An unrelated program links to FFmpeg libraries. can it be spyware?
Edit: As answered by @u1686_grawity in Superuser: https://superuser.com/a/1827887/1256224 , this behaviour of the program is probably a consequence of its using the CEF
, Chrome Embedded Framework, which is shipped with FFmpeg
libraries for HTML video
tags. Therefore, the program is probably not spyware.
I have asked the same question on Superuser, but I am not sure if that is the best place for it, so I also want to do some research on this site. See https://superuser.com/q/1827871/1256224 .
I recently found that a proxy program (Clash for Windows) that I installed on my Windows PC always links to DLLs that are unrelated to its function.
It has DLLs of FFmpeg
, DirectX
, OpenGL
, and Vulkan
in its installation directory. And through Process Explorer, I confirmed that it indeed loads such DLLs (Always FFmpeg
, but not always all of the other three).
As I mentioned, it SHOULD only serve as a proxy program, and the only legitimate reason (that I can think of) why it loads the DLLs of low-level graphics APIs is for hardware acceleration of its UI --- but I have not found related settings in it. Most importantly, I cannot think of a reason to justify its loading FFmpeg
.
FFmpeg
is known to be able to stream videos to a remote client, and I suspect that the program is spyware --- that it uses the low-level Graphics APIs to capture the screen and stream it via FFmpeg
.
That of course is my speculation. So my questions are,
- Can the DLLs it loaded be used in other legitimate ways that I have not thought of?
- Is there any way to investigate it further to obtain decisive evidence on its being spyware?
- The program has only run as a Normal User on my PC. If it was indeed spyware, how much damage could it have caused, and how could I possibly mitigate from the damage (e.g. What kinds of backdoors could it have left as a Normal User)?
I sincerely appreciate any insight you provide and your time in advance.