比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2024-04-26 14:26:39 2024-04-26 14:28:55 136 秒

魔盾分数

5.25

可疑的

文件详细信息

文件名 AMCap.exe
文件大小 225288 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 de6f90beb799756d3557523efb2fd4fe
SHA1 65e6f6b1489d343c4aa0fb955ba4e563f4abeb83
SHA256 d7f8e691607144458d4aa0e79fa6401efc5b65048d6f61b2a409568006f2922f
SHA512 44c547d0ccaabb822acb93e5c461813377fa18aff3bf900d57d86708176772d7859f4cc767ebee4b68524f96d1a9412e08c875ade241cc36a4a4ac8eccc84cbb
CRC32 53ED1D8D
Ssdeep 3072:c0zxKcJC3dgjIb1WZs0wda85U7hp67l69HWpbCgJd0rFYqe2eoOEYTjkvNIaAkJz:nxdUg8UqCql69HggrFYqe2eNvgNIM4
Yara 登录查看Yara规则
找不到该样本 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0041d7f1
声明校验值 0x00000000
实际校验值 0x00041000
最低操作系统版本要求 4.0
PDB路径 d:\Sources\Personal\AMCap\Release\amcap.pdb
编译时间 2005-11-03 19:17:28
载入哈希 4160b4fc624e437bdae2bc907b0fabf6

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0002737f 0x00028000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.47
.rdata 0x00029000 0x0000780a 0x00008000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.31
.data 0x00031000 0x00003cb8 0x00002000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2.78
.rsrc 0x00035000 0x00003368 0x00004000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.90

