魔盾安全分析报告文件详细信息特征运行截图网络分析 UDP连接

Transcription

魔盾安全分析报告
分析类型
开始时间
结束时间
持续时间
分析引擎版本
FILE
2016-07-03 13:48:29
2016-07-03 13:55:55
446 秒
1.4-Maldun
虚拟机机器名
标签
虚拟机管理
开机时间
关机时间
win7-sp1-x64-1
win7-sp1-x64-1
KVM
2016-07-03 13:48:53
2016-07-03 13:55:55
魔盾分数
2.1
可疑的
文件详细信息
文件名
winmm.dll
文件大小
573440 字节
文件类型
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
CRC32
8402BA18
MD5
74815b2882fad2da7fa4628ad83808eb
SHA1
f2c6e5e93f0b535f993bc07254fa2a3bbe8f6d39
SHA256
30a1350a39ecc6d9d05704dc2f4b9a35d7ce61c1724164aa6e4f2fb21d83fc77
SHA512
9f1c00af7a82106b27f5ced4d8aadaf9159b934b232c6d670828098c5e9398e7402d0a118672500748d6b5bad2532db7fe4d15467bffe2393706b612b33
15418
Ssdeep
12288:NH0T7+bYDZIDi/qmqdbfJIC5/m+pGgg6y:NI+bgZL+d7JIUOibY
PEiD
无匹配
Yara
VirusTotal
DebuggerCheck__API ()
DebuggerCheck__QueryInfo ()
ThreadControl__Context ()
RIPEMD160_Constants (Look for RIPEMD-160 constants)
SHA1_Constants (Look for SHA1 constants)
无此文件扫描结果
特征
创建RWX内存
尝试阻止Cuckoo线程以防止恶意行为被记录
运行截图
网络分析
UDP连接
IP地址
端口
192.168.122.255
138
无信息
静态分析
PE 信息
初始地址
0x180000000
入口地址
0x18001a2e4
声明校验值
0x00000000
实际校验值
0x000901fa
最低操作系统版本要求
6.0
编译时间
2016-06-30 14:35:51
导出DLL库名称
winmm.dll
版本信息
LegalCopyright:
www.shuax.com \xa9 2016
InternalName:
winmm.dll
FileVersion:
5.9.5
CompanyName:
www.shuax.com
ProductName:
GreenChrome
ProductVersion:
5.9.5
FileDescription:
Google Chrome \x589e\x5f3a\x8f6f\x4ef6
OriginalFilename:
winmm.dll
Translation:
0x0804 0x04b0
PE数据组成
名称
虚拟地址
虚拟大小
原始数据大小
特征
熵
(Entropy)
.text
0x00001000
0x0005e43e
0x0005e600
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
6.47
.rdata
0x00060000
0x0001f61c
0x0001f800
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
4.97
.data
0x00080000
0x00005010
0x00003000
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
4.39
.pdata
0x00086000
0x00005364
0x00005400
5.71
.gfids
0x0008c000
0x000009f4
0x00000a00
3.83
.SHARED
0x0008d000
0x0000000b
0x00000200
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
0.00
.rsrc
0x0008e000
0x00003df0
0x00003e00
7.40
.reloc
0x00092000
0x00000e50
0x00001000
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
5.23
资源
名称
偏移量
大小
语言
子语言
熵(Entropy)
文件类型
INI
0x0008e2d0
0x00000eca
LANG_ENGLISH
SUBLANG_ENGLISH_US
5.96
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
PNG
0x0008f1a0
0x0000057b
LANG_ENGLISH
SUBLANG_ENGLISH_US
7.78
PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced
PNG
0x0008f1a0
0x0000057b
LANG_ENGLISH
SUBLANG_ENGLISH_US
7.78
PNG
0x0008f1a0
0x0000057b
LANG_ENGLISH
SUBLANG_ENGLISH_US
7.78
PNG
0x0008f1a0
0x0000057b
LANG_ENGLISH
SUBLANG_ENGLISH_US
7.78
PNG
0x0008f1a0
0x0000057b
LANG_ENGLISH
SUBLANG_ENGLISH_US
7.78
PNG
0x0008f1a0
0x0000057b
LANG_ENGLISH
SUBLANG_ENGLISH_US
7.78
PNG
0x0008f1a0
0x0000057b
LANG_ENGLISH
SUBLANG_ENGLISH_US
7.78
PNG
0x0008f1a0
0x0000057b
LANG_ENGLISH
SUBLANG_ENGLISH_US
7.78
RT_VERSION
0x00091b30
0x000002bc
LANG_ENGLISH
SUBLANG_ENGLISH_US
3.48
data
导入
库 gdiplus.dll:
• 0x1800607e0 - GdipCreateFont
• 0x1800607e8 - GdipSetStringFormatAlign
• 0x1800607f0 - GdiplusStartup
• 0x1800607f8 - GdiplusShutdown
• 0x180060800 - GdipCreateStringFormat
• 0x180060808 - GdipDeleteFontFamily
• 0x180060810 - GdipGetImageHeight
• 0x180060818 - GdipCreateFontFamilyFromName
• 0x180060820 - GdipCloneImage
• 0x180060828 - GdipDeleteBrush
• 0x180060830 - GdipAlloc
• 0x180060838 - GdipDrawImageRectI
• 0x180060840 - GdipDisposeImage
• 0x180060848 - GdipSetSmoothingMode
• 0x180060850 - GdipSetStringFormatLineAlign
• 0x180060858 - GdipLoadImageFromStream
• 0x180060860 - GdipCreateSolidFill
• 0x180060868 - GdipFree
• 0x180060870 - GdipDrawString
• 0x180060878 - GdipCreateFromHDC
• 0x180060880 - GdipSetTextRenderingHint
• 0x180060888 - GdipCloneBrush
• 0x180060890 - GdipDeleteGraphics
• 0x180060898 - GdipDeleteStringFormat
• 0x1800608a0 - GdipDeleteFont
• 0x1800608a8 - GdipDrawLines
• 0x1800608b0 - GdipGetImageWidth
• 0x1800608b8 - GdipDeletePen
• 0x1800608c0 - GdipCreatePen1
