Habo : 暂未发现风险
[mw_shl_code=css,true]基本信息
文件名称:
猎人资料下载器.rar
MD5: 35ca0d33938aff47db3e6277a2e62821
文件类型: Rar
上传时间: 2017-09-07 19:08:50
出品公司: N/A
版本: N/A
壳或编译器信息: COMPILER:Elan
子文件信息: 详情
进程行为
行为描述: 创建本地线程
详情信息:
TargetProcess: 猎人资料下载器V3.3.exe, InheritedFromPID = 2000, ProcessID = 2796, ThreadID = 2832, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: 猎人资料下载器V3.3.exe, InheritedFromPID = 2000, ProcessID = 2796, ThreadID = 2900, StartAddress = 0040385F, Parameter = 00000000
TargetProcess: 猎人资料下载器V3.3.exe, InheritedFromPID = 2000, ProcessID = 2796, ThreadID = 2964, StartAddress = 0040385F, Parameter = 00000000
TargetProcess: 猎人资料下载器V3.3.exe, InheritedFromPID = 2000, ProcessID = 2796, ThreadID = 2996, StartAddress = 0040385F, Parameter = 00000000
TargetProcess: 猎人资料下载器V3.3.exe, InheritedFromPID = 2000, ProcessID = 2796, ThreadID = 3192, StartAddress = 0040385F, Parameter = 00000000
TargetProcess: 猎人资料下载器V3.3.exe, InheritedFromPID = 2000, ProcessID = 2796, ThreadID = 3244, StartAddress = 0040385F, Parameter = 00000000
TargetProcess: 猎人资料下载器V3.3.exe, InheritedFromPID = 2000, ProcessID = 2796, ThreadID = 3276, StartAddress = 0040385F, Parameter = 00000000
TargetProcess: 猎人资料下载器V3.3.exe, InheritedFromPID = 2000, ProcessID = 2796, ThreadID = 3308, StartAddress = 0040385F, Parameter = 00000000
文件行为
行为描述: 删除文件
详情信息:
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\猎人资料下载器\sx.dll
行为描述: 查找文件
详情信息:
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\猎人资料下载器\sx.dll
网络行为
行为描述: 连接指定站点
详情信息:
WinHttpConnect: ServerName = ww****cn, PORT = 80, UserName = , Password = , hSession = 0x01363100, hConnect = 0x01363200, Flags = 0x00000000
行为描述: 打开HTTP连接
详情信息:
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x01363100
行为描述: 建立到一个指定的套接字连接
详情信息:
URL: ww****cn, IP: **.133.40.**:80, SOCKET = 0x000001e0
URL: ww****cn, IP: **.133.40.**:80, SOCKET = 0x000001dc
URL: ww****cn, IP: **.133.40.**:80, SOCKET = 0x000001b8
URL: ww****cn, IP: **.133.40.**:80, SOCKET = 0x00000200
URL: ww****cn, IP: **.133.40.**:80, SOCKET = 0x000001ec
URL: ww****cn, IP: **.133.40.**:80, SOCKET = 0x000001f8
URL: ww****cn, IP: **.133.40.**:80, SOCKET = 0x00000208
行为描述: 发送HTTP包
详情信息:
GET /s.php?q=123456&wp=0&start=0 HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Accept-Language: zh-CN User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; BOIE9;ZHCN) Host: ww****cn Connection: Keep-Alive
行为描述: 打开HTTP请求
详情信息:
WinHttpOpenRequest: ww****cn:80/s.php?q=123456&wp=0&start=0, hConnect = 0x01363200, hRequest = 0x013f0000, Verb: GET, Referer: , Flags = 0x00000080
行为描述: 按名称获取主机地址
详情信息:
GetAddrInfoW: ww****cn
其他行为
行为描述: 创建互斥体
详情信息:
RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.APK
行为描述: 创建事件对象
详情信息:
EventName = DINPUTWINMM
EventName = MSCTF.SendReceiveConection.Event.APK.IC
EventName = MSCTF.SendReceive.Event.APK.IC
行为描述: 查找指定窗口
详情信息:
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述: 打开事件
详情信息:
HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
行为描述: 窗口信息
详情信息:
Pid = 2796, Hwnd=0x1035e, Text = 状态, ClassName = msctls_statusbar32.
Pid = 2796, Hwnd=0x10346, Text = 设置 , ClassName = Button(GroupBox).
Pid = 2796, Hwnd=0x10356, Text = 搜索, ClassName = Button.
Pid = 2796, Hwnd=0x10352, Text = 1, ClassName = Edit.
Pid = 2796, Hwnd=0x1034e, Text = 内测资料, ClassName = ComboBox.
Pid = 2796, Hwnd=0x1034c, Text = 欲搜索词:, ClassName = _EL_Label.
Pid = 2796, Hwnd=0x1034a, Text = 提取页数:, ClassName = _EL_Label.
Pid = 2796, Hwnd=0x10348, Text = 引擎选择:, ClassName = _EL_Label.
Pid = 2796, Hwnd=0x10344, Text = 猎人资料下载器 V3.3(www.hwk168.com), ClassName = WTWindow.
Pid = 2796, Hwnd=0x4033c, Text = 123456, ClassName = Edit.
Pid = 2796, Hwnd=0x1034e, Text = 公网资料, ClassName = ComboBox.
行为描述: 隐藏指定窗口
详情信息:
[Window,Class] = [,ComboLBox]
行为描述: 打开互斥体
详情信息:
RasPbFile
ShimCacheMutex[/mw_shl_code]
照这样看, 的确是误报 |