| 文件名 | xv2ins.exe |
| 文件类型 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.185.174 |
| 数据库版本 | 2024-08-21 21:00:18 UTC |
恶意软件家族: Puwaders
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
a9005ec3f944caf317e52ccc2c20ceb9
|
|
| SHA1 |
77b402944402a60bb029113985c68a887f33fdc9
|
|
| SHA256 |
0a5ae2a260dd8caef4017da319e090add8a97d7c2d2bd98201187eb9a45022e3
|
|
| SHA512 |
af049d0abe4ceacb82096cc9a2cb0debccdfd9cc4897b5f2d15f8f72d5c34095ad355de07a405fd2438359515c1d0eb9d56b2a037df906c0d7364d4b4a045c24
|
|
| ImpHash |
6dab3cc5aeb87c69cd2d0b580fe0ad71
|
| 图标 |
哈希: f89f02481122f9f0ab3e94f2e6440d99
模糊: 907f3dfd1d75b63edbca430a87d65aad dHash: 406da1b1f072a340 |
| 映像基址 | 0x140000000 |
| 入口点 | 0x140958494 |
| 编译时间 | 2024-08-18 06:03:10 |
| 校验和 | 0x00000000 (实际: 0x01079e70) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 数字签名 | The PE file does not contain a certificate table. |
| 导入 | 11 库 |
| 导出 | 0 函数 |
| 资源 | 17 资源 |
| 节 | 8 节 |
| CompanyName | |
| FileDescription | |
| FileVersion | 0.0.0.0 |
| LegalCopyright | |
| OriginalFilename | xv2ins.exe |
| ProductName | xv2ins |
| ProductVersion | 0.0.0.0 |
| Translation | 0x0409 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
10,364,848 bytes | 10,364,928 bytes | 6.47 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
B5E18D086CB0AEC5CC2023985C0ADDDF |
.rdata |
0x009e4000 |
5,915,734 bytes | 5,916,160 bytes | 5.81 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
336FF986B2DD7D7EBFD5256D8C0B0882 |
.data |
0x00f89000 |
165,008 bytes | 99,840 bytes | 3.96 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
EBF17F5F6F5030CD63CC2E57F73F2B0C |
.pdata |
0x00fb2000 |
557,352 bytes | 557,568 bytes | 6.58 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
BC00ECB7C5A5CF0541BADDB145408082 |
.qtmetad |
0x0103b000 |
2,420 bytes | 2,560 bytes | 4.46 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ
|
5A89278E1F4FC659253641CCCB262732 |
_RDATA |
0x0103c000 |
528 bytes | 1,024 bytes | 2.07 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
2807F6F5F00EC172B54E145F941BF4D3 |
.rsrc |
0x0103d000 |
237,928 bytes | 238,080 bytes | 4.87 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
8B5AD9152C38060A8B4DC39F9D412BB5 |
.reloc |
0x01078000 |
58,540 bytes | 58,880 bytes | 5.46 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
ACEA1CCF0C463EBEB178A6C1BDD4FB9D |
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 14 | 235,573 字节 | |
| RT_GROUP_ICON | 1 | 202 字节 | |
| RT_VERSION | 1 | 540 字节 | |
| RT_MANIFEST | 1 | 638 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The PE file does not contain a certificate table.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
