| 文件名 | Document09.10.2025.exe |
| 文件类型 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 扫描器版本 | 1.0.228.174 |
| 数据库版本 | 2025-10-23 11:00:19 UTC |
恶意软件家族: Heuristic
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
34ea936136838b5d495f22cac978928b
|
|
| SHA1 |
d12bfc7fc0014642b5ba5bb7ed63c3542f3b9e0e
|
|
| SHA256 |
08b9cbdae903faf88b8027a12eee29265ff9b192b63aaa371d3d095b8ec00de5
|
|
| SHA512 |
4b442f1f9765605abcea17537587d770f86303825750db1e79a1e321c32eb639f1abc4de5eea77f70c8716998854551ade259639c2c2b81dd6f4e276cd2c1bf8
|
|
| ImpHash |
262f7b623746b414d0e9c48c1d61145e
|
| 图标 |
哈希: 3a83b55975e521f1a84cf840d37bca3b
模糊: 8a1aec803df24caad438bbab1806fe39 dHash: 8e8e4971b1b16d74 |
| 映像基址 | 0x00400000 |
| 入口点 | 0x00638960 |
| 编译时间 | 2025-05-13 12:21:22 |
| 校验和 | 0x003f503a (实际: 0x00513960) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| PDB 路径 | C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb |
| 数字签名 | The expected hash does not match the digest in SpcInfo |
| 导入 |
2 库
KERNEL32, imagehlp |
| 导出 | 0 函数 |
| 资源 | 46 资源 |
| 节 | 7 节 |
| CompanyName | FoxitPDFReader2025Personal |
| FileDescription | FoxitPDFReader2025 Installer |
| FileVersion | 1.0.0 |
| InternalName | personalfoxypdf |
| LegalCopyright | Copyright (C) 2025 FoxitPDFReader2025Personal |
| OriginalFileName | personalfoxypdf.exe |
| ProductName | FoxitPDFReader2025 |
| ProductVersion | 1.0.0 |
| Translation | 0x0409 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
2,937,066 bytes | 2,937,344 bytes | 6.46 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
E6253B29D95E12DA6171B9050E185A98 |
.rdata |
0x002cf000 |
777,248 bytes | 777,728 bytes | 5.11 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
46ADEBB50CF214B078E0DB8F4D2AD982 |
.data |
0x0038d000 |
60,148 bytes | 13,824 bytes | 4.52 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
44F8BFBE35B882BD9D84DAEFA0614A28 |
.didat |
0x0039c000 |
1,820 bytes | 2,048 bytes | 4.57 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
07EFD076E6BA3D20E9CEB97990DDB8E9 |
.fptable |
0x0039d000 |
128 bytes | 512 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
BF619EAC0CDF3F68D496EA9344137E8B |
.rsrc |
0x0039e000 |
532,504 bytes | 532,992 bytes | 3.37 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
01B9632626F36C71E5D600F7D27DE0B2 |
.reloc |
0x00421000 |
199,904 bytes | 200,192 bytes | 6.57 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
6CC194268F88C755B41BC6E407E58718 |
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_BITMAP | 6 | 26,098 字节 | |
| RT_ICON | 7 | 371,384 字节 | |
| RT_DIALOG | 5 | 1,198 字节 | |
| RT_STRING | 15 | 11,574 字节 | |
| RT_GROUP_ICON | 1 | 104 字节 | |
| RT_VERSION | 1 | 844 字节 | |
| RT_HTML | 10 | 116,775 字节 | |
| RT_MANIFEST | 1 | 2,067 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The expected hash does not match the digest in SpcInfo
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
