| 文件名 | roulette-moulette.exe |
| 文件类型 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 扫描器版本 | 1.0.205.174 |
| 数据库版本 | 2025-01-25 13:00:55 UTC |
恶意软件家族: Patcher
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
60b042a0bcc77276b7a836a720dd8a92
|
|
| SHA1 |
6c803d1126e316b9f9105fe961062fd14652accb
|
|
| SHA256 |
20bd06f7860c6f910c594a249929e32d92c4693c86285d1adf59473bb4182a17
|
|
| SHA512 |
06238654323ceee5cc03e4a2dfe246da0961ac778d8b5ec9978b054fccb25397a944792b8b20bae0e1b1ddb0b8e2f858e1d2004f1262ce198dad4aece51efd5f
|
|
| ImpHash |
25d926e61b8f38d8e2275dca2aa76a0f
|
| 图标 |
哈希: de260fe594950b8926521b1bab0668b5
模糊: c76477f9a71b1a4bc9fdd84da409a8e8 dHash: 70f4fcfcbc96fc1c |
| 映像基址 | 0x00400000 |
| 入口点 | 0x007bd94c |
| 编译时间 | 2012-03-16 06:57:33 |
| 校验和 | 0x00000000 (实际: 0x0089fa15) |
| 操作系统版本 | 5.0 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 数字签名 | No valid SignedData structure was found. |
| 导入 | 13 库 |
| 导出 | 0 函数 |
| 资源 | 221 资源 |
| 节 | 14 节 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
|
0x00001000 |
3,911,680 bytes | 3,911,680 bytes | 6.42 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
2CAE8991768D55386D287B70CB7E1F05 |
|
0x003bc000 |
8,192 bytes | 8,192 bytes | 5.47 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
E523AC2746A351A49B4BA8D66022C3C1 |
|
0x003be000 |
40,960 bytes | 40,960 bytes | 5.33 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
4EB613F57511AB7CBF250A3A248E32BD |
|
0x003c8000 |
32,768 bytes | 32,768 bytes | 0.00 (正常) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
BB7DF04E1B0A2570657527A7E108AE23 |
|
0x003d0000 |
24,576 bytes | 24,576 bytes | 1.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
1158EBF2E54F136F46CF50EBD6CDFAE5 |
|
0x003d6000 |
4,096 bytes | 4,096 bytes | 1.05 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
92BE41A3A4C719C10CCEAA96E902FB97 |
|
0x003d7000 |
4,096 bytes | 4,096 bytes | 0.00 (正常) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
620F0B67A91F7F74151BC5BE745B7110 |
|
0x003d8000 |
4,096 bytes | 4,096 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
620F0B67A91F7F74151BC5BE745B7110 |
|
0x003d9000 |
278,528 bytes | 278,528 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
3F990B7BE663E47382D3AF1E45CEF540 |
|
0x0041d000 |
819,200 bytes | 819,200 bytes | 5.31 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
22A9309C14B70B6A080ED4421BC501A3 |
.rsrc |
0x004e5000 |
126,976 bytes | 126,976 bytes | 4.39 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
B9983CD3875CFF6A0EEB56B30A5FDDAE |
|
0x00504000 |
2,850,816 bytes | 2,850,816 bytes | 4.39 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
62C27F2DD2B8997143BC995C4226DE0E |
.data |
0x007bc000 |
856,064 bytes | 856,064 bytes | 7.94 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
794EBD1120972EBBD6887B5FA946759E |
.mackt |
0x0088d000 |
16,384 bytes | 16,384 bytes | 4.59 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
6A2EDD3044EF5C8D9E858BE7EA6FFFF5 |
1 检测到高熵(≥7.5)的节 - 可能存在打包/加密
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_CURSOR | 24 | 7,392 字节 | |
| RT_BITMAP | 125 | 140,148 字节 | |
| RT_ICON | 5 | 85,096 字节 | |
| RT_DIALOG | 2 | 164 字节 | |
| RT_STRING | 30 | 24,680 字节 | |
| RT_RCDATA | 9 | 545,747 字节 | |
| RT_GROUP_CURSOR | 24 | 480 字节 | |
| RT_GROUP_ICON | 1 | 76 字节 | |
| RT_MANIFEST | 1 | 850 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
No valid SignedData structure was found.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