覆盖

偏移量 0x00037000
大小 0x00000008

导入

库: WINMM.dll:
0x429400 timeGetTime
0x429404 timeSetEvent
库: MSACM32.dll:
0x429240 acmFormatChooseA
0x429244 acmMetrics
库: OLEPRO32.DLL:
0x429264 None
库: RPCRT4.dll:
0x42926c RpcStringFreeA
0x429270 UuidFromStringA
0x429274 UuidToStringA
库: VERSION.dll:
0x4293f0 GetFileVersionInfoA
0x4293f4 VerQueryValueA
库: COMCTL32.dll:
0x429024 CreateToolbarEx
库: KERNEL32.dll:
0x42907c RaiseException
0x429088 SizeofResource
0x42908c LockResource
0x429090 LoadResource
0x429094 FindResourceA
0x429098 FindResourceExA
0x42909c MulDiv
0x4290a0 GetDiskFreeSpaceA
0x4290a4 FreeLibrary
0x4290a8 LoadLibraryA
0x4290ac GetFullPathNameA
0x4290b0 GetFileSize
0x4290b4 lstrcmpiA
0x4290b8 lstrlenW
0x4290bc lstrlenA
0x4290cc GlobalFree
0x4290d0 GlobalUnlock
0x4290d4 GlobalHandle
0x4290d8 GlobalLock
0x4290dc GlobalAlloc
0x4290e0 GetModuleFileNameA
0x4290e4 LoadLibraryExA
0x4290e8 IsDBCSLeadByte
0x4290ec GetCurrentProcessId
0x4290f0 Sleep
0x4290f4 GetCommandLineA
0x429100 GetFileAttributesA
0x429104 GetLocalTime
0x429118 WriteFile
0x42911c CreateEventA
0x429120 WideCharToMultiByte
0x429124 WaitForSingleObject
0x429128 ResetEvent
0x42912c GetCurrentThreadId
0x429130 SetThreadPriority
0x429134 GetThreadPriority
0x429138 GetCurrentThread
0x429140 GetTickCount
0x429144 CreateThread
0x429148 CreateSemaphoreA
0x42914c VirtualQuery
0x429150 GetSystemInfo
0x429154 VirtualAlloc
0x429158 VirtualProtect
0x42915c ExitProcess
0x429160 GetProcessHeap
0x429164 HeapSize
0x429168 HeapReAlloc
0x42916c HeapFree
0x429170 HeapAlloc
0x429174 HeapDestroy
0x429178 LocalAlloc
0x429180 GetOEMCP
0x429184 GetCPInfo
0x429188 TlsAlloc
0x42918c SetLastError
0x429190 TlsFree
0x429194 TlsSetValue
0x429198 TlsGetValue
0x42919c GetStdHandle
0x4291b4 SetHandleCount
0x4291b8 GetFileType
0x4291bc IsBadReadPtr
0x4291c0 IsBadCodePtr
0x4291c4 LCMapStringA
0x4291c8 LCMapStringW
0x4291cc GetStringTypeA
0x4291d0 GetStringTypeW
0x4291d4 MultiByteToWideChar
0x4291d8 CreateFileA
0x4291dc ReadFile
0x4291e0 SetFilePointer
0x4291e4 GetLastError
0x4291e8 CloseHandle
0x4291ec GetThreadLocale
0x4291f0 GetLocaleInfoA
0x4291f4 GetACP
0x4291f8 GetCurrentProcess
0x4291fc InterlockedExchange
0x429200 lstrcpynA
0x429204 GetModuleHandleA
0x429208 GetProcAddress
0x42920c GetVersionExA
0x429210 SetStdHandle
0x429214 RtlUnwind
0x429218 GetStartupInfoA
0x429224 HeapCreate
0x429228 VirtualFree
0x42922c IsBadWritePtr
0x429230 TerminateProcess
0x429234 FlushFileBuffers
0x429238 SetEvent
库: USER32.dll:
0x4292ac IsZoomed
0x4292b0 DefWindowProcA
0x4292b4 PostMessageA
0x4292b8 GetMenuItemInfoA
0x4292bc UpdateWindow
0x4292c0 IsCharAlphaA
0x4292c4 IsCharAlphaNumericA
0x4292c8 SetFocus
0x4292cc MessageBeep
0x4292d0 GetDlgItemTextA
0x4292d4 IsDlgButtonChecked
0x4292d8 SetDlgItemTextA
0x4292dc CheckDlgButton
0x4292e0 GetDlgCtrlID
0x4292e4 SetDlgItemInt
0x4292e8 EnableWindow
0x4292ec EndDialog
0x4292f0 CharNextA
0x4292f4 EnableMenuItem
0x4292f8 InvalidateRect
0x4292fc GetAsyncKeyState
0x429300 SetWindowPlacement
0x429304 GetMenuItemCount
0x429308 MoveWindow
0x42930c EndPaint
0x429310 BeginPaint
0x429314 PostQuitMessage
0x429318 CreateWindowExA
0x42931c SetMenuItemInfoA
0x429320 GetKeyState
0x429324 MessageBoxA
0x429328 GetMenu
0x42932c GetQueueStatus
0x429330 RemoveMenu
0x429334 AppendMenuA
0x429338 CreatePopupMenu
0x42933c GetDC
0x429340 ReleaseDC
0x429344 SetTimer
0x429348 GetWindowTextA
0x42934c GetSysColor
0x429350 OpenClipboard
0x429354 EmptyClipboard
0x429358 SetClipboardData
0x42935c CloseClipboard
0x429360 RegisterClassA
0x429364 LoadIconA
0x429368 LoadCursorA
0x42936c LoadAcceleratorsA
0x429370 WaitMessage
0x429374 SetWindowTextA
0x429378 CheckMenuItem
0x42937c DialogBoxParamA
0x429380 GetDlgItem
0x429384 SendMessageA
0x429388 GetClientRect
0x42938c IsWindowVisible
0x429390 GetDesktopWindow
0x429394 GetWindowLongA
0x429398 SetWindowLongA
0x42939c ShowWindow
0x4293a0 SetWindowPos
0x4293a4 KillTimer
0x4293a8 IsRectEmpty
0x4293ac SetRect
0x4293b0 OffsetRect
0x4293b8 GetWindowPlacement
0x4293bc GetWindowRect
0x4293c0 GetSystemMetrics
0x4293c8 PostThreadMessageA
0x4293cc GetSubMenu
0x4293d4 DispatchMessageA
0x4293d8 TranslateMessage
0x4293dc PeekMessageA
0x4293e0 SetRectEmpty
0x4293e8 GetDlgItemInt
库: GDI32.dll:
0x42902c CreateCompatibleDC
0x429030 GetTextMetricsA
0x429034 GetStockObject
0x429038 GetObjectA
0x42903c CreateDIBitmap
0x429040 GetDeviceCaps
0x429044 CreateFontIndirectA
0x429048 CreateFontA
0x42904c CreateSolidBrush
0x429050 PatBlt
0x429054 ExtTextOutA
0x429058 DeleteDC
0x42905c SelectObject
0x429068 SetTextColor
0x42906c SetBkColor
0x429070 TextOutA
0x429074 DeleteObject
库: comdlg32.dll:
0x42940c GetOpenFileNameA
0x429410 GetSaveFileNameA
库: ADVAPI32.dll:
0x429000 RegSetValueExA
0x429004 RegEnumKeyExA
0x429008 RegQueryInfoKeyA
0x42900c RegCloseKey
0x429010 RegOpenKeyExA
0x429014 RegDeleteValueA
0x429018 RegCreateKeyExA
0x42901c RegDeleteKeyA
库: SHELL32.dll:
0x42927c ShellExecuteA
0x429280 SHBrowseForFolderA
0x429284 SHGetMalloc
库: ole32.dll:
0x429448 CoTaskMemFree
0x42944c CoCreateInstance
0x429454 CoTaskMemAlloc
0x429458 CoTaskMemRealloc
0x42945c CreateItemMoniker
0x429460 CreateBindCtx
0x429464 CoInitializeEx
0x429468 CoUninitialize
0x42946c CoInitialize
0x429470 MkParseDisplayName
库: OLEAUT32.dll:
0x42924c SysAllocString
0x429250 SysFreeString
0x429254 VarUI4FromStr
0x429258 VariantClear
0x42925c VariantInit
库: SHLWAPI.dll:
0x429290 PathFindExtensionA
0x429294 PathAddExtensionA
0x429298 PathAppendA
0x42929c PathFileExistsA
0x4292a0 PathFindExtensionW
库: gdiplus.dll:
0x429418 GdipSaveImageToFile
0x42942c GdiplusStartup
0x429430 GdiplusShutdown
0x429434 GdipFree
0x429438 GdipAlloc
0x42943c GdipCloneImage
0x429440 GdipDisposeImage
.text
`.rdata
@.data
.rsrc
HPIQj
j6VRj
L$hQj
D$@PVj
;-|)C
$h((C
VhL(C
VPQUj
u>h|(C
tW9\$ |Qh|)C
t4VWj
L$xQSj
T$$Rj
T$0Rj
SVSQSSSSh
Ah$4C
VQVSj
u#h$4C
D$ Wh
L$,Qj
L$PQSj
SVWUj
u,h\9B
;5DJC
;5DJC
jjjjh
没有防病毒引擎扫描信息!