库 VERSION.dll:
• 0x1800606f8 - GetFileVersionInfoSizeW
• 0x180060700 - VerQueryValueW
• 0x180060708 - GetFileVersionInfoW
库 OLEACC.dll:
• 0x180060530 - AccessibleObjectFromWindow
• 0x180060538 - AccessibleChildren
库 SHLWAPI.dll:
• 0x180060578 - PathQuoteSpacesW
• 0x180060580 - PathRemoveFileSpecW
• 0x180060588 - PathFileExistsW
• 0x180060590 - PathCombineW
库 KERNEL32.dll:
• 0x180060040 - GetProcessAffinityMask
• 0x180060048 - GetNumaHighestNodeNumber
• 0x180060050 - DeleteTimerQueueTimer
• 0x180060058 - ChangeTimerQueueTimer
• 0x180060060 - CreateTimerQueueTimer
• 0x180060068 - GetLogicalProcessorInformation
• 0x180060070 - GetThreadPriority
• 0x180060078 - SetThreadPriority
• 0x180060080 - SwitchToThread
• 0x180060088 - SignalObjectAndWait
• 0x180060090 - SetEvent
• 0x180060098 - CreateTimerQueue
• 0x1800600a0 - WriteConsoleW
• 0x1800600a8 - FreeEnvironmentStringsW
• 0x1800600b0 - GetEnvironmentStringsW
• 0x1800600b8 - GetCommandLineA
• 0x1800600c0 - GetCPInfo
• 0x1800600c8 - GetOEMCP
• 0x1800600d0 - IsValidCodePage
• 0x1800600d8 - FindNextFileA
• 0x1800600e0 - GetACP
• 0x1800600e8 - GetModuleFileNameA
• 0x1800600f0 - GetFileType
• 0x1800600f8 - SizeofResource
• 0x180060100 - WritePrivateProfileStringW
• 0x180060108 - SetLastError
• 0x180060110 - EnterCriticalSection
• 0x180060118 - GetCommandLineW
• 0x180060120 - GetCurrentProcess
• 0x180060128 - ExpandEnvironmentStringsW
• 0x180060130 - GetPrivateProfileIntW
• 0x180060138 - TerminateProcess
• 0x180060140 - GetModuleFileNameW
• 0x180060148 - LeaveCriticalSection
• 0x180060150 - CreateMutexW
• 0x180060158 - InitializeCriticalSectionEx
• 0x180060160 - GetPrivateProfileSectionW
• 0x180060168 - FindResourceA
• 0x180060170 - WaitForSingleObject
• 0x180060178 - LocalAlloc
• 0x180060180 - CreateFileW
• 0x180060188 - GetCurrentThreadId
• 0x180060190 - GetSystemDirectoryW
• 0x180060198 - GetModuleHandleA
• 0x1800601a0 - FreeResource
• 0x1800601a8 - OpenProcess
• 0x1800601b0 - MultiByteToWideChar
• 0x1800601b8 - GetPrivateProfileStringW
• 0x1800601c0 - Sleep
• 0x1800601c8 - GetLastError
• 0x1800601d0 - OutputDebugStringW
• 0x1800601d8 - lstrcatW
• 0x1800601e0 - LockResource
• 0x1800601e8 - GlobalAlloc
• 0x1800601f0 - GlobalFree
• 0x1800601f8 - CloseHandle
• 0x180060200 - RaiseException
• 0x180060208 - K32GetModuleInformation
• 0x180060210 - LoadLibraryW
• 0x180060218 - LoadResource
• 0x180060220 - VirtualProtectEx
• 0x180060228 - DecodePointer
• 0x180060230 - GetProcAddress
• 0x180060238 - GlobalLock
• 0x180060240 - LocalFree
• 0x180060248 - GetFileSize
• 0x180060250 - DeleteCriticalSection
• 0x180060258 - ExitProcess
• 0x180060260 - VerSetConditionMask
• 0x180060268 - CreateProcessW
• 0x180060270 - GetModuleHandleW
• 0x180060278 - SetThreadAffinityMask
• 0x180060280 - WideCharToMultiByte
• 0x180060288 - lstrcpyW
• 0x180060290 - VerifyVersionInfoW
• 0x180060298 - QueryFullProcessImageNameW
• 0x1800602a0 - CreateFileMappingW
• 0x1800602a8 - MapViewOfFile
• 0x1800602b0 - GlobalUnlock
• 0x1800602b8 - VirtualFree
• 0x1800602c0 - VirtualAlloc
• 0x1800602c8 - GetSystemInfo
• 0x1800602d0 - VirtualQuery
• 0x1800602d8 - HeapCreate
• 0x1800602e0 - VirtualProtect
• 0x1800602e8 - HeapFree
• 0x1800602f0 - Thread32Next
• 0x1800602f8 - Thread32First
• 0x180060300 - SuspendThread
• 0x180060308 - ResumeThread
• 0x180060310 - CreateToolhelp32Snapshot
• 0x180060318 - HeapReAlloc
• 0x180060320 - HeapAlloc
• 0x180060328 - GetThreadContext
• 0x180060330 - GetCurrentProcessId
• 0x180060338 - SetThreadContext
• 0x180060340 - OpenThread
• 0x180060348 - ReadFile
• 0x180060350 - SetHandleInformation
• 0x180060358 - GetStdHandle
• 0x180060360 - WriteFile
• 0x180060368 - FindClose
• 0x180060370 - DuplicateHandle
• 0x180060378 - GetTickCount
• 0x180060380 - GetModuleHandleExW
• 0x180060388 - HeapSize
• 0x180060390 - FreeLibraryAndExitThread
• 0x180060398 - ExitThread
• 0x1800603a0 - CreateThread
