比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2021-11-22 19:14:18 2021-11-22 19:14:52 34 秒

魔盾分数

1.4

正常的

文件详细信息

文件名 Caption.exe
文件大小 122880 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 3aff8124816a87cc1819fcc48f9189ab
SHA1 6268e30da98bfd3d482b5c4062f423578b340ead
SHA256 cc7c61288b469c45f0c215dd5ebceacd09485fdee3b8034245d26bebe1a451d2
SHA512 692de100e3164137c1c8fc06ccca4f8548097618037e74f3f4b49618a0408dea457f63b90cc75ff11fadc0373c8f1a532ae44ecd5f76044b043a9735f4e86678
CRC32 05A17FAF
Ssdeep 1536:bNpXUlzE0TmP1NQZ4L+9zeHBU51dHiWcSrhyO4s/a+yWktETkcQa:bNNekuI+9zGBUvdHBrhf4s/a+YtqOa
Yara 登录查看Yara规则
找不到该样本 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00404b52
声明校验值 0x00000000
实际校验值 0x0002281a
最低操作系统版本要求 4.0
编译时间 2019-08-14 09:10:43
载入哈希 7c3404dec2c0e01a72742886cd7004c1

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0001368e 0x00014000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.49
.rdata 0x00015000 0x00003d46 0x00004000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.74
.data 0x00019000 0x0001365c 0x00004000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2.46
.rsrc 0x0002d000 0x00000358 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.57

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_VERSION 0x0002d058 0x00000300 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.36 data

