Steam api cdx (Steam Client API (buildbot winslave01 steam rel client win32@winslave01) (buildbot winslave01 steam rel client win32@winslave01)) Valve Corporation 文件恶意软件分析

Steam_api.cdx (Steam Client API (buildbot_winslave01_steam_rel_client_win32@winslave01) (buildbot_winslave01_steam_rel_client_win32@winslave01)) 文件分析

更新于 3 months ago

检查者 Malware Check

steam_api.cdx

哈希类型	值	操作
MD5	f9516209e964458e94168d50a4a0b33c
SHA1	30f4f15b00c161efb8beaabef0b46f8fc118db9c
SHA256	0905dab606589c0e9eaf569e978b6533ca2dde01d8c15468591aea8f489b828c
SHA512	fa628582478551ac6ea6407006b0b423a9e3cb8bfe785daff7f2789079d912cde30de44efff6efe657af74e6f951c6ce3fa2025a9dd340da266447a1f285e9fe
ImpHash	fd892ff33cc2f61d075e68b440622663

哈希类型

值

操作

MD5

f9516209e964458e94168d50a4a0b33c

SHA1

30f4f15b00c161efb8beaabef0b46f8fc118db9c

SHA256

0905dab606589c0e9eaf569e978b6533ca2dde01d8c15468591aea8f489b828c

SHA512

fa628582478551ac6ea6407006b0b423a9e3cb8bfe785daff7f2789079d912cde30de44efff6efe657af74e6f951c6ce3fa2025a9dd340da266447a1f285e9fe

ImpHash

fd892ff33cc2f61d075e68b440622663

PE 分析

基本信息

▼

映像基址	`0x3b400000`
入口点	`0x3b4069cb`
编译时间	2011-07-25 17:23:05
校验和	0x00021258 (实际: 0x00021258)
操作系统版本	4.0
PEiD 签名	`PE32 executable (DLL) (GUI) Intel 80386, for MS Windows`
PDB 路径	`d:\buildslave\steam_rel_client_win32\build\src\steam_api\Release\steam_api.pdb`
数字签名	Chain verification from CN=Valve, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Valve, ST=Washington, C=US (serial:164773371458459290110603488100872510238, sha1:ce5ae98633be96d6244f13409492d8e77f7016ea) failed: The path could not be validated because intermediate certificate 1 expired 2019-05-20 23:59:59Z
导入	3 库 KERNEL32, ADVAPI32, SHELL32
导出	56 函数
资源	3 资源
节	5 节

版本信息

▼

LegalCopyright	Copyright (C) 2007
InternalName	Steam Client API
FileVersion	01.14.66.23
CompanyName	Valve Corporation
ProductVersion	01.00.00.01
FileDescription	Steam Client API (buildbot_winslave01_steam_rel_client_win32@winslave01) (buildbot_winslave01_steam_rel_client_win32@winslave01)
Source Control ID	1146623
OriginalFilename	steam_api.dll
ProductName	Steam Client API
Translation	0x0409 0x04b0
CompanyName	Valve Corporation
FileDescription	Steam Client API
FileVersion	1, 0, 0, 1
InternalName	Steam Client API
LegalCopyright	Copyright (C) 2007
OriginalFilename	steam_api.dll
ProductName	Steam Client API
ProductVersion	1, 0, 0, 1
Translation	0x0409 0x04b0

PE 节

▼

名称	虚拟地址	虚拟大小	原始大小	熵	特征	MD5
`.text`	`0x00001000`	73,310 bytes	73,728 bytes	6.64 (压缩)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`939703233B2196E952B059235B8F68AB`
`.rdata`	`0x00013000`	16,333 bytes	16,384 bytes	5.53 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`1DB471FB99ADED980546543CBDC9A765`
`.data`	`0x00017000`	12,804 bytes	8,192 bytes	1.80 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`A3A316061EE2B421A0F8025EA842526D`
`.rsrc`	`0x0001b000`	2,044 bytes	4,096 bytes	4.00 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`DFE4F7644638E0E7FAD0B2CF17283996`
`.reloc`	`0x0001c000`	7,174 bytes	8,192 bytes	4.27 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`A065FF3250650185163E6194637C89B4`

熵分析警报

1 检测到较高熵（≥6.5）的节 - 可能存在压缩

资源分析

▼

资源总数: 3 (1,811 字节)

资源类型	数量	总大小	百分比
SCID	1	7 字节	0.4%
RT_VERSION	2	1,804 字节	99.6%

证书链分析

▼

证书 Information

产品	Steam Client API
描述	Steam Client API (buildbot_winslave01_steam_rel_client_win32@winslave01) (buildbot_winslave01_steam_rel_client_win32@winslave01)
文件版本	01.14.66.23
原始名称	steam_api.dll
验证状态	A certificate was explicitly revoked by its issuer.
签名者	Valve; VeriSign Class 3 Code Signing 2009-2 CA; VeriSign Class 3 Public Primary CA
内部名称	Steam Client API
版权	Copyright (C) 2007

证书链摘要

证书 #1 主要

有效期: 1996-01-29 00:00:00 → 2028-08-01 23:59:59

签名算法: 1.2.840.113549.1.1.2

序列号: 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF

Valve #2 链

有效期: 2009-11-25 00:00:00 → 2012-11-23 23:59:59

签名算法: sha1RSA

序列号: 7B F6 32 6F 70 CB EC 34 0B F2 D1 86 8F E6 5B 1E

VeriSign Class 3 Code Signing 2009-2 CA #3 链

有效期: 2009-05-21 00:00:00 → 2019-05-20 23:59:59

签名算法: sha1RSA

序列号: 65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C

✓ 此文件已进行数字签名，证书链已验证。

签名确保文件的完整性和发布者的真实性。
时间戳证明签名的应用时间。

证书验证状态

Chain verification from CN=Valve, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Valve, ST=Washington, C=US (serial:164773371458459290110603488100872510238, sha1:ce5ae98633be96d6244f13409492d8e77f7016ea) failed: The path could not be validated because intermediate certificate 1 expired 2019-05-20 23:59:59Z

建议: 验证文件来源并确保它来自可信的发布者.

发表评论

文件名	steam_api.cdx
文件类型	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
扫描器版本	1.0.226.174
数据库版本	2025-09-28 18:00:33 UTC

Steam_api.cdx (Steam Client API (buildbot_winslave01_steam_rel_client_win32@winslave01) (buildbot_winslave01_steam_rel_client_win32@winslave01)) 文件分析

技术分析

干净文件

扫描另一个文件

文件识别