进程树

AMCap.exe, PID: 2568, 上一级进程 PID: 2236
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.223.198.226 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.223.198.226 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 19.062 seconds )

  • 11.402 Suricata
  • 5.278 NetworkAnalysis
  • 1.51 Static
  • 0.387 peid
  • 0.285 TargetInfo
  • 0.174 BehaviorAnalysis
  • 0.012 AnalysisInfo
  • 0.012 Strings
  • 0.002 Memory

Signatures ( 1.53 seconds )

  • 1.387 proprietary_url_bl
  • 0.022 antiav_detectreg
  • 0.009 infostealer_ftp
  • 0.009 proprietary_domain_bl
  • 0.008 api_spamming
  • 0.006 stealth_decoy_document
  • 0.006 anomaly_persistence_autorun
  • 0.006 stealth_timeout
  • 0.006 antiav_detectfile
  • 0.005 antianalysis_detectreg
  • 0.005 infostealer_im
  • 0.004 geodo_banking_trojan
  • 0.004 infostealer_mail
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 rat_nanocore
  • 0.003 infostealer_bitcoin
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 mimics_filetime
  • 0.002 stealth_file
  • 0.002 reads_self
  • 0.002 shifu_behavior
  • 0.002 antivm_generic_disk
  • 0.002 virus
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.001 bootkit
  • 0.001 antivm_generic_services
  • 0.001 betabot_behavior
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 cerber_behavior
  • 0.001 hancitor_behavior
  • 0.001 bypass_firewall
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 darkcomet_regkeys
  • 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.001 proprietary_bad_drop
  • 0.001 network_cnc_http

Reporting ( 0.535 seconds )

  • 0.501 ReportHTMLSummary
  • 0.034 Malheur
Task ID 744335
Mongo ID 662b49e8dc327b93ad415e88
Cuckoo release 1.4-Maldun