05-13-2017, 03:18 PM
(05-12-2017, 03:24 PM)reactor Wrote: no beacuse Windows don't start normal mode or safe mode
i formatted
centbrowser_2.6.3.22.exe x86 beta
Sets a windows hook
details
"mspaint.exe" sets a windows hook with filter "WH_GETMESSAGE" for thread ID 2180
"mspaint.exe" sets a windows hook with filter "WH_CALLWNDPROC" for thread ID 2180
source
API Call
https://www.hybrid-analysis.com/sample/7...ece08596a2
Don't be afraid of hooks, most hooks are local hooks(hook the application itself, not hook others).
Only global hooks should be paid attention to.
You can refer to https://www.codeproject.com/Articles/493...-API-hooks