• 0x1800603a8 - LoadLibraryExW
• 0x1800603b0 - FreeLibrary
• 0x1800603b8 - InterlockedFlushSList
• 0x1800603c0 - RtlUnwindEx
• 0x1800603c8 - RtlPcToFileHeader
• 0x1800603d0 - LoadLibraryExA
• 0x1800603d8 - InterlockedPushEntrySList
• 0x1800603e0 - InterlockedPopEntrySList
• 0x1800603e8 - GetProcessHeap
• 0x1800603f0 - EncodePointer
• 0x1800603f8 - TlsFree
• 0x180060400 - TlsSetValue
• 0x180060408 - TlsGetValue
• 0x180060410 - TlsAlloc
• 0x180060418 - CreateEventW
• 0x180060420 - InitializeCriticalSectionAndSpinCount
• 0x180060428 - GetCurrentThread
• 0x180060430 - WaitForSingleObjectEx
• 0x180060438 - TryEnterCriticalSection
• 0x180060440 - InitializeSListHead
• 0x180060448 - GetSystemTimeAsFileTime
• 0x180060450 - QueryPerformanceCounter
• 0x180060458 - GetStartupInfoW
• 0x180060460 - IsDebuggerPresent
• 0x180060468 - IsProcessorFeaturePresent
• 0x180060470 - SetUnhandledExceptionFilter
• 0x180060478 - UnhandledExceptionFilter
• 0x180060480 - RtlVirtualUnwind
• 0x180060488 - RtlLookupFunctionEntry
• 0x180060490 - RtlCaptureContext
• 0x180060498 - GetStringTypeW
• 0x1800604a0 - GetConsoleCP
• 0x1800604a8 - GetConsoleMode
• 0x1800604b0 - ReadConsoleW
• 0x1800604b8 - RegisterWaitForSingleObject
• 0x1800604c0 - UnregisterWait
• 0x1800604c8 - GetThreadTimes
• 0x1800604d0 - GetVersionExW
• 0x1800604d8 - ReleaseSemaphore
• 0x1800604e0 - QueryDepthSList
• 0x1800604e8 - UnregisterWaitEx
• 0x1800604f0 - FlushInstructionCache
• 0x1800604f8 - LCMapStringW
• 0x180060500 - FindFirstFileExA
• 0x180060508 - FlushFileBuffers
• 0x180060510 - SetFilePointerEx
• 0x180060518 - SetEndOfFile
• 0x180060520 - SetStdHandle
库 USER32.dll:
• 0x1800605a0 - IsWindowVisible
• 0x1800605a8 - SetWindowPos
• 0x1800605b0 - SetWindowLongPtrW
• 0x1800605b8 - CreateWindowExW
• 0x1800605c0 - ScreenToClient
• 0x1800605c8 - SendMessageW
• 0x1800605d0 - CallNextHookEx
• 0x1800605d8 - GetSystemMetrics
• 0x1800605e0 - UnregisterClassW
• 0x1800605e8 - GetWindowLongPtrW
• 0x1800605f0 - RegisterClassExW
• 0x1800605f8 - WindowFromPoint
• 0x180060600 - wsprintfA
• 0x180060608 - ShowWindow
• 0x180060610 - DefWindowProcW
• 0x180060618 - VkKeyScanW
• 0x180060620 - GetDC
• 0x180060628 - RegisterHotKey
• 0x180060630 - GetForegroundWindow
• 0x180060638 - EnumWindows
• 0x180060640 - TranslateMessage
• 0x180060648 - LoadCursorW
• 0x180060650 - GetClassNameW
• 0x180060658 - SetWindowsHookExW
• 0x180060660 - wsprintfW
• 0x180060668 - GetClientRect
• 0x180060670 - UpdateLayeredWindow
• 0x180060678 - PostQuitMessage
• 0x180060680 - SystemParametersInfoW
• 0x180060688 - GetClassInfoExW
• 0x180060690 - GetParent
• 0x180060698 - PtInRect
• 0x1800606a0 - SetForegroundWindow
• 0x1800606a8 - SendInput
• 0x1800606b0 - GetFocus
• 0x1800606b8 - GetWindowRect
• 0x1800606c0 - CallWindowProcW
• 0x1800606c8 - GetMessageW
• 0x1800606d0 - GetKeyState
• 0x1800606d8 - PeekMessageW
• 0x1800606e0 - DispatchMessageW
• 0x1800606e8 - ReleaseDC
库 GDI32.dll:
• 0x180060010 - SelectObject
• 0x180060018 - CreateCompatibleDC
• 0x180060020 - DeleteDC
• 0x180060028 - DeleteObject
• 0x180060030 - CreateCompatibleBitmap
库 ADVAPI32.dll:
• 0x180060000 - SystemFunction036
库 SHELL32.dll:
• 0x180060558 - CommandLineToArgvW
• 0x180060560 - ShellExecuteExW
• 0x180060568 - SHGetFolderPathW
库 ole32.dll:
• 0x1800608d0 - CreateStreamOnHGlobal
库 OLEAUT32.dll:
• 0x180060548 - None
库 WS2_32.dll:
• 0x180060718 - None
• 0x180060720 - None
• 0x180060728 - None
• 0x180060730 - None
• 0x180060738 - None
• 0x180060740 - None
• 0x180060748 - None
• 0x180060750 - None
• 0x180060758 - None
• 0x180060760 - None
• 0x180060768 - None
• 0x180060770 - None
• 0x180060778 - None
• 0x180060780 - None
• 0x180060788 - None
• 0x180060790 - None
• 0x180060798 - None
• 0x1800607a0 - None
• 0x1800607a8 - None
• 0x1800607b0 - None
• 0x1800607b8 - None
• 0x1800607c0 - None
• 0x1800607c8 - None
• 0x1800607d0 - None
导出
序列
地址
名称
1
0x180002a38
CloseDriver
2
