文件名 | Bandicam 7.1.1.2158.exe |
文件类型 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
扫描器版本 | 1.0.179.174 |
数据库版本 | 2024-06-14 18:00:25 UTC |
恶意软件家族: Puwaders
哈希类型 | 值 | 操作 |
---|---|---|
MD5 |
32f0731cf13ea2aad2f880f89dbf6420
|
|
SHA1 |
726c1d0529e3a46598e342a8c2ba4070379e37d7
|
|
SHA256 |
199e3e881afdeec9f55ef5c6e890c94b4123678e7dba0734309cf1eb01a579fa
|
|
SHA512 |
7ad7ec0a1631336c938c4c796c087f33736378486d6709c410453b9caed84ebaead13c5ffa6c7491555140f403dd9d29645f029e6216f81d45c6f9c8a3ff228a
|
|
ImpHash |
884310b1928934402ea6fec1dbd3cf5e
|
图标 |
哈希: ed5de9f097b9ff27c0a5e3034ed20f7b
模糊: f4e7052ce92c86cd3eb7a6023837841c dHash: 70c48a3969339668 |
映像基址 | 0x00400000 |
入口点 | 0x00409c14 |
编译时间 | 1992-06-19 22:22:17 |
校验和 | 0x0001cc27 (实际: 0x01e149d3) |
操作系统版本 | 1.0 |
PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
数字签名 | The PE file does not contain a certificate table. |
导入 |
5 库
kernel32, user32, oleaut32, advapi32, comctl32 |
导出 | 0 函数 |
资源 | 14 资源 |
节 | 8 节 |
Comments | This installation was built with Inno Setup. |
CompanyName | LR |
FileDescription | Bandicam Setup |
FileVersion | 7.1.1.2158.0 |
LegalCopyright | Copyright 2007-2024 LRepacks |
ProductName | Bandicam |
ProductVersion | 7.1.1.2158 |
Translation | 0x0000 0x04b0 |
名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
---|---|---|---|---|---|---|
CODE |
0x00001000 |
37,688 bytes | 37,888 bytes | 6.56 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
AB7597FD79B9D0A17BD1BAA69835F2F7 |
DATA |
0x0000b000 |
588 bytes | 1,024 bytes | 2.74 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
ACDC962544AFD7E8888841346D1B6A37 |
BSS |
0x0000c000 |
3,724 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.idata |
0x0000d000 |
2,384 bytes | 2,560 bytes | 4.43 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
BB5485BF968B970E5EA81292AF2ACDBA |
.tls |
0x0000e000 |
8 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.rdata |
0x0000f000 |
24 bytes | 512 bytes | 0.20 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ
|
9BA824905BF9C7922B6FC87A38B74366 |
.reloc |
0x00010000 |
2,224 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.rsrc |
0x00011000 |
22,880 bytes | 23,040 bytes | 4.66 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ
|
0BCFB4BC3573F26A476723BDE2FB9CDF |
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
资源类型 | 数量 | 总大小 | 百分比 |
---|---|---|---|
RT_ICON | 4 | 16,416 字节 | |
RT_STRING | 6 | 2,710 字节 | |
RT_RCDATA | 1 | 44 字节 | |
RT_GROUP_ICON | 1 | 62 字节 | |
RT_VERSION | 1 | 1,208 字节 | |
RT_MANIFEST | 1 | 1,580 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The PE file does not contain a certificate table.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