基本信息
文件名称:
FastStoneCapture_8.0_PortableSoft.7z
MD5: 9042c6b73b340067d289fe999cb936df
文件类型: 7z
上传时间: 2015-07-11 04:53:09
出品公司: N/A
版本: N/A
壳或编译器信息: COMPILER:Borland Delphi 6.0 - 7.0
子文件信息: 详情
关键行为
行为描述: 写权限映射文件
详情信息:
CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.IDI..FGILG
MSCTF.MarshalInterface.FileMap.IDI.B.FHILG
MSCTF.MarshalInterface.FileMap.IDI.C.FHILG
MSCTF.MarshalInterface.FileMap.IDI.D.FHILG
MSCTF.MarshalInterface.FileMap.IDI.E.FHILG
MSCTF.MarshalInterface.FileMap.IDI.F.FHILG
MSCTF.MarshalInterface.FileMap.IDI.G.EKILG
MSCTF.Shared.SFM.IDI
MSCTF.MarshalInterface.FileMap.IDI.H.EFMPG
MSCTF.MarshalInterface.FileMap.IDI.I.EFMPG
MSCTF.MarshalInterface.FileMap.IDI.J.EFMPG
MSCTF.MarshalInterface.FileMap.IDI.K.EFMPG
MSCTF.MarshalInterface.FileMap.IDI.L.EGMPG
MSCTF.MarshalInterface.FileMap.IDI.M.EGMPG
文件行为
行为描述: 写权限映射文件
详情信息:
CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.IDI..FGILG
MSCTF.MarshalInterface.FileMap.IDI.B.FHILG
MSCTF.MarshalInterface.FileMap.IDI.C.FHILG
MSCTF.MarshalInterface.FileMap.IDI.D.FHILG
MSCTF.MarshalInterface.FileMap.IDI.E.FHILG
MSCTF.MarshalInterface.FileMap.IDI.F.FHILG
MSCTF.MarshalInterface.FileMap.IDI.G.EKILG
MSCTF.Shared.SFM.IDI
MSCTF.MarshalInterface.FileMap.IDI.H.EFMPG
MSCTF.MarshalInterface.FileMap.IDI.I.EFMPG
MSCTF.MarshalInterface.FileMap.IDI.J.EFMPG
MSCTF.MarshalInterface.FileMap.IDI.K.EFMPG
MSCTF.MarshalInterface.FileMap.IDI.L.EGMPG
MSCTF.MarshalInterface.FileMap.IDI.M.EGMPG
注册表行为
行为描述: 修改注册表
详情信息:
\REGISTRY\MACHINE\SOFTWARE\8322898\7168
其他行为
行为描述: 创建互斥体
详情信息:
CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
FSCapture
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.IDI
行为描述: 枚举窗口
详情信息:
N/A
行为描述: 查找指定窗口
详情信息:
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述: 窗口信息
详情信息:
Pid = 2100, Hwnd=0x50216, Text = Buy Now $19.95, ClassName = TButton.
Pid = 2100, Hwnd=0x40246, Text = Continue Trial, ClassName = TButton.
Pid = 2100, Hwnd=0x501bc, Text = Enter Registration Code, ClassName = TButton.
Pid = 2100, Hwnd=0x40250, Text = FastStone Capture 8.0 - Trial Version, ClassName = TReminder.
Pid = 2100, Hwnd=0x50258, Text = TBXToolbar2, ClassName = TTBXToolbar.
Pid = 2100, Hwnd=0x60240, Text = FastStone Capture, ClassName = FastStoneScreenCapturePanel.
行为描述: 获取系统权限
详情信息:
SE_LOAD_DRIVER_PRIVILEGE
SE_INC_BASE_PRIORITY_PRIVILEGE
异常崩溃
异常崩溃: 程序异常崩溃信息
详情信息:
EAX=0x01087150, EBX=0x00000000, ECX=0x00000000, EDX=0x01087101,ESI=0x00000000, EDI=0x00000000, EBP=0x0012FC90, ESP=0x0012F358,EIP=0x00403D90, ExceptionCode=0xC0000005(ACCESS_VIOLATION),ExceptionModule=c:\%temp%\1436561657.857497.exe_7zdump\faststonecaptureportable\fsc
Disassembly:
0x00403D90: call dword ptr [ecx-04h]
0x00403D93: ret
0x00403D94: push ebx
0x00403D95: push esi
0x00403D96: push edi
0x00403D97: mov ebx, eax
0x00403D99: mov edi, edx
0x00403D9B: stosd
0x00403D9C: mov ecx, dword ptr [ebx-28h]
0x00403D9F: xor eax, eax
0x00403DA1: push ecx
0x00403DA2: shr ecx, 02h
0x00403DA5: dec ecx
0x00403DA6: rep stosd
0x00403DA8: pop ecx
0x00403DA9: and ecx, 03h
0x00403DAC: rep stosb
0x00403DAE: mov eax, edx
0x00403DB0: mov edx, esp
0x00403DB2: mov ecx, dword ptr [ebx-48h]
运行截图
|
发表于 2015-7-11 07:11:10
发表于 2015-7-11 12:19:44