0x180002a50
DefDriverProc
3
0x180002a68
DriverCallback
4
0x180002a80
DrvGetModuleHandle
5
0x180002a98
GetDriverModuleHandle
6
0x180003c38
IsInteractiveUserSession
7
0x180002ab0
NotifyCallbackData
8
0x180002ac8
OpenDriver
9
0x180002ae0
PlaySound
10
0x180002af8
PlaySoundA
11
0x180002b10
PlaySoundW
12
0x180003c50
QueryActiveSession
13
0x180003c68
QueryUserToken
14
0x180003c80
RegisterUsertokenForNoWinlogon
15
0x180004dc8
ReleaseIni
16
0x180002b28
SendDriverMessage
17
0x180002b40
WOW32DriverCallback
18
0x180002b58
WOW32ResolveMultiMediaHandle
19
0x180002b70
WOWAppExit
20
0x180003c98
WTSCloseServer
21
0x180003cb0
WTSConnectSessionA
22
0x180003cc8
WTSConnectSessionW
23
0x180003ce0
WTSCreateListenerA
24
0x180003cf8
WTSCreateListenerW
25
0x180003d10
WTSDisconnectSession
26
0x180003d28
WTSEnableChildSessions
27
0x180003d40
WTSEnumerateListenersA
28
0x180003d58
WTSEnumerateListenersW
29
0x180003d70
WTSEnumerateProcessesA
30
0x180003d88
WTSEnumerateProcessesExA
31
0x180003da0
WTSEnumerateProcessesExW
32
0x180003db8
WTSEnumerateProcessesW
33
0x180003dd0
WTSEnumerateServersA
34
0x180003de8
WTSEnumerateServersW
35
0x180003e00
WTSEnumerateSessionsA
36
0x180003e18
WTSEnumerateSessionsExA
37
0x180003e30
WTSEnumerateSessionsExW
38
0x180003e48
WTSEnumerateSessionsW
39
0x180003e60
WTSFreeMemory
40
0x180003e78
WTSFreeMemoryExA
41
0x180003e90
WTSFreeMemoryExW
42
0x180003ea8
WTSGetChildSessionId
43
0x180003ec0
WTSGetListenerSecurityA
44
0x180003ed8
WTSGetListenerSecurityW
45
0x180003ef0
WTSIsChildSessionsEnabled
46
0x180003f08
WTSLogoffSession
47
0x180003f20
WTSOpenServerA
48
0x180003f38
WTSOpenServerExA
49
0x180003f50
WTSOpenServerExW
50
0x180003f68
WTSOpenServerW
51
0x180003f80
WTSQueryListenerConfigA
52
0x180003f98
WTSQueryListenerConfigW
53
0x180003fb0
WTSQuerySessionInformationA
54
0x180003fc8
WTSQuerySessionInformationW
55
0x180003fe0
WTSQueryUserConfigA
56
0x180003ff8
WTSQueryUserConfigW
57
0x180004010
WTSQueryUserToken
58
0x180004028
WTSRegisterSessionNotification
59
0x180004040
WTSRegisterSessionNotificationEx
60
0x180004058
WTSSendMessageA
61
0x180004070
WTSSendMessageW
62
0x180004088
WTSSetListenerSecurityA
63
0x1800040a0
WTSSetListenerSecurityW
64
0x1800040b8
WTSSetRenderHint
65
0x1800040d0
WTSSetSessionInformationA
66
0x1800040e8
WTSSetSessionInformationW
67
0x180004100
WTSSetUserConfigA
68
0x180004118
WTSSetUserConfigW
69
0x180004130
WTSShutdownSystem
70
0x180004148
WTSStartRemoteControlSessionA
71
0x180004160
WTSStartRemoteControlSessionW
72
0x180004178
WTSStopRemoteControlSession
73
0x180004190
WTSTerminateProcess
74
0x1800041a8
WTSUnRegisterSessionNotification
75
0x1800041c0
WTSUnRegisterSessionNotificationEx
76
0x1800041d8
WTSVirtualChannelClose
77
0x1800041f0
WTSVirtualChannelOpen
78
0x180004208
WTSVirtualChannelOpenEx
79
0x180004220
WTSVirtualChannelPurgeInput
80
0x180004238
WTSVirtualChannelPurgeOutput
81
0x180004250
WTSVirtualChannelQuery
82
0x180004268
WTSVirtualChannelRead
83
0x180004280
WTSVirtualChannelWrite
84
0x180004298
WTSWaitSystemEvent
85
0x180002b88
aux32Message
86
0x180002ba0
auxGetDevCapsA
87
0x180002bb8
auxGetDevCapsW
88
0x180002bd0
auxGetNumDevs
89
0x180002be8
auxGetVolume
90
0x180002c00
auxOutMessage
91
0x180002c18
auxSetVolume
92
0x180002c30
joy32Message
93
0x180002c48
joyConfigChanged
94
0x180002c60
joyGetDevCapsA
95
0x180002c78
joyGetDevCapsW
96
0x180002c90
joyGetNumDevs
97
0x180002ca8
joyGetPos
98
0x180002cc0
joyGetPosEx
99
0x180002cd8
joyGetThreshold
100
0x180002cf0
joyReleaseCapture
101
0x180002d08
joySetCapture
102
0x180002d20
joySetThreshold
103
0x180002d38
mci32Message
104
0x180002d50
mciDriverNotify
105
0x180002d68
mciDriverYield
106
0x180002d80
mciExecute
107
0x180002d98
mciFreeCommandResource
108
0x180002db0
mciGetCreatorTask
109
0x180002dc8
mciGetDeviceIDA
110
0x180002de0
mciGetDeviceIDFromElementIDA
111
0x180002df8
mciGetDeviceIDFromElementIDW
112
0x180002e10
mciGetDeviceIDW
113
0x180002e28
