大佬们帮忙看看这个哈勃查毒数据有没有问题
MD5:cfc37eb89e19de422eb6ef52fff8ba09
关键行为
行为描述:直接调用系统关键API
详情信息:Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x00BFB75EIndex = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x010EC144Index = 0x00000074, Name: NtOpenFile, Instruction Address = 0x00BFB75EIndex = 0x00000032, Name: NtCreateSection, Instruction Address = 0x01086C01Index = 0x0000006C, Name: NtMapViewOfSection, Instruction Address = 0x00B15BBAIndex = 0x0000010B, Name: NtUnmapViewOfSection, Instruction Address = 0x00BCAA46Index = 0x00000019, Name: NtClose, Instruction Address = 0x00BCAA46Index = 0x00000019, Name: NtClose, Instruction Address = 0x01086C01Index = 0x00000089, Name: NtProtectVirtualMemory, Instruction Address = 0x01086C01
行为描述:直接获取CPU时钟
详情信息:EAX = 0xa6f793d5, EDX = 0x000000b9EAX = 0xa6f79421, EDX = 0x000000b9EAX = 0xac3262da, EDX = 0x000000b9EAX = 0xac326326, EDX = 0x000000b9EAX = 0xb16d31df, EDX = 0x000000b9EAX = 0xb16d322b, EDX = 0x000000b9EAX = 0xb16d3277, EDX = 0x000000b9EAX = 0xb16d32c3, EDX = 0x000000b9EAX = 0xb16d330f, EDX = 0x000000b9EAX = 0xb16d335b, EDX = 0x000000b9
行为描述:VMWare特殊指令检测虚拟机
详情信息:N/A
进程行为
[*]创建本地线程
[*]枚举进程
更多>>
其他行为
[*]直接调用系统关键API
[*]检测自身是否被调试
[*]创建互斥体
[*]创建事件对象
[*]打开互斥体
[*]查找指定窗口
[*]打开事件
[*]搜索kernel32.dll基地址
[*]窗口信息
[*]调用Sleep函数
[*]直接获取CPU时钟
[*]VMWare特殊指令检测虚拟机
更多>> 没问题,这应该是破解程序,没什么问题
页:
[1]