| 文件名 | RelievednUtility.exe |
| 文件类型 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 扫描器版本 | 1.0.214.174 |
| 数据库版本 | 2025-04-20 12:00:21 UTC |
恶意软件家族: Snackarcin
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
ec994e79c68d77e9b77143d0f226fecf
|
|
| SHA1 |
774f93d83ce93d2bee6bcef4e572a7d8ce780e21
|
|
| SHA256 |
0fedb4f68e7b2ebd9e5ad528a6cbf7a13a24db8151f9de406a312dbfad480385
|
|
| SHA512 |
5914c77bc62259692ec288be19b2c3c70e4815597b34baff00ecb3421c79dd5fa1eb5cfcc79286accccc01f24494d233f578321e130cbf4ebfefd02d29aa6b73
|
|
| ImpHash |
07d814e7d8cc61cb322a6e969e6cd9a9
|
| 图标 |
哈希: 48d11cda09a6850053dbf993dc2f4d0f
模糊: 7f67303312a8d0f0595ecef7483f9758 dHash: f0cc8accccc8ccf0 |
| 映像基址 | 0x00400000 |
| 入口点 | 0x00401000 |
| 编译时间 | 2024-07-19 10:06:35 |
| 校验和 | 0x00739712 (实际: 0x00739712) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 数字签名 | Chain verification from CN=Mack Digital Marking, O=Mack Digital Marking, L=Louisville, ST=Kentucky, C=US (serial:70278419066089289210186250749142083321, sha1:cf8cbc9477d83e35b7ca8753881f92c301f4b61f) failed: The path could not be validated because the end-entity certificate expired 2023-12-28 07:42:30Z |
| 导入 | 22 库 |
| 导出 | 0 函数 |
| 资源 | 133 资源 |
| 节 | 8 节 |
| CompanyName | Lucky Breath decision |
| FileDescription | Lucky Breath |
| FileVersion | 7.1.10.18 |
| LegalCopyright | Copyright (c) 2022 Lucky Breath decision |
| OriginalFilename | LuckyBreathApplication.exe |
| ProductName | Lucky Breath |
| ProductVersion | 7.1.10.18 |
| Translation | 0x0409 0x04e4 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
|
0x00001000 |
36,274,176 bytes | 6,356,992 bytes | 8.00 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
EB8B5C48F6430D0A0D50FB367917EA9E |
|
0x02299000 |
946,176 bytes | 337,408 bytes | 8.00 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
3F92821B5807CA5CADACD4C28B41DCB2 |
|
0x02380000 |
118,784 bytes | 7,680 bytes | 7.98 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
48EAED0E3FD9B7D5B158025ECA583071 |
.rsrc |
0x0239d000 |
1,466,368 bytes | 291,328 bytes | 7.98 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
CE50370D138EA637E7461B9213BE1266 |
|
0x02503000 |
184,320 bytes | 81,408 bytes | 8.00 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
2955C50AB4BC9C0F46D33D7FFB8A0B74 |
|
0x02530000 |
4,096 bytes | 512 bytes | 7.61 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
3323D7382D9863ADD231478DEB8BE11E |
.data |
0x02531000 |
475,136 bytes | 472,576 bytes | 7.23 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
E18B9E537E6D7C55B0327E1B41D2CBC7 |
.adata |
0x025a5000 |
4,096 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
6 检测到高熵(≥7.5)的节 - 可能存在打包/加密
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| STRING | 16 | 22,314 字节 | |
| TEXT | 22 | 23,764 字节 | |
| RT_BITMAP | 22 | 1,236,344 字节 | |
| RT_ICON | 27 | 141,716 字节 | |
| RT_FONTDIR | 1 | 3,650 字节 | |
| RT_FONT | 24 | 25,426 字节 | |
| RT_GROUP_ICON | 19 | 492 字节 | |
| RT_VERSION | 1 | 748 字节 | |
| RT_MANIFEST | 1 | 1,236 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
Chain verification from CN=Mack Digital Marking, O=Mack Digital Marking, L=Louisville, ST=Kentucky, C=US (serial:70278419066089289210186250749142083321, sha1:cf8cbc9477d83e35b7ca8753881f92c301f4b61f) failed: The path could not be validated because the end-entity certificate expired 2023-12-28 07:42:30Z
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