mciGetDriverData
114
0x180002e40
mciGetErrorStringA
115
0x180002e58
mciGetErrorStringW
116
0x180002e70
mciGetYieldProc
117
0x180002e88
mciLoadCommandResource
118
0x180002ea0
mciSendCommandA
119
0x180002eb8
mciSendCommandW
120
0x180002ed0
mciSendStringA
121
0x180002ee8
mciSendStringW
122
0x180002f00
mciSetDriverData
123
0x180002f18
mciSetYieldProc
124
0x180002f30
mid32Message
125
0x180002f48
midiConnect
126
0x180002f60
midiDisconnect
127
0x180002f78
midiInAddBuffer
128
0x180002f90
midiInClose
129
0x180002fa8
midiInGetDevCapsA
130
0x180002fc0
midiInGetDevCapsW
131
0x180002fd8
midiInGetErrorTextA
132
0x180002ff0
midiInGetErrorTextW
133
0x180003008
midiInGetID
134
0x180003020
midiInGetNumDevs
135
0x180003038
midiInMessage
136
0x180003050
midiInOpen
137
0x180003068
midiInPrepareHeader
138
0x180003080
midiInReset
139
0x180003098
midiInStart
140
0x1800030b0
midiInStop
141
0x1800030c8
midiInUnprepareHeader
142
0x1800030e0
midiOutCacheDrumPatches
143
0x1800030f8
midiOutCachePatches
144
0x180003110
midiOutClose
145
0x180003128
midiOutGetDevCapsA
146
0x180003140
midiOutGetDevCapsW
147
0x180003158
midiOutGetErrorTextA
148
0x180003170
midiOutGetErrorTextW
149
0x180003188
midiOutGetID
150
0x1800031a0
midiOutGetNumDevs
151
0x1800031b8
midiOutGetVolume
152
0x1800031d0
midiOutLongMsg
153
0x1800031e8
midiOutMessage
154
0x180003200
midiOutOpen
155
0x180003218
midiOutPrepareHeader
156
0x180003230
midiOutReset
157
0x180003248
midiOutSetVolume
158
0x180003260
midiOutShortMsg
159
0x180003278
midiOutUnprepareHeader
160
0x180003290
midiStreamClose
161
0x1800032a8
midiStreamOpen
162
0x1800032c0
midiStreamOut
163
0x1800032d8
midiStreamPause
164
0x1800032f0
midiStreamPosition
165
0x180003308
midiStreamProperty
166
0x180003320
midiStreamRestart
167
0x180003338
midiStreamStop
168
0x180003350
mixerClose
169
0x180003368
mixerGetControlDetailsA
170
0x180003380
mixerGetControlDetailsW
171
0x180003398
mixerGetDevCapsA
172
0x1800033b0
mixerGetDevCapsW
173
0x1800033c8
mixerGetID
174
0x1800033e0
mixerGetLineControlsA
175
0x1800033f8
mixerGetLineControlsW
176
0x180003410
mixerGetLineInfoA
177
0x180003428
mixerGetLineInfoW
178
0x180003440
mixerGetNumDevs
179
0x180003458
mixerMessage
180
0x180003470
mixerOpen
181
0x180003488
mixerSetControlDetails
182
0x1800034a0
mmDrvInstall
183
0x1800034b8
mmGetCurrentTask
184
0x1800034d0
mmTaskBlock
185
0x1800034e8
mmTaskCreate
186
0x180003500
mmTaskSignal
187
0x180003518
mmTaskYield
188
0x180003530
mmioAdvance
189
0x180003548
mmioAscend
190
0x180003560
mmioClose
191
0x180003578
mmioCreateChunk
192
0x180003590
mmioDescend
193
0x1800035a8
mmioFlush
194
0x1800035c0
mmioGetInfo
195
0x1800035d8
mmioInstallIOProcA
196
0x1800035f0
mmioInstallIOProcW
197
0x180003608
mmioOpenA
198
0x180003620
mmioOpenW
199
0x180003638
mmioRead
200
0x180003650
mmioRenameA
201
0x180003668
mmioRenameW
202
0x180003680
mmioSeek
203
0x180003698
mmioSendMessage
204
0x1800036b0
mmioSetBuffer
205
0x1800036c8
mmioSetInfo
206
0x1800036e0
mmioStringToFOURCCA
207
0x1800036f8
mmioStringToFOURCCW
208
0x180003710
mmioWrite
209
0x180003728
mmsystemGetVersion
210
0x180003740
mod32Message
211
0x180003758
mxd32Message
212
0x180003770
sndPlaySoundA
213
0x180003788
sndPlaySoundW
214
0x1800037a0
tid32Message
215
0x1800037b8
timeBeginPeriod
216
0x1800037d0
timeEndPeriod
217
0x1800037e8
timeGetDevCaps
218
0x180003800
timeGetSystemTime
219
0x180003818
timeGetTime
220
0x180003830
timeKillEvent
221
0x180003848
timeSetEvent
222
0x180003860
waveInAddBuffer
223
0x180003878
waveInClose
224
0x180003890
waveInGetDevCapsA
225
0x1800038a8
waveInGetDevCapsW
226
0x1800038c0
waveInGetErrorTextA
227
0x1800038d8
waveInGetErrorTextW
228
0x1800038f0
waveInGetID
229
0x180003908
waveInGetNumDevs
230
0x180003920
waveInGetPosition
231
0x180003938
waveInMessage
232
0x180003950
waveInOpen
233
0x180003968
waveInPrepareHeader
234
0x180003980
waveInReset
235
0x180003998
waveInStart
236
0x1800039b0
waveInStop
