUnicode |
| 73 | 0x40c080 | ahkIsunicode |
| 60 | 0x40c540 | ahkLabel |
| 61 | 0x40c090 | ahkPause |
| 62 | 0x40c5a0 | ahkPostFunction |
| 74 | 0x40c5a0 | ahkPostfunction |
| 63 | 0x40c420 | ahkassign |
| 75 | 0x40ce60 | ahkexec |
| 76 | 0x40c4c0 | ahkexecuteLine |
| 77 | 0x40c4c0 | ahkexecuteline |
| 78 | 0x40c150 | ahkfindFunc |
| 79 | 0x40c170 | ahkfindLabel |
| 80 | 0x40c150 | ahkfindfunc |
| 81 | 0x40c170 | ahkfindlabel |
| 82 | 0x40d0e0 | ahkfunction |
| 83 | 0x40c190 | ahkgetVar |
| 64 | 0x40c190 | ahkgetvar |
| 84 | 0x40c080 | ahkisUnicode |
| 85 | 0x40c080 | ahkisunicode |
| 86 | 0x40c540 | ahklabel |
| 87 | 0x40c090 | ahkpause |
| 88 | 0x40c5a0 | ahkpostFunction |
| 89 | 0x40c5a0 | ahkpostfunction |
投放文件
行为分析
互斥量(Mutexes)
无信息
执行的命令
无信息
创建的服务
无信息
启动的服务
无信息
进程
info.exe PID: 2076, 上一级进程 PID: 1224
访问的文件
- \Device\KsecDD
读取的文件
- \Device\KsecDD
修改的文件
无信息
删除的文件
无信息
注册表键
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
读取的注册表键
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
修改的注册表键
无信息
删除的注册表键
无信息
API解析
- cryptbase.dll.SystemFunction036
- ntdll.dll.RtlGetVersion
- user32.dll.SendInput
- kernel32.dll.CreateActCtxA
- kernel32.dll.DeactivateActCtx
- kernel32.dll.ActivateActCtx
- ntdll.dll.RtlPcToFileHeader
- user32.dll.RemoveClipboardFormatListener
- user32.dll.AddClipboardFormatListener
- kernel32.dll.IsWow64Process