| 文件名 | Mesen.exe |
| 文件类型 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.216.174 |
| 数据库版本 | 2025-05-09 05:00:17 UTC |
恶意软件家族: Heuristic
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
24e62db614fab763582b8cf5e347162b
|
|
| SHA1 |
c8a7151a85b2c26825e97bb9b6bc12d6861e6de4
|
|
| SHA256 |
1b6e9f9c0727c0de35ab38c330f2d174c03e6aa7273b2b85d5d92b733a62afd9
|
|
| SHA512 |
a4be494a37a22556c8d3a2200aa36fa5041b2816dc0306a997eb84fe3193dec1a8142fb672aebd13795dfba6903f6fc05141983ca4d478d327b30ce9b3d3562e
|
|
| ImpHash |
71c2ff041f402cfa4be7ac3f6ed29e68
|
| 图标 |
哈希: e2791a097811f955f0ac1b47f9f4ec91
模糊: 004ce5fb844aaafffa7ee31a69107af4 dHash: e896aa49c8aa8cb2 |
| 映像基址 | 0x140000000 |
| 入口点 | 0x1400c716c |
| 编译时间 | 2025-05-08 14:43:33 |
| 校验和 | 0x00000000 (实际: 0x03f326c6) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| PDB 路径 | D:\a\Mesen2\Mesen2\bin\win-x64\Release\native\Mesen.pdb |
| 数字签名 | No valid SignedData structure was found. |
| 导入 | 17 库 |
| 导出 | 1 函数 |
| 资源 | 7 资源 |
| 节 | 8 节 |
| Translation | 0x0000 0x04b0 |
| CompanyName | Mesen |
| FileDescription | Mesen |
| FileVersion | 1.0.0.0 |
| InternalName | Mesen.dll |
| LegalCopyright | |
| OriginalFilename | Mesen.dll |
| ProductName | Mesen |
| ProductVersion | 1.0.0+792cefb251abbce6891e05a8dc21ba7f1a94c9ce |
| Assembly Version | 1.0.0.0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
889,816 bytes | 889,856 bytes | 6.69 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
4ADBA0B608F82AEF733B7037DEB7B293 |
.managed |
0x000db000 |
30,204,904 bytes | 30,204,928 bytes | 6.46 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
60A47E88760A9756B86CE9A5CE69A1F6 |
hydrated |
0x01daa000 |
18,486,112 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.rdata |
0x02f4c000 |
32,421,836 bytes | 32,421,888 bytes | 7.50 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
F9F9D50095412022E75C60846FE3CCDE |
.data |
0x04e38000 |
1,214,328 bytes | 254,976 bytes | 5.76 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
8760C73D085415E456AD7F2F944949ED |
.pdata |
0x04f61000 |
2,373,996 bytes | 2,374,144 bytes | 6.95 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
512F4B3726DE870723B645FAE376321D |
.rsrc |
0x051a5000 |
28,920 bytes | 29,184 bytes | 3.89 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
AAFB4CF13E2544BA069E3526741A3227 |
.reloc |
0x051ad000 |
36,300 bytes | 36,352 bytes | 5.44 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
86E0E2D44FD31587A773148F2FD4D3E4 |
1 检测到高熵(≥7.5)的节 - 可能存在打包/加密
2 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 4 | 24,288 字节 | |
| RT_GROUP_ICON | 1 | 62 字节 | |
| RT_VERSION | 1 | 748 字节 | |
| RT_MANIFEST | 1 | 3,372 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
No valid SignedData structure was found.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
