| 文件名 | Ragexe.exe |
| 文件类型 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 扫描器版本 | 1.0.218.174 |
| 数据库版本 | 2025-06-11 05:00:13 UTC |
恶意软件家族: Heuristic
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
a18fc73b0654d89e9367f52213fbcef8
|
|
| SHA1 |
3da3f62f75587c02b1334bd3b3b9040ad59d9053
|
|
| SHA256 |
29a8ddda37f2714fae7b6cc938d25af3a7fa6805bd5d7ecc6589194accceb024
|
|
| SHA512 |
6b1398ccda4b09e42b59d01a07d85692bf899524f645a4c24f40cd0b8abc9a2994e211be51bb2b3c848293dcfe3ad25a1a42e00ba5824089609b881bf088b575
|
|
| ImpHash |
d226e417a822824ebf07289084a5372a
|
| 图标 |
哈希: 0187b7d3936a5388b3c10d9d68ada75d
模糊: 0ec75c82573e8f98ec6f6b7e9e410624 dHash: c4c4b08e86869c9a |
| 映像基址 | 0x00400000 |
| 入口点 | 0x01aa8058 |
| 编译时间 | 2025-06-05 05:04:37 |
| 校验和 | 0x0069e2f7 (实际: 0x00691d40) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| PDB 路径 | C:\repositories\RagnarokClient\RagnarokClient\Release Overseas V142 C++20\Ragexe_up.pdb |
| 数字签名 | OK |
| 导入 | 38 库 |
| 导出 | 1 函数 |
| 资源 | 3 资源 |
| 节 | 12 节 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
|
0x00001000 |
11,409,517 bytes | 2,813,952 bytes | 8.00 (打包/加密) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
9AD13E9A54C798BF56CB1F4B5E1D3178 |
|
0x00ae3000 |
1,716,094 bytes | 342,528 bytes | 8.00 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
2E36C5F2F0B1085B4B0ACBF20F4797E6 |
|
0x00c86000 |
4,262,100 bytes | 57,344 bytes | 7.99 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
59852087ABE1438DD665CD4BB0DEABFE |
|
0x01097000 |
161,360 bytes | 52,736 bytes | 7.99 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
12EDEB45B6B0BF30C3A928CE5E5F8C47 |
.debug |
0x010bf000 |
4,096 bytes | 1,536 bytes | 4.46 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
13CDDC607BA077ABFB7899857A4DC2E8 |
.edata |
0x010c0000 |
4,096 bytes | 512 bytes | 1.33 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
3A1C52CFCFDDB350BBA440C9ED028981 |
.vm_sec |
0x010c1000 |
16,384 bytes | 16,384 bytes | 3.42 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
627F064B36BA198470E5BC9DB26E8CC8 |
.idata |
0x010c5000 |
4,096 bytes | 2,560 bytes | 4.56 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
99D52B8C4C877D31BFD0225EE0A8565F |
.tls |
0x010c6000 |
20,480 bytes | 17,408 bytes | 0.01 (正常) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
E12DEC744C74358C561820E97AAD3EB9 |
.rsrc |
0x010cb000 |
4,096 bytes | 2,048 bytes | 4.46 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
953263C11018B93BB3AC0DF647B5ACA3 |
.winlice |
0x010cc000 |
6,144,000 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.boot |
0x016a8000 |
3,570,176 bytes | 3,566,592 bytes | 7.97 (打包/加密) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
AB49F68CA456237C9A19C8FBB0D7FFFD |
5 检测到高熵(≥7.5)的节 - 可能存在打包/加密
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 1 | 744 字节 | |
| RT_GROUP_ICON | 1 | 20 字节 | |
| RT_MANIFEST | 1 | 786 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
OK
按照以下步骤完全从系统中移除威胁