237
0x1800039c8
waveInUnprepareHeader
238
0x1800039e0
waveOutBreakLoop
239
0x1800039f8
waveOutClose
240
0x180003a10
waveOutGetDevCapsA
241
0x180003a28
waveOutGetDevCapsW
242
0x180003a40
waveOutGetErrorTextA
243
0x180003a58
waveOutGetErrorTextW
244
0x180003a70
waveOutGetID
245
0x180003a88
waveOutGetNumDevs
246
0x180003aa0
waveOutGetPitch
247
0x180003ab8
waveOutGetPlaybackRate
248
0x180003ad0
waveOutGetPosition
249
0x180003ae8
waveOutGetVolume
250
0x180003b00
waveOutMessage
251
0x180003b18
waveOutOpen
252
0x180003b30
waveOutPause
253
0x180003b48
waveOutPrepareHeader
254
0x180003b60
waveOutReset
255
0x180003b78
waveOutRestart
256
0x180003b90
waveOutSetPitch
257
0x180003ba8
waveOutSetPlaybackRate
258
0x180003bc0
waveOutSetVolume
259
0x180003bd8
waveOutUnprepareHeader
260
0x180003bf0
waveOutWrite
261
0x180003c08
wid32Message
262
0x180003c20
wod32Message
投放文件
无信息
行为分析
互斥量(Mutexes)
Local\MSCTF.Asm.MutexDefault1
执行的命令无信息
创建的服务无信息
启动的服务无信息
进程
rundll32.exe
PID: 748, 上一级进程 PID: 2440
访问的文件
C:\Users\test\AppData\Local\Temp\winmm.dll
C:\Users\test\AppData\Local\Temp\winmm.dll.123.Manifest
C:\Windows\sysnative\rundll32.exe
C:\Windows\sysnative\rundll32.exe.Local\
C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a
C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\GdiPlus.dll
C:\Users\test\AppData\Local\Temp\VERSION.dll
C:\Windows\sysnative\version.dll
C:\Users\test\AppData\Local\Temp\OLEACC.dll
C:\Windows\sysnative\oleacc.dll
C:\Windows\sysnative\api-ms-win-core-synch-l1-2-0.DLL
C:\Windows\system\api-ms-win-core-synch-l1-2-0.DLL
C:\Windows\api-ms-win-core-synch-l1-2-0.DLL
C:\Users\test\AppData\Local\Temp\api-ms-win-core-synch-l1-2-0.DLL
C:\Windows\sysnative\wbem\api-ms-win-core-synch-l1-2-0.DLL
C:\Windows\sysnative\WindowsPowerShell\v1.0\api-ms-win-core-synch-l1-2-0.DLL
C:\Windows\sysnative\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\system\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\api-ms-win-core-fibers-l1-1-1.DLL
C:\Users\test\AppData\Local\Temp\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\sysnative\wbem\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\sysnative\WindowsPowerShell\v1.0\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\sysnative\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\system\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\api-ms-win-core-localization-l1-2-1.DLL
C:\Users\test\AppData\Local\Temp\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\sysnative\wbem\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\sysnative\WindowsPowerShell\v1.0\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\Fonts\staticcache.dat
\Device\KsecDD
C:\Windows\Globalization\Sorting\sortdefault.nls
读取的文件
C:\Users\test\AppData\Local\Temp\winmm.dll
C:\Windows\sysnative\rundll32.exe
C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\GdiPlus.dll
C:\Windows\sysnative\version.dll
C:\Windows\sysnative\oleacc.dll
C:\Windows\Fonts\staticcache.dat
\Device\KsecDD
C:\Windows\Globalization\Sorting\sortdefault.nls
修改的文件无信息
删除的文件无信息
注册表键
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\\xe5\xbe\xae\xe8\xbd\xaf\xe9\x9b\x85\xe9\xbb\x91
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\rundll32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\EnableAnchorContext
读取的注册表键
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\EnableAnchorContext
修改的注册表键无信息
删除的注册表键无信息
API解析
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.FlsAlloc
kernel32.dll.FlsSetValue
advapi32.dll.EventRegister
kernel32.dll.FlsGetValue
kernel32.dll.LCMapStringEx
kernel32.dll.FlsFree
kernel32.dll.InitOnceExecuteOnce
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.GetTickCount64
kernel32.dll.GetFileInformationByHandleEx
kernel32.dll.SetFileInformationByHandle
kernel32.dll.InitializeConditionVariable
kernel32.dll.WakeConditionVariable
kernel32.dll.WakeAllConditionVariable
