最近看twitter上老多安全研究人员晒自己被钓鱼的截图，洒家送外卖的空闲也把样本下载来分析分析。可惜临近年关，洒家忙于送餐，技术更是难以望论坛各位大佬项背。故把样本分享出来，看看哪位好兄弟能帮我解决一下困惑。

这个样本是一个64位的dll文件，根据7b5K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2k6$3!0G2k6$3I4W2i4K6u0r3N6r3S2J5k6h3q4@1i4K6u0V1j5h3&6S2L8s2W2K6K9i4y4Q4x3X3c8Y4M7X3!0#2M7q4)9J5c8X3&6W2N6#2)9J5k6r3y4S2L8i4m8S2K9h3N6F1i4K6u0V1N6r3q4J5k6$3g2@1K9h3&6Y4i4K6u0V1M7$3g2U0N6i4u0A6N6s2W2Q4x3X3c8J5k6i4y4W2j5i4u0U0K9r3g2J5M7#2)9J5c8W2!0q4c8W2!0n7b7#2)9^5b7#2!0q4y4W2)9^5x3g2!0n7y4W2!0q4y4W2)9^5y4q4)9^5c8W2!0q4y4W2!0m8x3q4!0n7y4#2!0q4y4W2)9&6b7#2!0m8b7#2!0q4z5q4!0m8x3W2!0m8b7W2!0q4z5q4!0m8y4#2!0m8y4W2!0q4y4g2)9^5c8W2)9&6x3g2!0q4y4#2)9&6b7g2)9^5y4q4!0q4y4g2)9&6x3g2!0n7c8q4!0q4y4q4!0n7b7W2!0m8y4q4!0q4z5q4!0m8x3g2)9^5b7#2!0q4y4W2)9&6z5q4!0m8c8Y4u0#2L8X3c8D9L8o6x3J5i4K6u0W2k6i4S2W2 path/to/dll Bx9yb37GEcJNK6bt 4901。洒家调试的时候发现了导入函数IsDebuggerPresent，故在x64dbg中隐藏了调试器，可惜还是报错：rundll错误，找不到指定的模块（用depends看了看应该没啥缺的dll）。

样本链接如下：003K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6K6i4K6u0W2N6r3S2J5k6h3q4@1j5X3!0G2K9#2)9J5k6h3y4F1i4K6u0r3M7X3g2H3L8%4u0@1i4K6u0r3k6X3W2D9k6g2)9J5c8U0c8U0x3K6b7&6z5h3j5K6j5$3x3@1j5e0c8X3k6r3x3%4k6e0j5%4y4o6p5%4k6e0l9#2y4e0R3&6x3h3x3%4z5o6f1@1x3o6t1^5x3X3c8U0j5$3x3#2y4$3f1K6y4$3p5H3x3e0p5$3y4$3c8X3k6e0x3#2x3h3t1J5y4o6c8Q4x3V1k6Q4x3@1k6K6K9h3N6F1i4K6y4p5K9r3W2K6N6r3!0J5P5g2)9J5y4X3q4E0M7q4)9K6b7X3g2F1N6W2)9K6c8s2N6A6L8U0N6Q4y4h3k6K6M7o6q4Q4y4h3k6W2L8Y4R3$3y4q4)9#2k6X3!0X3k6X3W2U0k6e0t1H3x3e0x3`.

更多相关内容如下：
845K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6F1L8%4u0X3L8$3I4C8K9h3&6X3L8%4y4W2j5#2)9J5k6h3y4G2L8g2)9J5c8X3c8H3M7X3E0Q4x3X3c8E0j5h3I4%4j5i4u0W2i4K6u0V1N6r3q4J5k6$3g2@1K9h3&6Y4i4K6u0V1M7$3g2U0N6i4u0A6N6s2W2Q4x3X3c8J5k6i4y4W2j5i4u0U0K9r3g2J5M7#2)9J5c8R3`.`.
6f1K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6E0M7q4)9J5k6i4N6W2K9i4S2A6L8W2)9J5k6i4q4I4i4K6u0W2j5$3!0E0i4K6u0r3M7#2)9J5c8W2N6Q4x3X3c8o6i4K6g2X3N6p5E0h3L8W2S2U0L8K6S2o6x3$3y4@1k6@1q4B7L8@1&6c8

[培训]科锐逆向工程师培训第53期2025年7月8日开班！