导入

库: ADVAPI32.dll:
0x415004 CryptCreateHash
0x415008 CryptReleaseContext
0x41500c CryptHashData
0x415010 CryptDestroyHash
0x415014 CryptGetHashParam
0x415018 RegCloseKey
0x41501c RegOpenKeyExA
0x415020 RegSetValueExA
0x415024 RegCreateKeyExA
库: KERNEL32.dll:
0x415098 GetCPInfo
0x41509c GetOEMCP
0x4150a0 GetCommandLineA
0x4150a4 RtlUnwind
0x4150a8 TerminateProcess
0x4150ac RaiseException
0x4150b0 HeapSize
0x4150b4 GetACP
0x4150c8 SetHandleCount
0x4150cc GetStdHandle
0x4150d0 GetFileType
0x4150d8 GetVersionExA
0x4150dc HeapDestroy
0x4150e0 HeapCreate
0x4150e4 VirtualFree
0x4150e8 VirtualAlloc
0x4150ec IsBadWritePtr
0x4150f4 LCMapStringW
0x4150f8 GetStringTypeA
0x4150fc GetStringTypeW
0x415100 IsBadCodePtr
0x415104 SetStdHandle
0x415108 FlushFileBuffers
0x41510c SetFilePointer
0x415110 GetModuleHandleA
0x415114 ExitProcess
0x415118 HeapAlloc
0x41511c HeapReAlloc
0x415120 HeapFree
0x415124 IsBadReadPtr
0x415128 WriteFile
0x41512c GetCurrentProcess
0x415130 SetErrorMode
0x415134 GetProcessVersion
0x415138 LoadLibraryA
0x41513c FreeLibrary
0x415140 GetVersion
0x415144 GlobalGetAtomNameA
0x415148 GlobalAddAtomA
0x41514c GlobalFindAtomA
0x415150 GetLastError
0x415154 GetProcAddress
0x415158 SetLastError
0x41515c MultiByteToWideChar
0x415160 WideCharToMultiByte
0x415168 lstrcpyA
0x41516c GetModuleFileNameA
0x415170 lstrcatA
0x41517c GlobalFlags
0x415180 GetProcessHeap
0x415184 lstrlenA
0x415188 lstrcpynA
0x41518c TlsGetValue
0x415190 LocalReAlloc
0x415194 TlsSetValue
0x41519c GlobalReAlloc
0x4151a4 TlsFree
0x4151a8 GlobalHandle
0x4151ac GlobalUnlock
0x4151b0 GlobalFree
0x4151b8 TlsAlloc
0x4151c0 LocalFree
0x4151c4 LocalAlloc
0x4151c8 GlobalLock
0x4151cc GlobalAlloc
0x4151d0 GlobalDeleteAtom
0x4151d4 lstrcmpA
0x4151d8 lstrcmpiA
0x4151dc GetCurrentThread
0x4151e0 GetCurrentThreadId
0x4151e4 LCMapStringA
0x4151e8 GetStartupInfoA
0x4151ec CreateProcessA
0x4151f0 WaitForSingleObject
0x4151f4 CreateFileA
0x4151f8 GetFileSize
0x4151fc ReadFile
0x415204 CloseHandle
库: USER32.dll:
0x415210 SetForegroundWindow
0x415214 GetForegroundWindow
0x415218 GetMessagePos
0x41521c GetMessageTime
0x415220 DefWindowProcA
0x415224 RemovePropA
0x415228 CallWindowProcA
0x41522c GetPropA
0x415230 SetPropA
0x415234 GetClassLongA
0x415238 CreateWindowExA
0x41523c DestroyWindow
0x415240 GetMenuItemID
0x415244 GetSubMenu
0x415248 GetMenu
0x41524c RegisterClassA
0x415250 GetClassInfoA
0x415254 WinHelpA
0x415258 GetCapture
0x41525c GetTopWindow
0x415260 CopyRect
0x415264 GetClientRect
0x415268 AdjustWindowRectEx
0x41526c GetSysColor
0x415270 MapWindowPoints
0x415274 LoadIconA
0x415278 LoadCursorA
0x41527c GetSysColorBrush
0x415280 LoadStringA
0x415284 DestroyMenu
0x415288 IsIconic
0x41528c GetWindowPlacement
0x415290 GetSystemMetrics
0x415294 SetFocus
0x415298 ShowWindow
0x41529c SetWindowPos
0x4152a0 SetWindowLongA
0x4152a4 GetDlgItem
0x4152a8 GrayStringA
0x4152ac DrawTextA
0x4152b0 TabbedTextOutA
0x4152b4 ReleaseDC
0x4152b8 GetDC
0x4152bc GetMenuItemCount
0x4152c0 UnhookWindowsHookEx
0x4152c4 GetWindowTextA
0x4152c8 SetWindowTextA
0x4152cc GetWindow
0x4152d0 GetDlgCtrlID
0x4152d4 GetWindowRect
0x4152d8 PtInRect
0x4152dc GetClassNameA
0x4152e4 GetMenuState
0x4152e8 ModifyMenuA
0x4152ec SetMenuItemBitmaps
0x4152f0 CheckMenuItem
0x4152f4 EnableMenuItem
0x4152f8 GetFocus
0x4152fc GetNextDlgTabItem
0x415300 GetActiveWindow
0x415304 GetKeyState
0x415308 CallNextHookEx
0x41530c ValidateRect
0x415310 IsWindowVisible
0x415314 GetCursorPos
0x415318 SetWindowsHookExA
0x41531c GetParent
0x415320 GetLastActivePopup
0x415324 IsWindowEnabled
0x415328 GetWindowLongA
0x41532c EnableWindow
0x415330 SetCursor
0x415334 SendMessageA
0x415338 PostMessageA
0x41533c PostQuitMessage
0x415340 PeekMessageA
0x415344 GetMessageA
0x415348 TranslateMessage
0x41534c DispatchMessageA
0x415354 wsprintfA
0x415358 MessageBoxA
0x41535c ClientToScreen
0x415360 LoadBitmapA
0x415364 UnregisterClassA
库: GDI32.dll:
0x415034 SaveDC
0x415038 RestoreDC
0x41503c SelectObject
0x415040 GetStockObject
0x415044 SetBkColor
0x415048 SetTextColor
0x41504c SetMapMode
0x415050 SetViewportOrgEx
0x415054 OffsetViewportOrgEx
0x415058 SetViewportExtEx
0x41505c ScaleViewportExtEx
0x415060 SetWindowExtEx
0x415064 ScaleWindowExtEx
0x415068 GetClipBox
0x41506c DeleteDC
0x415070 GetDeviceCaps
0x415074 PtVisible
0x415078 RectVisible
0x41507c TextOutA
0x415080 ExtTextOutA
0x415084 Escape
0x415088 GetObjectA
0x41508c CreateBitmap
0x415090 DeleteObject
库: WINSPOOL.DRV:
0x41536c DocumentPropertiesA
0x415370 ClosePrinter
0x415374 OpenPrinterA
库: COMCTL32.dll:
0x41502c None
.text
`.rdata
@.data
.rsrc
L$$PQh
8`}<j
t_hd^A
