| 文件名 | Far Cry New Dawn v1.0.2 Plus 15 Trainer.exe |
| 文件类型 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.179.174 |
| 数据库版本 | 2024-06-16 13:00:19 UTC |
恶意软件家族: GameHack
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
235aafecc053db3c7605eb3f11d62546
|
|
| SHA1 |
5d9afb95e0cfbb55b1341b959ed6757db1745131
|
|
| SHA256 |
00951dee7c5fb0f2fec89b6e93de853db4abd6bd39e31f58c9f15f1ee9955c42
|
|
| SHA512 |
51719d2eeebd02179b1e1db5cb4af5da49c6b588955032c0a9ec46942403e37646ed7c7b4652adb02e7139b8b967f2d55fa5d5c10b86569996655c851003605c
|
|
| ImpHash |
0ba617804ce6d9a5e688d75962db0e2e
|
| 图标 |
哈希: 0ba2d793e22fa06db80e1e35d71acfad
模糊: c006c3aa0e4b6640c9b325e553adba39 dHash: 70f8fcfafeaeaaf0 |
| 映像基址 | 0x140000000 |
| 入口点 | 0x1400439f0 |
| 编译时间 | 2019-02-15 13:42:52 |
| 校验和 | 0x00000000 (实际: 0x0017c070) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 数字签名 | The PE file does not contain a certificate table. |
| 导入 |
9 库
KERNEL32, USER32, GDI32, SHELL32, ole32, gdiplus, WINMM, COMCTL32, VERSION |
| 导出 | 0 函数 |
| 资源 | 40 资源 |
| 节 | 6 节 |
| CompanyName | 3DMGAME |
| FileDescription | FLiNG@3DMGAME Presents - Far Cry New Dawn v1.0.2 Plus 15 Trainer |
| FileVersion | 1.0.0.1 |
| InternalName | Far Cry New Dawn v1.0.2 Plus 15 Trainer |
| LegalCopyright | 风灵月影 (FLiNG@3DMGAME) Copyright (C) 2019 |
| OriginalFilename | Far Cry New Dawn v1.0.2 Plus 15 Trainer.exe |
| ProductName | Far Cry New Dawn v1.0.2 Plus 15 Trainer |
| ProductVersion | 1.0.627.0 |
| Translation | 0x0000 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
552,916 bytes | 552,960 bytes | 6.46 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
3EB58B2ACAB4A7301D68F8A1252D7B21 |
.rdata |
0x00088000 |
198,788 bytes | 199,168 bytes | 4.82 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
479E8592F963E67BE09EB2C9CF99FDEC |
.data |
0x000b9000 |
23,564 bytes | 13,824 bytes | 4.21 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
B1C43639428112202ECFAC4B8A493AE5 |
.pdata |
0x000bf000 |
26,316 bytes | 26,624 bytes | 5.86 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
3EEBB13EE17EBACB5B2A565AD83A6585 |
.rsrc |
0x000c6000 |
755,544 bytes | 755,712 bytes | 7.35 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
6669872C3EAFD04A851827F6E607AC46 |
.reloc |
0x0017f000 |
5,752 bytes | 6,144 bytes | 5.32 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
1BF7B190C60B939F29F271A2E562A847 |
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| MID | 1 | 32,445 字节 | |
| PNG | 21 | 287,838 字节 | |
| REMOTE | 2 | 296,452 字节 | |
| WAVE | 2 | 22,222 字节 | |
| RT_ICON | 9 | 112,476 字节 | |
| RT_ACCELERATOR | 1 | 16 字节 | |
| RT_GROUP_ICON | 2 | 138 字节 | |
| RT_VERSION | 1 | 1,012 字节 | |
| RT_MANIFEST | 1 | 653 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The PE file does not contain a certificate table.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