kernel32.dll.SleepConditionVariableCS
kernel32.dll.InitializeSRWLock
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.TryAcquireSRWLockExclusive
kernel32.dll.ReleaseSRWLockExclusive
kernel32.dll.SleepConditionVariableSRW
kernel32.dll.CreateThreadpoolWork
kernel32.dll.SubmitThreadpoolWork
kernel32.dll.CloseThreadpoolWork
kernel32.dll.CompareStringEx
kernel32.dll.GetLocaleInfoEx
winmm.dll.CloseDriver
winmm.dll.DefDriverProc
winmm.dll.DriverCallback
winmm.dll.DrvGetModuleHandle
winmm.dll.GetDriverModuleHandle
winmm.dll.OpenDriver
winmm.dll.PlaySound
winmm.dll.PlaySoundA
winmm.dll.PlaySoundW
winmm.dll.SendDriverMessage
winmm.dll.WOWAppExit
wtsapi32.dll.WTSCloseServer
wtsapi32.dll.WTSConnectSessionA
wtsapi32.dll.WTSConnectSessionW
wtsapi32.dll.WTSCreateListenerA
wtsapi32.dll.WTSCreateListenerW
wtsapi32.dll.WTSDisconnectSession
wtsapi32.dll.WTSEnumerateListenersA
wtsapi32.dll.WTSEnumerateListenersW
wtsapi32.dll.WTSEnumerateProcessesA
wtsapi32.dll.WTSEnumerateProcessesExA
wtsapi32.dll.WTSEnumerateProcessesExW
wtsapi32.dll.WTSEnumerateProcessesW
wtsapi32.dll.WTSEnumerateServersA
wtsapi32.dll.WTSEnumerateServersW
wtsapi32.dll.WTSEnumerateSessionsA
wtsapi32.dll.WTSEnumerateSessionsExA
wtsapi32.dll.WTSEnumerateSessionsExW
wtsapi32.dll.WTSEnumerateSessionsW
wtsapi32.dll.WTSFreeMemory
wtsapi32.dll.WTSFreeMemoryExA
wtsapi32.dll.WTSFreeMemoryExW
wtsapi32.dll.WTSGetListenerSecurityA
wtsapi32.dll.WTSGetListenerSecurityW
wtsapi32.dll.WTSLogoffSession
wtsapi32.dll.WTSOpenServerA
wtsapi32.dll.WTSOpenServerExA
wtsapi32.dll.WTSOpenServerExW
wtsapi32.dll.WTSOpenServerW
wtsapi32.dll.WTSQueryListenerConfigA
wtsapi32.dll.WTSQueryListenerConfigW
wtsapi32.dll.WTSQuerySessionInformationA
wtsapi32.dll.WTSQuerySessionInformationW
wtsapi32.dll.WTSQueryUserConfigA
wtsapi32.dll.WTSQueryUserConfigW
wtsapi32.dll.WTSQueryUserToken
wtsapi32.dll.WTSRegisterSessionNotification
wtsapi32.dll.WTSRegisterSessionNotificationEx
wtsapi32.dll.WTSSendMessageA
wtsapi32.dll.WTSSendMessageW
wtsapi32.dll.WTSSetListenerSecurityA
wtsapi32.dll.WTSSetListenerSecurityW
wtsapi32.dll.WTSSetSessionInformationA
wtsapi32.dll.WTSSetSessionInformationW
wtsapi32.dll.WTSSetUserConfigA
wtsapi32.dll.WTSSetUserConfigW
wtsapi32.dll.WTSShutdownSystem
wtsapi32.dll.WTSStartRemoteControlSessionA
wtsapi32.dll.WTSStartRemoteControlSessionW
wtsapi32.dll.WTSStopRemoteControlSession
wtsapi32.dll.WTSTerminateProcess
wtsapi32.dll.WTSUnRegisterSessionNotification
wtsapi32.dll.WTSUnRegisterSessionNotificationEx
wtsapi32.dll.WTSVirtualChannelClose
wtsapi32.dll.WTSVirtualChannelOpen
wtsapi32.dll.WTSVirtualChannelOpenEx
wtsapi32.dll.WTSVirtualChannelPurgeInput
wtsapi32.dll.WTSVirtualChannelPurgeOutput
wtsapi32.dll.WTSVirtualChannelQuery
wtsapi32.dll.WTSVirtualChannelRead
wtsapi32.dll.WTSVirtualChannelWrite
wtsapi32.dll.WTSWaitSystemEvent
winmm.dll.auxGetDevCapsA
winmm.dll.auxGetDevCapsW
winmm.dll.auxGetNumDevs
winmm.dll.auxGetVolume
winmm.dll.auxOutMessage
winmm.dll.auxSetVolume
winmm.dll.joyConfigChanged
winmm.dll.joyGetDevCapsA
winmm.dll.joyGetDevCapsW
winmm.dll.joyGetNumDevs
winmm.dll.joyGetPos
winmm.dll.joyGetPosEx
winmm.dll.joyGetThreshold
winmm.dll.joyReleaseCapture
winmm.dll.joySetCapture
winmm.dll.joySetThreshold
winmm.dll.mciDriverNotify
winmm.dll.mciDriverYield
winmm.dll.mciExecute
winmm.dll.mciFreeCommandResource
winmm.dll.mciGetCreatorTask
winmm.dll.mciGetDeviceIDA
winmm.dll.mciGetDeviceIDFromElementIDA
winmm.dll.mciGetDeviceIDFromElementIDW
winmm.dll.mciGetDeviceIDW
winmm.dll.mciGetDriverData
winmm.dll.mciGetErrorStringA
winmm.dll.mciGetErrorStringW
winmm.dll.mciGetYieldProc
winmm.dll.mciLoadCommandResource
winmm.dll.mciSendCommandA
winmm.dll.mciSendCommandW
winmm.dll.mciSendStringA
winmm.dll.mciSendStringW
winmm.dll.mciSetDriverData
winmm.dll.mciSetYieldProc
winmm.dll.midiConnect
winmm.dll.midiDisconnect
winmm.dll.midiInAddBuffer
winmm.dll.midiInClose
winmm.dll.midiInGetDevCapsA
winmm.dll.midiInGetDevCapsW
