| 文件名 | FATALITY.exe |
| 文件类型 |
PE32+ executable (console) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.218.174 |
| 数据库版本 | 2025-06-15 01:00:19 UTC |
恶意软件家族: Heuristic
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
100cee7ea5f735f832873a6def748739
|
|
| SHA1 |
519fda1997008826070922567d40fb912e4a33d7
|
|
| SHA256 |
1c7eb5e50944a5b30ce8c44739320a66858351aea895649d62ab57c8c675478a
|
|
| SHA512 |
0e08e25faff564df893a6d5f02dd2ec3e8dc8761f2ba3ebea6b657575793ef3d529e234f9492af7457b1d642f474aad168b2faf4d24ab8847d9cca294a17843a
|
|
| ImpHash |
500697a5eb94c2fffe714893c0005bdc
|
| 映像基址 | 0x140000000 |
| 入口点 | 0x14017b470 |
| 编译时间 | 2025-06-11 18:20:18 |
| 校验和 | 0x0059ce38 (实际: 0x0059ce38) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32+ executable (console) x86-64, for MS Windows
|
| 数字签名 | No valid SignedData structure was found. |
| 导入 |
1 库
KERNEL32 |
| 导出 | 0 函数 |
| 资源 | 2 资源 |
| 节 | 9 节 |
| CompanyName | Microsoft Corporation |
| FileDescription | winrs |
| FileVersion | 10.0.19041.1 (WinBuild.160101.0800) |
| InternalName | winrs.exe |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | winrs.exe |
| ProductName | Microsoft® Windows® Operating System |
| ProductVersion | 10.0.19041.1 |
| Translation | 0x0409 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
1,703,936 bytes | 1,700,352 bytes | 6.90 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
1293BC1A065CEA0152DA269D0AB42809 |
.rdata |
0x001a1000 |
65,536 bytes | 64,512 bytes | 4.96 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
C63923D3C22B49919F278EC508377849 |
.data |
0x001b1000 |
16,384 bytes | 5,120 bytes | 2.79 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
6B78525993D49BF3EC9C4A39173A9976 |
.pdata |
0x001b5000 |
16,384 bytes | 13,312 bytes | 5.74 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
0848619D7719FCF50D55D1113ACA0611 |
.gxfg |
0x001b9000 |
20,480 bytes | 9,216 bytes | 5.05 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
45E239DCC1B3AE09CF06D9EFF9EEF63F |
_RDATA |
0x001be000 |
4,096 bytes | 512 bytes | 4.22 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
0B6A92D103AD8E8461FF23E7CCA48D34 |
.reloc |
0x001bf000 |
2,516 bytes | 2,560 bytes | 5.42 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
C10FC4FB5252F66312DBBDD01C49DD0D |
.tcp |
0x001c0000 |
3,498,496 bytes | 3,498,496 bytes | 8.00 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
CBABAC2EB88C9FE83041E6C89CFADB2A |
.rsrc |
0x00517000 |
585,728 bytes | 581,632 bytes | 7.92 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
78C5386C705D2C0C5F5FD9B58D81C00D |
2 检测到高熵(≥7.5)的节 - 可能存在打包/加密
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_VERSION | 1 | 880 字节 | |
| RT_MANIFEST | 1 | 1,170 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
No valid SignedData structure was found.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
