行为描述: 检测自身是否被调试
详情信息:
IsDebuggerPresent
行为描述: 创建互斥体
详情信息:
RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.ENJ
行为描述: 创建事件对象
详情信息:
EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.ENJ.IC
EventName = MSCTF.SendReceiveConection.Event.ENJ.IC
行为描述: 打开互斥体
详情信息:
RasPbFile
ShimCacheMutex
行为描述: 查找指定窗口
详情信息:
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述: 打开事件
详情信息:
HookSwitchHookEnabledEvent
MSFT.VSA.COM.DISABLE.2512
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
行为描述: 获取TickCount值
详情信息:
TickCount = 283875, SleepMilliseconds = 60000.
TickCount = 283953, SleepMilliseconds = 60000.
TickCount = 284078, SleepMilliseconds = 60000.
TickCount = 284093, SleepMilliseconds = 60000.
TickCount = 284156, SleepMilliseconds = 60000.
TickCount = 284171, SleepMilliseconds = 60000.
TickCount = 284187, SleepMilliseconds = 60000.
TickCount = 284375, SleepMilliseconds = 60000.
TickCount = 284421, SleepMilliseconds = 60000.
TickCount = 284921, SleepMilliseconds = 60000.
TickCount = 285421, SleepMilliseconds = 60000.
TickCount = 285921, SleepMilliseconds = 60000.
TickCount = 286421, SleepMilliseconds = 60000.
TickCount = 286921, SleepMilliseconds = 60000.
TickCount = 287187, SleepMilliseconds = 60000.
行为描述: 窗口信息
详情信息:
Pid = 2512, Hwnd=0x10378, Text = 新密码, ClassName = _EL_Label.
Pid = 2512, Hwnd=0x10372, Text = 推荐人, ClassName = _EL_Label.
Pid = 2512, Hwnd=0x10370, Text = 保存账号, ClassName = Button(CheckBox).
Pid = 2512, Hwnd=0x1036e, Text = 用户名, ClassName = _EL_Label.
Pid = 2512, Hwnd=0x10368, Text = 旧密码, ClassName = _EL_Label.
Pid = 2512, Hwnd=0x10366, Text = 修改密码, ClassName = Button.
Pid = 2512, Hwnd=0x10364, Text = 充值, ClassName = Button.
Pid = 2512, Hwnd=0x1035e, Text = 用户名, ClassName = _EL_Label.
Pid = 2512, Hwnd=0x1035c, Text = 充值卡密, ClassName = _EL_Label.
Pid = 2512, Hwnd=0x1035a, Text = 登录, ClassName = Button.
Pid = 2512, Hwnd=0x10358, Text = 用户密码, ClassName = _EL_Label.
Pid = 2512, Hwnd=0x10352, Text = 用户名, ClassName = _EL_Label.
Pid = 2512, Hwnd=0x1034c, Text = 注册, ClassName = Button.
Pid = 2512, Hwnd=0x10348, Text = 邮箱地址, ClassName = _EL_Label.
Pid = 2512, Hwnd=0x10346, Text = 用户密码, ClassName = _EL_Label.
行为描述: 调用Sleep函数
详情信息:
[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 0.
行为描述: 隐藏指定窗口
详情信息:
[Window,Class] = [用户名,_EL_Label]
[Window,Class] = [用户密码,_EL_Label]
[Window,Class] = [邮箱地址,_EL_Label]
[Window,Class] = [注册,Button]
[Window,Class] = [,Edit]
[Window,Class] = [充值卡密,_EL_Label]
[Window,Class] = [充值,Button]
[Window,Class] = [修改密码,Button]
[Window,Class] = [旧密码,_EL_Label]
[Window,Class] = [推荐人,_EL_Label]
[Window,Class] = [新密码,_EL_Label]
[Window,Class] = [,_EL_Timer]
行为描述: 直接获取CPU时钟
详情信息:
EAX = 0x5241699b, EDX = 0x000000b6
EAX = 0x524169e7, EDX = 0x000000b6
EAX = 0x54f46963, EDX = 0x000000b6
EAX = 0x54f469af, EDX = 0x000000b6
EAX = 0x54f469fb, EDX = 0x000000b6
EAX = 0x54f46a47, EDX = 0x000000b6
EAX = 0x54f46a93, EDX = 0x000000b6
EAX = 0x54f46adf, EDX = 0x000000b6
EAX = 0x54f46b2b, EDX = 0x000000b6
EAX = 0x54f46b77, EDX = 0x000000b6
可以自己看看 |