|
发表于 2021-7-23 15:19:29
|
显示全部楼层
基本信息
关键行为
进程行为
文件行为
其他行为
基本信息
文件名称:
华始祖破解版.exe
MD5: fa683807b46a51e0b28b2e04d30af432
文件类型: EXE
上传时间: 2021-07-23 15:16:27
出品公司: N/A
版本: N/A
壳或编译器信息: COMPILER:Microsoft Visual C++ 6.0
关键行为
行为描述: 直接调用系统关键API
详情信息:
Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x00FBD769
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x010B0B56
Index = 0x00000089, Name: NtProtectVirtualMemory, Instruction Address = 0x0119052D
Index = 0x00000089, Name: NtProtectVirtualMemory, Instruction Address = 0x01135CA6
Index = 0x000000A3, Name: NtQueryObject, Instruction Address = 0x004D851E
Index = 0x00000019, Name: NtClose, Instruction Address = 0x0042C6DB
行为描述: 获取TickCount值
详情信息:
TickCount = 281640, SleepMilliseconds = 60000.
TickCount = 282687, SleepMilliseconds = 60000.
TickCount = 282734, SleepMilliseconds = 60000.
行为描述: 直接获取CPU时钟
详情信息:
EAX = 0x6f1fdfed, EDX = 0x000000b7
EAX = 0x6f1fe039, EDX = 0x000000b7
EAX = 0x6f1fe085, EDX = 0x000000b7
EAX = 0x71a7b00e, EDX = 0x000000b7
EAX = 0x71a7b05a, EDX = 0x000000b7
EAX = 0x71a7b0a6, EDX = 0x000000b7
EAX = 0x71a7b0f2, EDX = 0x000000b7
EAX = 0x71a7b13e, EDX = 0x000000b7
EAX = 0x71a7b18a, EDX = 0x000000b7
EAX = 0x71a7b1d6, EDX = 0x000000b7
行为描述: 设置消息钩子
详情信息:
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
行为描述: VMWare特殊指令检测虚拟机
详情信息:
N/A |
|