AfterFXLib dll Trojan Heuristic 文件恶意软件分析: 7412f82611ed71c2a0556a8827379310

AfterFXLib.dll Trojan Heuristic 分析

更新于 1 year ago

检查者 Malware Check

AfterFXLib.dll

哈希类型	值	操作
MD5	7412f82611ed71c2a0556a8827379310
SHA1	f48e7cf06736930f614750c5e2d4dca2baf1e518
SHA256	f4f3e5ee22948694c8bfb998f0d98547385941b8e9541acf1b38400020962e15
SHA512	dbd43aef4d8345d9e46010aac9804429cdf3058d417f266c7a1d6896c6a8c8a62af400579006b630c84e9e4bd14f824725936cd92ae9d9e5489c904ad449f621
ImpHash	1b42dec243d05c7aa3adc91bf822d6ce

哈希类型

值

操作

MD5

7412f82611ed71c2a0556a8827379310

SHA1

f48e7cf06736930f614750c5e2d4dca2baf1e518

SHA256

f4f3e5ee22948694c8bfb998f0d98547385941b8e9541acf1b38400020962e15

SHA512

dbd43aef4d8345d9e46010aac9804429cdf3058d417f266c7a1d6896c6a8c8a62af400579006b630c84e9e4bd14f824725936cd92ae9d9e5489c904ad449f621

ImpHash

1b42dec243d05c7aa3adc91bf822d6ce

PE 分析

基本信息

▼

映像基址	`0x180000000`
入口点	`0x181efc2e4`
编译时间	2023-09-19 20:33:18
校验和	0x03690c4b (实际: 0x0368d6a3)
操作系统版本	6.0
PEiD 签名	`PE32+ executable (DLL) (GUI) x86-64, for MS Windows`
PDB 路径	`D:\releases\dva\build\mb\msvs_win32\Release\x64\intermediate\sym\dva_mp\AfterFXLib\AfterFXLib\AfterFXLib.pdb`
数字签名	The expected hash does not match the digest in SpcInfo
导入	57 库
导出	5076 函数
资源	3034 资源
节	7 节

数字签名

▼

DigiCert Trusted Root G4	DigiCert, Inc. (US)
DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Adobe Inc. (US)

版本信息

▼

CompanyName	Adobe
FileVersion	24.0.0.55
InternalName	AfterFXLib
LegalCopyright	Copyright 1991-2023 Adobe. All rights reserved.
OriginalFilename	AfterFXLib.dll
FileDescription	Adobe After Effects 2024
ProductName	Adobe After Effects 2024
ProductVersion	24.0.0
Build Number	55
Translation	0x0409 0x04b0

PE 节

▼

名称	虚拟地址	虚拟大小	原始大小	熵	特征	MD5
`.text`	`0x00001000`	36,010,382 bytes	36,010,496 bytes	6.63 (压缩)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`B8ED7AFF9BC407FD19C46CA9B4045762`
`.rdata`	`0x02259000`	6,159,532 bytes	6,159,872 bytes	6.26 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`457462FF11A8C5BB005CAA649D927B59`
`.data`	`0x02839000`	1,353,264 bytes	730,624 bytes	3.65 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`874FCF489907C4811FEC056ADF7876FA`
`.pdata`	`0x02984000`	892,980 bytes	893,440 bytes	6.92 (压缩)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`FDCC34F6C471A1CC6605E673E21628EA`
`.itt_not`	`0x02a5f000`	12,495 bytes	12,800 bytes	3.86 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`3CA76F33122F0EC3F91F567AB29964C5`
`.rsrc`	`0x02a63000`	13,132,576 bytes	13,132,800 bytes	7.32 (压缩)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`241A54DAAD8AFA2AA042A6E720D9B488`
`.reloc`	`0x036ea000`	212,084 bytes	212,480 bytes	5.48 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`093F648DBCF943CA4FF74348FE988511`

熵分析警报

3 检测到较高熵（≥6.5）的节 - 可能存在压缩

资源分析

▼

资源总数: 3034 (12,822,659 字节)

资源类型	数量	总大小	百分比
AHT	8	523,612 字节	4.1%
CSV	1	3,217 字节	0%
EVE	215	318,717 字节	2.5%
JPG	1	57,348 字节	0.4%
JSON	1	23,956 字节	0.2%
PNG	2447	6,735,916 字节	52.5%
SVG	329	334,842 字节	2.6%
XML	30	4,823,826 字节	37.6%
RT_VERSION	1	844 字节	0%
RT_MANIFEST	1	381 字节	0%

证书链分析

▼

证书 #1

主题	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 DigiCert, Inc. US
颁发者	DigiCert Trusted Root G4
序列号	`11533403529598586876501374841704918745`

证书 #2

主题	Adobe Inc. Adobe Inc. US
颁发者	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
序列号	`6143550244328334902701064992838462843`

证书验证状态

The expected hash does not match the digest in SpcInfo

建议: 验证文件来源并确保它来自可信的发布者.

发表评论

文件名	AfterFXLib.dll
文件类型	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
扫描器版本	1.0.146.174
数据库版本	2023-11-04 07:00:41 UTC

AfterFXLib.dll Trojan Heuristic 分析

技术分析

Trojan.Heur!.00012032

扫描另一个文件

文件识别