| 文件名 | EMP.dll |
| 文件类型 |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.190.174 |
| 数据库版本 | 2024-09-22 14:00:25 UTC |
恶意软件家族: GameHack
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
d90b6219918c6142174fbac8ffbccaeb
|
|
| SHA1 |
ea5fe96f0dcbb08f1ea8bf14aa1158a8535efe86
|
|
| SHA256 |
0aaa04c369f8377430ca14b24ab196da9fb0b012f71c22e2d1e62a928a7d2176
|
|
| SHA512 |
e30a9bcbf41a32297f6bb6c361bf21c611d684af2bec93ceabf170dbcfc2cb3993b14c2d2017cbc448c73fd3a08759171ab130f1b20fa011a9b28b6f021e0cef
|
|
| ImpHash |
fc7124d57387852c0a6a634e9130bf57
|
| 映像基址 | 0x13000000 |
| 入口点 | 0x13001334 |
| 编译时间 | 2022-02-17 20:24:51 |
| 校验和 | 0x00000000 (实际: 0x004f617b) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
| 数字签名 | The PE file does not contain a certificate table. |
| 导入 |
1 库
KERNEL32 |
| 导出 | 1 函数 |
| 资源 | 1 资源 |
| 节 | 14 节 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
4,096 bytes | 3,584 bytes | 5.35 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
45C249E975C191DE18C9A3D7B61B0E58 |
.rdata |
0x00002000 |
4,096 bytes | 3,072 bytes | 4.66 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
E29547AEDE5ECA82B4843C8900DEB575 |
.data |
0x00003000 |
4,096 bytes | 512 bytes | 0.45 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
3E54B380C18E9FB1C3756C3724029E08 |
.pdata |
0x00004000 |
4,096 bytes | 512 bytes | 5.90 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
FA2936DE519C38AAEA42F6EED022F577 |
.emp0 |
0x00005000 |
4,096 bytes | 512 bytes | 7.36 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
7348E1C79B7F00317D97D6BF9EA70699 |
.data2 |
0x00006000 |
94,208 bytes | 94,208 bytes | 0.28 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
8BDF4E4AA974B2D868EB2F47788FD2FA |
.EMP |
0x0001d000 |
208,896 bytes | 208,896 bytes | 0.52 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
101778FAED4C6EEA54A1BCAB5B087ABA |
.data3 |
0x00050000 |
626,688 bytes | 626,688 bytes | 0.57 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
69897897448CC745CD4E5EDE01C9AEEA |
.emp1 |
0x000e9000 |
1,115,444 bytes | 1,115,648 bytes | 6.95 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
2245A2D6618FFD2612FD2333DAF73D93 |
.emp0 |
0x001fa000 |
1,036,516 bytes | 1,036,800 bytes | 6.84 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
FA2317DEB8FBC85F5EB8D6BE2DBCF6C3 |
.emp0 |
0x002f8000 |
1,039,668 bytes | 1,039,872 bytes | 6.83 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
042DE33470ADC1FD097265C03B5A1BD6 |
.emp0 |
0x003f6000 |
1,040,468 bytes | 1,040,896 bytes | 6.84 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
BE52C96BC5DF482148375A1BBD707D9A |
.reloc |
0x004f5000 |
648 bytes | 1,024 bytes | 2.93 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
794446769326E8203720F166D85D2437 |
.rsrc |
0x004f6000 |
233 bytes | 512 bytes | 2.53 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
C48F01D70944F8BC1259288C9E5FA8B4 |
5 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_MANIFEST | 1 | 145 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The PE file does not contain a certificate table.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
