远控1x

显示全部楼层 · 发表于 2024-9-2 09:53:56

QVM360 发表于 2024-9-1 22:09
为什么不是wwwab.dll

@wwwab

int __stdcall sub_30001573(int a1, int a2, int a3, int a4)
{
  HMODULE LibraryW; // edi
  FARPROC FMain; // ebx
  FARPROC wdGetApplicationObject; // eax

  LibraryW = LoadLibraryW(L"wwlib.dll");
  if ( LibraryW || (LibraryW = (HMODULE)sub_30001968(L"{0638C49D-BB8B-4CD1-B191-051E8F325736}")) != 0 )
  {
FMain = GetProcAddress(LibraryW, "FMain");
wdCommandDispatch_0 = (int)GetProcAddress(LibraryW, "wdCommandDispatch");
wdGetApplicationObject = GetProcAddress(LibraryW, "wdGetApplicationObject");
dword_3000300C = (int)wdGetApplicationObject;
if ( FMain && wdCommandDispatch_0 && wdGetApplicationObject )
{
   ((void (__stdcall *)(int, int, int, int))FMain)(a1, a2, a3, a4);
   FreeLibrary(LibraryW);
   return 0;
}
else
{
   return 1;
}
  }
  else
  {
GetLastError();
return 1;
  }
}

显示全部楼层 · 发表于 2024-9-2 10:16:00

迈克菲扫描 miss

显示全部楼层 · 发表于 2024-9-2 16:14:42

eis右键扫描miss

显示全部楼层 · 发表于 2024-9-2 18:48:01

QVM360 发表于 2024-9-1 22:09
为什么不是wwwab.dll

@wwwab

劫持wwlib.dll海莲花也用过啊，https://www.freebuf.com/sectool/201940.html

显示全部楼层 · 发表于 2024-9-2 20:24:53

wwwab 发表于 2024-9-2 18:48
劫持wwlib.dll海莲花也用过啊，https://www.freebuf.com/sectool/201940.html

https://bbs.kafan.cn/thread-2273102-2-1.html

显示全部楼层 · 发表于 2024-9-5 09:43:31

[病毒样本] 远控1x

评分

本帖子中包含更多资源