|
|
基本信息
关键行为
进程行为
文件行为
网络行为
注册表行为
其他行为
基本信息
文件名称:
刀锋(内部专用).exe
MD5: 30ededea884ced8dced37c21fa626a8a
文件类型: EXE
上传时间: 2019-09-03 17:59:33
出品公司: Synaptics
版本: 1.0.0.4---1.0.0.4
壳或编译器信息: COMPILER:Borland Delphi 6.0 - 7.0
子文件信息:
theme1.xml / 01124023b1940bccbff5ab1f589923de / Unknown
vbaProject.bin / 3d6bfbca37670b12b6af6aa387ecde51 / Compound
styles.xml / 17fba6f3371d909c0929bfa207ce9486 / Unknown
[Content_Types].xml / d786737210f5ba3439f7723ed9eef5be / Unknown
app.xml / 15929544f1c898cac5be7043c9e16ced / Unknown
sheet1.xml / 6f6b711a723dcd0a391e35a64fa848b8 / Unknown
workbook.xml.rels / c1a08e4a5909ec8a545236a0d9bce44d / Unknown
workbook.xml / 552cbb154cd3d50edc91ca09a5d7bdae / Unknown
core.xml / c45f133579ff8e5e8331509054967d0e / Unknown
.rels / 69984e911a8e36d7f6eab75bf36c6d01 / Unknown
关键行为
行为描述: 设置消息钩子
详情信息:
C:\WINDOWS\system32\Synaptics\Synaptics.dll
行为描述: 对比可疑进程名
详情信息:
lstrcmpiA: System <------> avp.exe Des: 卡巴斯基
lstrcmpiA: smss.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: csrss.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: winlogon.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: services.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: lsass.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: OEcxService.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: uvocthlp.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: svchost.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: spoolsv.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: jqs.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: OPCpgradeHelper.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: alg.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: explorer.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: reader_sl.exe <------> avp.exe Des: 卡巴斯基
行为描述: 搜索可疑进程名
详情信息:
strstr: avp.exe <------> Des: 卡巴斯基
行为描述: 获取TickCount值
详情信息:
TickCount = 222079, SleepMilliseconds = 1.
TickCount = 222126, SleepMilliseconds = 1.
TickCount = 222282, SleepMilliseconds = 1.
TickCount = 227562, SleepMilliseconds = 1000.
TickCount = 227921, SleepMilliseconds = 1000.
TickCount = 227937, SleepMilliseconds = 1000.
TickCount = 227953, SleepMilliseconds = 1000.
TickCount = 227968, SleepMilliseconds = 1000.
TickCount = 228000, SleepMilliseconds = 1000.
TickCount = 228015, SleepMilliseconds = 1000.
TickCount = 228031, SleepMilliseconds = 1000.
TickCount = 228046, SleepMilliseconds = 1000.
TickCount = 228062, SleepMilliseconds = 1000.
行为描述: 设置特殊文件属性
详情信息:
C:\Documents and Settings\Administrator\Local Settings\%temp%\._cache_%temp%\****.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\._cache_读取请勿修改此文件.exe
C:\WINDOWS\system32\Synaptics\Synaptics.exe
C:\WINDOWS\system32\Synaptics\Synaptics.dll
行为描述: 查找PE资源信息
详情信息:
(FindResourceA) hModule = 0x00400000, ResName: EXERESX, ResType:
(FindResourceA) hModule = 0x00400000, ResName: KBHKS, ResType:
行为描述: 获取窗口截图信息
详情信息:
Foreground window Info: HWND = 0x00010014, DC = 0x0a010375.
行为描述: 设置特殊文件夹属性
详情信息:
C:\WINDOWS\system32\Synaptics
C:\Documents and Settings\Administrator\Application Data\WinSl
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588AXFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588AXFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 修改注册表_启动项
详情信息:
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver |
|
好评
贡献
海币
交易币
发表于 2019-9-3 16:59:02
收藏
转播
淘帖
支持
反对
提升卡
置顶卡
变色卡
千斤顶
照妖镜
