| 文件名 | 07.18_setup.exe |
| 文件类型 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.220.174 |
| 数据库版本 | 2025-07-18 05:00:27 UTC |
恶意软件家族: Heuristic
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
aa2a3862779cc7e57c4f198883a49eae
|
|
| SHA1 |
eb3b7efafe9ad387f88fed2a6a8336fd26562820
|
|
| SHA256 |
13465a4416c38ecfc1e8071cc28d70bf2aa8976ef8c001cc7370ef675b387104
|
|
| SHA512 |
7cc38eb6c76f9e82210e069b7a75c1736006055e30678d41d695f9ddcc887fbda8d527d82feb48b00ee71be72fe5bd9aa48f0d0a81eee88f4f98b800b30c984f
|
|
| ImpHash |
5644e310c62722d746b2f6f87034a0c5
|
| 映像基址 | 0x140000000 |
| 入口点 | 0x14013ae78 |
| 编译时间 | 2025-07-17 23:52:51 |
| 校验和 | 0x00000000 (实际: 0x00265988) |
| 操作系统版本 | 5.2 |
| PEiD 签名 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 数字签名 | No valid SignedData structure was found. |
| 导入 |
7 库
KERNEL32, USER32, GDI32, ADVAPI32, WS2_32, DNSAPI, msvcrt |
| 导出 | 0 函数 |
| 资源 | 2 资源 |
| 节 | 6 节 |
| CompanyName | Microsoft Corporation |
| FileDescription | Microsoft Visual Studio 2013 |
| FileVersion | 12.0.31101.0 built by: REL |
| InternalName | Preparation.exe |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | Preparation.exe |
| ProductName | Microsoft Visual Studio Preparation |
| ProductVersion | 12.0.31101.0 |
| Translation | 0x0409 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
1,419,224 bytes | 1,419,264 bytes | 5.99 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
1B955BFE1BB90ED978624D8D75329649 |
.rdata |
0x0015c000 |
80,884 bytes | 80,896 bytes | 4.41 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
4E5CE6FFA270E63805DD4276F65A9F7C |
.data |
0x00170000 |
978,120 bytes | 968,192 bytes | 7.97 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
7A0A35482CDAABD397BEAD128E17DD95 |
.pdata |
0x0025f000 |
30,804 bytes | 31,232 bytes | 5.69 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
CAF0C1FD4450F6DD480A9B65AD100A88 |
.gehcont |
0x00267000 |
4 bytes | 512 bytes | 0.02 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
BFE508F8186C8301DDA269AEB7C79A9E |
.rsrc |
0x00268000 |
4,096 bytes | 2,048 bytes | 4.78 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
997B6BA773D0BD26EAB814C610E9B69C |
1 检测到高熵(≥7.5)的节 - 可能存在打包/加密
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_VERSION | 1 | 916 字节 | |
| RT_MANIFEST | 1 | 953 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
No valid SignedData structure was found.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
