| 文件名 | EasyAntiCheat_EO.exe |
| 文件类型 |
PE32 executable (console) Intel 80386, for MS Windows
|
| 扫描器版本 | 1.0.150.174 |
| 数据库版本 | 2023-11-29 08:01:03 UTC |
恶意软件家族: Sabsik
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
cc43aa06e8809eac850312c49a20afd6
|
|
| SHA1 |
2f5766333a259e81c421e5b288c678ed19d34af7
|
|
| SHA256 |
04a076e5c404ecbae1fefcf33d61caa185c6dffcbba53966678e91e550937712
|
|
| SHA512 |
62217db74d33c954a070024e03297f38a8a6cb92e23f06692af17ddca1bc58426aca548c3822449098dbd2e1baeceb6b3a62d80867e292d9ab144ea205181e53
|
|
| ImpHash |
9207da9a0ce5c03fd6793615b1132500
|
| 映像基址 | 0x00400000 |
| 入口点 | 0x004011d1 |
| 编译时间 | 2023-11-28 11:25:57 |
| 校验和 | 0x00000000 (实际: 0x00180eb2) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32 executable (console) Intel 80386, for MS Windows
|
| PDB 路径 | C:\g0pl36kext3\Internal.pdb |
| 数字签名 | The expected hash does not match the digest in SpcInfo |
| 导入 |
2 库
GDI32, KERNEL32 |
| 导出 | 1 函数 |
| 资源 | 0 资源 |
| 节 | 8 节 |
| DigiCert Assured ID Root CA | DigiCert Inc (US) |
| Thawte Timestamping CA | Symantec Corporation (US) |
| Symantec Time Stamping Services CA - G2 | Symantec Corporation (US) |
| DigiCert SHA2 Assured ID Code Signing CA | Valve (US) |
| DigiCert Assured ID Root CA | DigiCert Inc (US) |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
742,749 bytes | 742,912 bytes | 5.81 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
84748E63FC398B0FC2EE7B0DFD29CFB4 |
.rdata |
0x000b7000 |
107,987 bytes | 108,032 bytes | 4.11 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
69E100579243AFF205FBFBFF4FCF12DB |
.data |
0x000d2000 |
16,784 bytes | 9,216 bytes | 3.29 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
3639BB1A264E2661564D230FE046F887 |
.idata |
0x000d7000 |
4,763 bytes | 5,120 bytes | 4.69 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
546E99D35952315D80AA585416F59A85 |
.BSs |
0x000d9000 |
614,660 bytes | 614,912 bytes | 6.30 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
A428CCE1DA8BCA913BC36433D18DF0AE |
.tls |
0x00170000 |
777 bytes | 1,024 bytes | 0.01 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
C573BD7CEA296A9C5D230CA6B5AEE1A6 |
.00cfg |
0x00171000 |
270 bytes | 512 bytes | 0.11 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
ACC869C89B9D07DEB4EB75665EA5E0B4 |
.reloc |
0x00172000 |
24,171 bytes | 24,576 bytes | 5.88 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
EC74B6467DB30FDDC0D16345ABF88446 |
| 主题 |
DigiCert Assured ID Root CA DigiCert Inc US |
| 颁发者 | DigiCert Assured ID Root CA |
| 序列号 | 17154717934120587862167794914071425081 |
| 主题 |
Symantec Time Stamping Services CA - G2 Symantec Corporation US |
| 颁发者 | Thawte Timestamping CA |
| 序列号 | 168250781398245547403531165097821404219 |
| 主题 |
Symantec Time Stamping Services Signer - G4 Symantec Corporation US |
| 颁发者 | Symantec Time Stamping Services CA - G2 |
| 序列号 | 19688950797630895426199952712430983760 |
| 主题 |
Valve Valve US |
| 颁发者 | DigiCert SHA2 Assured ID Code Signing CA |
| 序列号 | 11031994125476529557404351784660246833 |
| 主题 |
DigiCert SHA2 Assured ID Code Signing CA DigiCert Inc US |
| 颁发者 | DigiCert Assured ID Root CA |
| 序列号 | 5364131601516814570659357524942475272 |
The expected hash does not match the digest in SpcInfo
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
