文件名 | ep_setup.exe |
文件类型 |
PE32+ executable (GUI) x86-64, for MS Windows
|
扫描器版本 | 1.0.172.174 |
数据库版本 | 2024-04-22 15:00:34 UTC |
恶意软件家族: Gen
哈希类型 | 值 | 操作 |
---|---|---|
MD5 |
70238c15bc23e1ba24e61d3ec7c75a5d
|
|
SHA1 |
a2db5a689af3ee18ebd746017b7834b041165f3f
|
|
SHA256 |
167f90fad0d3df4e2bfd4a6b07e459a6e414f63fa20e473aedc8c82f3b21eaef
|
|
SHA512 |
596e934b77a5d81072f92b267cc8856fb3ffb27c413b30890f107fdb9eefd88797a99beb724e25ad740dea3c32e6a541069ee64e0985083e30f2abbff93932af
|
|
ImpHash |
305fb72e72b5901adbaec24662d253ae
|
映像基址 | 0x140000000 |
入口点 | 0x140005384 |
编译时间 | 2024-03-13 04:32:43 |
校验和 | 0x00000000 (实际: 0x00273bc6) |
操作系统版本 | 6.0 |
PEiD 签名 |
PE32+ executable (GUI) x86-64, for MS Windows
|
PDB 路径 | D:\a\ExplorerPatcher\ExplorerPatcher\build\Release\ep_setup.pdb |
数字签名 | The PE file does not contain a certificate table. |
导入 |
9 库
KERNEL32, USER32, ADVAPI32, SHELL32, ole32, OLEAUT32, RstrtMgr, VERSION, SHLWAPI |
导出 | 4 函数 |
资源 | 42 资源 |
节 | 7 节 |
CompanyName | VALINET Solutions SRL |
FileDescription | ExplorerPatcher Setup Program |
FileVersion | 22621.3296.64.1 |
InternalName | ep_setup.exe |
LegalCopyright | Copyright (C) 2006-2024 VALINET Solutions SRL. All rights reserved. |
OriginalFilename | ep_setup.exe |
ProductName | ExplorerPatcher |
ProductVersion | 22621.3296.64.1 |
Translation | 0x0409 0x04b0 |
名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
---|---|---|---|---|---|---|
.text |
0x00001000 |
111,680 bytes | 112,128 bytes | 6.46 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
8B7F016CFAF571279CF72E1F8230493D |
.rdata |
0x0001d000 |
54,202 bytes | 54,272 bytes | 4.97 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
434D52FCBD68B09E0B75BF1F61457504 |
.data |
0x0002b000 |
8,032 bytes | 3,072 bytes | 1.94 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
820A9F2AA87351630406CC20C8F516ED |
.pdata |
0x0002d000 |
5,400 bytes | 5,632 bytes | 5.09 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
B9636809627487FE6BFDE2BFEF981F61 |
_RDATA |
0x0002f000 |
500 bytes | 512 bytes | 3.65 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D0AA4922ED6424216162CAA029671C8C |
.rsrc |
0x00030000 |
2,350,888 bytes | 2,351,104 bytes | 6.05 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
59C74A5DE3AA2FA17137FAA44ABA5AE6 |
.reloc |
0x0026e000 |
1,724 bytes | 2,048 bytes | 5.04 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
3B76314B2AC7766314C8FF9167FCC1E8 |
资源类型 | 数量 | 总大小 | 百分比 |
---|---|---|---|
RT_STRING | 32 | 30,126 字节 | |
RT_RCDATA | 8 | 2,317,720 字节 | |
RT_VERSION | 1 | 892 字节 | |
RT_MANIFEST | 1 | 638 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The PE file does not contain a certificate table.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