基本信息
文件名称:
变声器.exe
MD5: 26d61ff9b0318ab1f73dca8605697d3a
文件类型: EXE
上传时间: 2018-07-22 14:24:10
出品公司: N/A
版本: 1.0.0.0---1.0.0.0
壳或编译器信息: COMPILER:Elan
关键行为
行为描述: 设置特殊文件夹属性
详情信息:
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 获取TickCount值
详情信息:
TickCount = 216626, SleepMilliseconds = 1.
TickCount = 216672, SleepMilliseconds = 1.
TickCount = 216766, SleepMilliseconds = 1.
TickCount = 216782, SleepMilliseconds = 1.
TickCount = 216797, SleepMilliseconds = 1.
TickCount = 216813, SleepMilliseconds = 1.
TickCount = 216844, SleepMilliseconds = 1.
TickCount = 216860, SleepMilliseconds = 1.
TickCount = 216876, SleepMilliseconds = 1.
TickCount = 216891, SleepMilliseconds = 1.
TickCount = 216922, SleepMilliseconds = 1.
TickCount = 216938, SleepMilliseconds = 1.
TickCount = 217126, SleepMilliseconds = 1.
TickCount = 217157, SleepMilliseconds = 1.
TickCount = 217188, SleepMilliseconds = 1.
进程行为
行为描述: 创建本地线程
详情信息:
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2648, ThreadID = 2664, StartAddress = 0046CD80, Parameter = 00B571C0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2648, ThreadID = 2668, StartAddress = 0046CDF0, Parameter = 00B571C0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2648, ThreadID = 2672, StartAddress = 0046CE60, Parameter = 00B571C0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2648, ThreadID = 2676, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2648, ThreadID = 2680, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2648, ThreadID = 2684, StartAddress = 7C930230, Parameter = 00000000
文件行为
行为描述: 创建文件
详情信息:
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\pt_get_uins[1]
C:\key
行为描述: 设置特殊文件夹属性
详情信息:
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 删除文件
详情信息:
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\pt_get_uins[1]
行为描述: 查找文件
详情信息:
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
网络行为
行为描述: 连接指定站点
详情信息:
InternetConnectA: ServerName = lo****om, PORT = 4300, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
行为描述: 打开HTTP连接
详情信息:
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1), hSession = 0x00cc0004
行为描述: 建立到一个指定的套接字连接
详情信息:
IP: **.24.80.**:8888, SOCKET = 0x000000bc
URL: lo****om, IP: **.133.40.**:4300, SOCKET = 0x00000240
行为描述: 读取网络文件
详情信息:
hFile = 0x00cc000c, BytesToRead =1024, BytesRead = 1024.
行为描述: 发送HTTP包
详情信息:
GET /pt_get_uins?callback=ptui_getuins_CB&r=0.7478418888058513&pt_local_tk=0.3858416392467916 HTTP/1.1 Accept: */* Referer: http://localhost.ptlogin2.qq.com ... =0.3858416392467916 Accept-Language: zh-cn Content-Type: application/x-www-form-urlencoded Cookie: pt_local_token=0.3858416392467916; User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: lo****om:4300 Cache-Control: no-cache
行为描述: 打开HTTP请求
详情信息:
HttpOpenRequestA: lo****om:4300/pt_get_uins?callback=ptui_getuins_cb&r=0.7478418888058513&pt_local_tk=0.3858416392467916, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x80084010
行为描述: 按名称获取主机地址
详情信息:
GetAddrInfoW: lo****om
注册表行为
行为描述: 修改注册表
详情信息:
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
行为描述: 删除注册表键值
详情信息:
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
其他行为
行为描述: 创建互斥体
详情信息:
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
RasPbFile
行为描述: 创建事件对象
详情信息:
EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
行为描述: 获取TickCount值
详情信息:
TickCount = 216626, SleepMilliseconds = 1.
TickCount = 216672, SleepMilliseconds = 1.
TickCount = 216766, SleepMilliseconds = 1.
TickCount = 216782, SleepMilliseconds = 1.
TickCount = 216797, SleepMilliseconds = 1.
TickCount = 216813, SleepMilliseconds = 1.
TickCount = 216844, SleepMilliseconds = 1.
TickCount = 216860, SleepMilliseconds = 1.
TickCount = 216876, SleepMilliseconds = 1.
TickCount = 216891, SleepMilliseconds = 1.
TickCount = 216922, SleepMilliseconds = 1.
TickCount = 216938, SleepMilliseconds = 1.
TickCount = 217126, SleepMilliseconds = 1.
TickCount = 217157, SleepMilliseconds = 1.
TickCount = 217188, SleepMilliseconds = 1.
行为描述: 打开事件
详情信息:
HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
行为描述: 调用Sleep函数
详情信息:
[1]: MilliSeconds = 1.
[2]: MilliSeconds = 1.
[3]: MilliSeconds = 1.
[4]: MilliSeconds = 1.
[5]: MilliSeconds = 1.
[6]: MilliSeconds = 1.
[7]: MilliSeconds = 1.
[8]: MilliSeconds = 1.
[10]: MilliSeconds = 1.
[9]: MilliSeconds = 1.
行为描述: 隐藏指定窗口
详情信息:
[Window,Class] = [,_EL_Timer]
行为描述: 打开互斥体
详情信息:
ShimCacheMutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
RasPbFile |
楼主: Jirehlov1234
发表于 2018-7-16 22:17:54
