| 文件名 | roblox.hacks.exe |
| 文件类型 |
Win32 EXE
|
| 魔术字节 | PE32+ executable (GUI) x86-64, for MS Windows |
| SSDEEP 哈希 |
786432:69Swq7F3yajlAhRn+uKPrONjl0pHlo0FdGghdbaYzcY87oJESWqERo1KIJuz+da:sSwrMAhRnOPrONJ0Vl4Ed/E7FquvfKA
|
| 扫描器版本 | 1.0.178.174 |
| 数据库版本 | 2024-06-08 04:00:47 UTC |
被 18 个安全引擎检测到 - 需要谨慎
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
0ad0ac3db183948a4d50992c795932e9
|
|
| SHA1 |
1136b949b61044b535670b051595821a06242969
|
|
| SHA256 |
1faab1e1853ceed5acd6c1463a8b94d3b199e2766f577b73be7c47a13b609f40
|
|
| SHA512 |
b2815c5372cfb3227206b916c35b0c9c9afb8b643590d699ece4471b6f0449edf32251ad760282b6a96a66e76eaad446f2aefacf215953e5600d7ac1356cc5b1
|
|
| ImpHash |
f4f2e2b03fe5666a721620fcea3aea9b
|
| 映像基址 | 0x140000000 |
| 入口点 | 0x14000c540 |
| 编译时间 | 2024-06-07 21:06:18 |
| 校验和 | 0x034e30d5 (实际: 0x03ee30b9) |
| 操作系统版本 | 5.2 |
| PEiD 签名 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 数字签名 | The PE file does not contain a certificate table. |
| 导入 |
5 库
USER32, COMCTL32, KERNEL32, ADVAPI32, GDI32 |
| 导出 | 0 函数 |
| 资源 | 2 资源 |
| 节 | 7 节 |
| CompanyName | Microsoft Corporation |
| FileDescription | Runtime Broker |
| FileVersion | 10.0.19041.746 (WinBuild.160101.0800) |
| InternalName | RuntimeBroker.exe |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | RuntimeBroker.exe |
| ProductName | Microsoft® Windows® Operating System |
| ProductVersion | 10.0.19041.746 |
| Translation | 0x0409 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
176,048 bytes | 176,128 bytes | 6.50 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
40BF1EDEBD1304CE1B08C50CB556D4DB |
.rdata |
0x0002c000 |
77,622 bytes | 77,824 bytes | 5.83 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
8BAE301A5FDC3F9042241046D1FDF237 |
.data |
0x0003f000 |
13,240 bytes | 3,584 bytes | 1.83 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
AE0F42B168987B17129506CCC4960B21 |
.pdata |
0x00043000 |
8,988 bytes | 9,216 bytes | 5.38 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
FFC5390666982CAB67E3C9BF8E263BC3 |
_RDATA |
0x00046000 |
500 bytes | 512 bytes | 3.71 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
771F0B097891D31289BB68F0EB426E66 |
.rsrc |
0x00047000 |
2,380 bytes | 2,560 bytes | 5.12 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
3179799486F1B9711793974A7101C627 |
.reloc |
0x00048000 |
1,880 bytes | 2,048 bytes | 5.25 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
7ECF18B15822E1AA4C79B9A361F07C79 |
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_VERSION | 1 | 924 字节 | |
| RT_MANIFEST | 1 | 1,293 字节 |
| 产品 | Microsoft® Windows® Operating System |
| 描述 | Runtime Broker |
| 文件版本 | 10.0.19041.746 (WinBuild.160101.0800) |
| 原始名称 | RuntimeBroker.exe |
| 内部名称 | RuntimeBroker.exe |
| 版权 | © Microsoft Corporation. All rights reserved. |
✓ 此文件已进行数字签名,证书链已验证。
The PE file does not contain a certificate table.
建议: 验证文件来源并确保它来自可信的发布者.
Gridinsoft Anti-Malware 拥有更强大的病毒扫描引擎。我们建议使用它来更准确地诊断受感染的系统。这个简短的指南将帮助您安装我们的旗舰产品以进行更准确的诊断:
下载反恶意软件此文件看起来是干净的,但定期的安全维护很重要