tNhT^A
t=h@^A
t,h,^A
QQSVWj
SVWUj
Ph$cA
[Sh,hA
"WWSh(hA
^Vh,hA
PVh(hA
u-h,-A
CWinApp
PreviewPages
Settings
CWinThread
CCmdTarget
combobox
software
CObject
CTempGdiObject
CTempDC
CGdiObject
CUserException
CResourceException
CNotSupportedException
CMemoryException
CException
CTempWnd
AfxOldWndProc423
AfxWnd42s
AfxControlBar42s
AfxMDIFrame42s
AfxFrameOrView42s
AfxOleControl42s
GetMonitorInfoA
EnumDisplayMonitors
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
GetSystemMetrics
USER32
DISPLAY
commctrl_DragListMsg
InitCommonControlsEx
COMCTL32.DLL
CMapPtrToPtr
CTempMenu
CMenu
H:mm:ss
dddd, MMMM dd, yyyy
M/d/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
__GLOBAL_HEAP_SELECTED
__MSVCRT_HEAP_SELECT
runtime error
Microsoft Visual C++ Runtime Library
Program:
<program name unknown>
`h````
(null)
GAIsProcessorFeaturePresent
KERNEL32
e+000
frexp
_hypot
_cabs
ldexp
floor
atan2
log10
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
1#QNAN
1#INF
1#IND
1#SNAN
CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
ADVAPI32.dll
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
CloseHandle
ReadFile
GetFileSize
CreateFileA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
LCMapStringA
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
LocalAlloc
LocalFree
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
lstrcpynA
lstrlenA
GlobalFlags
InterlockedDecrement
WritePrivateProfileStringA
lstrcatA
lstrcpyA
InterlockedIncrement
WideCharToMultiByte
MultiByteToWideChar
SetLastError
GetProcAddress
GetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
FreeLibrary
LoadLibraryA
GetProcessVersion
SetErrorMode
GetCurrentProcess
WriteFile
SetFilePointer
FlushFileBuffers
GetCPInfo
GetOEMCP
GetCommandLineA
RtlUnwind
TerminateProcess
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
KERNEL32.dll
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
PostQuitMessage
PostMessageA
SendMessageA
SetCursor
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetClassNameA
PtInRect
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
SetWindowTextA
GetWindowTextA
UnhookWindowsHookEx
GetMenuItemCount
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SetWindowLongA
SetWindowPos
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
USER32.dll
CreateBitmap
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
GDI32.dll
comdlg32.dll
ClosePrinter
DocumentPropertiesA
OpenPrinterA
WINSPOOL.DRV
SHELL32.dll
COMCTL32.dll
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
UnregisterClassA
\Caption.dat
"@0123456789ABCDEF
@advapi32.dll
CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
error
%I64d
.?AVCNoTrackObject@@
.?AV_AFX_WIN_STATE@@
.?AVCObject@@
.?AVCCmdTarget@@
.?AVCWinThread@@
.?AVCWinApp@@
.PAVCException@@
.?AV_AFX_CTL3D_STATE@@
.?AV_AFX_CTL3D_THREAD@@
.?AVCCmdUI@@
.?AUCThreadData@@
.?AV_AFX_THREAD_STATE@@
.?AVAFX_MODULE_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AV_AFX_BASE_MODULE_STATE@@
.?AVCDC@@
.?AVCGdiObject@@
.?AVCTempDC@@
.?AVCTempGdiObject@@
.PAVCObject@@
.PAVCSimpleException@@
.?AVCException@@
.?AVCSimpleException@@
.?AVCResourceException@@
.?AVCUserException@@
.PAVCMemoryException@@
.?AVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCWnd@@
.?AVCTestCmdUI@@
.?AVCTempWnd@@
.?AVCHandleMap@@
.?AVCMapPtrToPtr@@
.?AVCMenu@@
.?AVCTempMenu@@
.?AVtype_info@@
(null)
VS_VERSION_INFO
StringFileInfo
080404B0
FileVersion
7.1.33.0
FileDescription
Microsoft Caption
ProductName
Caption
ProductVersion
7.1.33.0
CompanyName
Microsoft Corporation. All rights reserved.
LegalCopyright
Comments
Microsoft Caption
VarFileInfo
Translation
没有防病毒引擎扫描信息!

进程树

Caption.exe, PID: 2472, 上一级进程 PID: 2172
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 96.16.122.56 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 96.16.122.56 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 13.781 seconds )

  • 11.003 Suricata
  • 1.17 NetworkAnalysis
  • 0.626 Static
  • 0.456 peid
  • 0.307 TargetInfo
  • 0.115 Strings
  • 0.092 AnalysisInfo
  • 0.01 BehaviorAnalysis
  • 0.002 Memory

Signatures ( 1.415 seconds )

  • 1.334 md_url_bl
  • 0.012 antiav_detectreg
  • 0.008 md_domain_bl
  • 0.005 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.005 infostealer_ftp
  • 0.005 ransomware_extensions
  • 0.004 geodo_banking_trojan
  • 0.004 ransomware_files
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 cerber_behavior
  • 0.001 antivm_xen_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.498 seconds )

  • 0.462 ReportHTMLSummary
  • 0.036 Malheur
Task ID 665931
Mongo ID 619b7bc87e769a47ca43a586
Cuckoo release 1.4-Maldun