| 文件名 | ruffle.exe |
| 文件类型 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.172.174 |
| 数据库版本 | 2024-04-21 22:00:32 UTC |
恶意软件家族: Heuristic
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
463ec334bb2394b5184124664fec8793
|
|
| SHA1 |
93b434d752b4191bbcc51843c05c640c12cfc759
|
|
| SHA256 |
0027a583d4344e3db73d9face3bc61ca3bd1d49441bae16b4872fd93576a3c4b
|
|
| SHA512 |
6589c9757bf935ca5484e5a82191ecb675da8463bd6a688619bd64a341caf77d2def886edb7ec7fc2bf52768b3ac780d1df84df6ee0c2ac9c056d8ac5e67340a
|
|
| ImpHash |
ea1fd7c9f1459a961e17cbf42bd68bda
|
| 图标 |
哈希: a2585ba152aa1413444b007f1edb6a8b
模糊: 3b355238e4daf93b23556721eb71acfb dHash: e09998dc2c8c2e16 |
| 映像基址 | 0x140000000 |
| 入口点 | 0x14127afc8 |
| 编译时间 | 2024-04-21 00:15:47 |
| 校验和 | 0x00000000 (实际: 0x01a419fc) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| PDB 路径 | D:\a\ruffle\ruffle\target\x86_64-pc-windows-msvc\release\deps\ruffle_desktop.pdb |
| 数字签名 | The PE file does not contain a certificate table. |
| 导入 | 17 库 |
| 导出 | 7 函数 |
| 资源 | 8 资源 |
| 节 | 10 节 |
| CompanyName | Ruffle |
| FileDescription | Ruffle |
| FileVersion | 0.1.0.0 |
| InternalName | ruffle_desktop.exe |
| LegalCopyright | Copyright (C) 2021 |
| OriginalFilename | ruffle_desktop.exe |
| ProductName | Ruffle |
| ProductVersion | 0.1.0 |
| Translation | 0x0409 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
20,034,534 bytes | 20,034,560 bytes | 6.27 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
0F0054464263FDC691C768020FE8385D |
.rdata |
0x0131d000 |
6,924,492 bytes | 6,924,800 bytes | 6.06 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
0164A6C6E3C680E57F365AC72910B159 |
.data |
0x019b8000 |
85,876 bytes | 32,768 bytes | 2.85 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
6815460C90E6A8834716DC03A22341C6 |
.pdata |
0x019cd000 |
318,324 bytes | 318,464 bytes | 6.52 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
9045AF2CABE051E48FBFBB701D3EB4B8 |
.00cfg |
0x01a1b000 |
56 bytes | 512 bytes | 0.47 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
9AA4A949E7C87786E0A3C66F14E77815 |
.gxfg |
0x01a1c000 |
8,832 bytes | 9,216 bytes | 5.02 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D88D2D5F2778166AA1979A5862310495 |
.tls |
0x01a1f000 |
985 bytes | 1,024 bytes | 0.03 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
9112C8D6DB483527F495AF4B40A79359 |
_RDATA |
0x01a20000 |
500 bytes | 512 bytes | 4.42 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
0E18251A192448870C044C727F5068D5 |
.rsrc |
0x01a21000 |
8,088 bytes | 8,192 bytes | 7.19 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
3289C9B0F989D3E9DEA20725B9CB5B1E |
.reloc |
0x01a23000 |
179,380 bytes | 179,712 bytes | 5.49 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
2AC1622FE7E341905F8A802F7985BA5D |
2 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 6 | 6,755 字节 | |
| RT_GROUP_ICON | 1 | 90 字节 | |
| RT_VERSION | 1 | 696 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The PE file does not contain a certificate table.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