winmm.dll.midiInGetErrorTextA
winmm.dll.midiInGetErrorTextW
winmm.dll.midiInGetID
winmm.dll.midiInGetNumDevs
winmm.dll.midiInMessage
winmm.dll.midiInOpen
winmm.dll.midiInPrepareHeader
winmm.dll.midiInReset
winmm.dll.midiInStart
winmm.dll.midiInStop
winmm.dll.midiInUnprepareHeader
winmm.dll.midiOutCacheDrumPatches
winmm.dll.midiOutCachePatches
winmm.dll.midiOutClose
winmm.dll.midiOutGetDevCapsA
winmm.dll.midiOutGetDevCapsW
winmm.dll.midiOutGetErrorTextA
winmm.dll.midiOutGetErrorTextW
winmm.dll.midiOutGetID
winmm.dll.midiOutGetNumDevs
winmm.dll.midiOutGetVolume
winmm.dll.midiOutLongMsg
winmm.dll.midiOutMessage
winmm.dll.midiOutOpen
winmm.dll.midiOutPrepareHeader
winmm.dll.midiOutReset
winmm.dll.midiOutSetVolume
winmm.dll.midiOutShortMsg
winmm.dll.midiOutUnprepareHeader
winmm.dll.midiStreamClose
winmm.dll.midiStreamOpen
winmm.dll.midiStreamOut
winmm.dll.midiStreamPause
winmm.dll.midiStreamPosition
winmm.dll.midiStreamProperty
winmm.dll.midiStreamRestart
winmm.dll.midiStreamStop
winmm.dll.mixerClose
winmm.dll.mixerGetControlDetailsA
winmm.dll.mixerGetControlDetailsW
winmm.dll.mixerGetDevCapsA
winmm.dll.mixerGetDevCapsW
winmm.dll.mixerGetID
winmm.dll.mixerGetLineControlsA
winmm.dll.mixerGetLineControlsW
winmm.dll.mixerGetLineInfoA
winmm.dll.mixerGetLineInfoW
winmm.dll.mixerGetNumDevs
winmm.dll.mixerMessage
winmm.dll.mixerOpen
winmm.dll.mixerSetControlDetails
winmm.dll.mmDrvInstall
winmm.dll.mmGetCurrentTask
winmm.dll.mmTaskBlock
winmm.dll.mmTaskCreate
winmm.dll.mmTaskSignal
winmm.dll.mmTaskYield
winmm.dll.mmioAdvance
winmm.dll.mmioAscend
winmm.dll.mmioClose
winmm.dll.mmioCreateChunk
winmm.dll.mmioDescend
winmm.dll.mmioFlush
winmm.dll.mmioGetInfo
winmm.dll.mmioInstallIOProcA
winmm.dll.mmioInstallIOProcW
winmm.dll.mmioOpenA
winmm.dll.mmioOpenW
winmm.dll.mmioRead
winmm.dll.mmioRenameA
winmm.dll.mmioRenameW
winmm.dll.mmioSeek
winmm.dll.mmioSendMessage
winmm.dll.mmioSetBuffer
winmm.dll.mmioSetInfo
winmm.dll.mmioStringToFOURCCA
winmm.dll.mmioStringToFOURCCW
winmm.dll.mmioWrite
winmm.dll.mmsystemGetVersion
winmm.dll.sndPlaySoundA
winmm.dll.sndPlaySoundW
winmm.dll.timeBeginPeriod
winmm.dll.timeEndPeriod
winmm.dll.timeGetDevCaps
winmm.dll.timeGetSystemTime
winmm.dll.timeGetTime
winmm.dll.timeKillEvent
winmm.dll.timeSetEvent
winmm.dll.waveInAddBuffer
winmm.dll.waveInClose
winmm.dll.waveInGetDevCapsA
winmm.dll.waveInGetDevCapsW
winmm.dll.waveInGetErrorTextA
winmm.dll.waveInGetErrorTextW
winmm.dll.waveInGetID
winmm.dll.waveInGetNumDevs
winmm.dll.waveInGetPosition
winmm.dll.waveInMessage
winmm.dll.waveInOpen
winmm.dll.waveInPrepareHeader
winmm.dll.waveInReset
winmm.dll.waveInStart
winmm.dll.waveInStop
winmm.dll.waveInUnprepareHeader
winmm.dll.waveOutBreakLoop
winmm.dll.waveOutClose
winmm.dll.waveOutGetDevCapsA
winmm.dll.waveOutGetDevCapsW
winmm.dll.waveOutGetErrorTextA
winmm.dll.waveOutGetErrorTextW
winmm.dll.waveOutGetID
winmm.dll.waveOutGetNumDevs
winmm.dll.waveOutGetPitch
winmm.dll.waveOutGetPlaybackRate
winmm.dll.waveOutGetPosition
winmm.dll.waveOutGetVolume
winmm.dll.waveOutMessage
winmm.dll.waveOutOpen
winmm.dll.waveOutPause
winmm.dll.waveOutPrepareHeader
winmm.dll.waveOutReset
winmm.dll.waveOutRestart
winmm.dll.waveOutSetPitch
winmm.dll.waveOutSetPlaybackRate
winmm.dll.waveOutSetVolume
winmm.dll.waveOutUnprepareHeader
winmm.dll.waveOutWrite
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
gdi32.dll.GetTextFaceAliasW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
advapi32.dll.RegQueryValueExA
advapi32.dll.RegEnumKeyExW
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
dwmapi.dll.DwmIsCompositionEnabled
gdi32.dll.GdiIsMetaPrintDC
ole32.dll.CoInitializeEx
ole32.dll.CoUninitialize
cryptbase.dll.SystemFunction036
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoRevokeInitializeSpy
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
©2016 上海魔盾信息科技有限公司

魔盾安全分析报告文件详细信息特征运行截图网络分析 UDP连接

Transcription

Similar documents