An unrelated program links to FFmpeg libraries. can it be spyware?
Edit: As answered by @u1686_grawity in Superuser: https://superuser.com/a/1827887/1256224 , this behaviour of the program is probably a consequence of its using the CEF, Chrome Embedded Framework, which is shipped with FFmpeg libraries for HTML video tags. Therefore, the program is probably not spyware.
I have asked the same question on Superuser, but I am not sure if that is the best place for it, so I also want to do some research on this site. See https://superuser.com/q/1827871/1256224 .
I recently found that a proxy program (Clash for Windows) that I installed on my Windows PC always links to DLLs that are unrelated to its function.
It has DLLs of FFmpeg, DirectX, OpenGL, and Vulkan in its installation directory. And through Process Explorer, I confirmed that it indeed loads such DLLs (Always FFmpeg, but not always all of the other three).
As I mentioned, it SHOULD only serve as a proxy program, and the only legitimate reason (that I can think of) why it loads the DLLs of low-level graphics APIs is for hardware acceleration of its UI --- but I have not found related settings in it. Most importantly, I cannot think of a reason to justify its loading FFmpeg.
FFmpeg is known to be able to stream videos to a remote client, and I suspect that the program is spyware --- that it uses the low-level Graphics APIs to capture the screen and stream it via FFmpeg.
That of course is my speculation. So my questions are,
- Can the DLLs it loaded be used in other legitimate ways that I have not thought of?
- Is there any way to investigate it further to obtain decisive evidence on its being spyware?
- The program has only run as a Normal User on my PC. If it was indeed spyware, how much damage could it have caused, and how could I possibly mitigate from the damage (e.g. What kinds of backdoors could it have left as a Normal User)?
I sincerely appreciate any insight you provide and your time in advance.
