| 文件名 | KMSoffline_x64.exe |
| 文件类型 |
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
| 扫描器版本 | 1.0.154.174 |
| 数据库版本 | 2024-01-10 04:16:07 UTC |
恶意软件家族: KMS
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
2e4b7bf92c274a0afee22e5dbb077d71
|
|
| SHA1 |
3ad9a46620e6c673460d899ff17c2d3ffc767ef1
|
|
| SHA256 |
2a9c7114218e3d4833d02d5f8b63b49891fc7ade10758f88fc383df2c88d62c0
|
|
| SHA512 |
0a4cced498064173d78924c0beef533ebd2c4194fadfa1b22b6ef73bbf6f118de7d1370169fa2b4b14b5145b9e53ac3405ed0ccac81c306d54b3f8e429fb8637
|
| 图标 |
哈希: 35da807d835832f8e900d173b08a6cbb
模糊: 1b0f2e4260a6adadbd2b91064939b4d7 dHash: 71e0d4d2f8fcf071 |
| 映像基址 | 0x00400000 |
| 入口点 | 0x00400000 |
| 编译时间 | 2021-10-08 22:30:44 |
| 校验和 | 0x003954e9 (实际: 0x003954e9) |
| 操作系统版本 | 4.0 |
| PEiD 签名 |
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
| 数字签名 | Chain verification from CN=WZTeam (serial:-155843482902537470358085606074993314206, sha1:648384a4dee53d4c1c87e10d67cc99307ccc9c98) failed: The X.509 certificate provided is self-signed - "Common Name: WZTeam" |
| 导入 | 0 |
| 导出 | 0 函数 |
| 资源 | 4 资源 |
| 节 | 3 节 |
| WZTeam | () |
| USERTrust RSA Certification Authority | Sectigo Limited (GB) |
| Sectigo RSA Time Stamping CA | Sectigo Limited (GB) |
| Translation | 0x0000 0x04b0 |
| Comments | |
| CompanyName | |
| FileDescription | KMSoffline |
| FileVersion | 2.3.2.0 |
| InternalName | KMSoffline.exe |
| LegalCopyright | Copyright © 2019 |
| LegalTrademarks | |
| OriginalFilename | KMSoffline.exe |
| ProductName | KMSoffline |
| ProductVersion | 2.3.2.0 |
| Assembly Version | 1.0.1.0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00002000 |
3,663,156 bytes | 3,663,360 bytes | 7.98 (打包/加密) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
7433FCB2A3A2C6F6B49F20604F99E859 |
.sdata |
0x00382000 |
488 bytes | 512 bytes | 6.61 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
75E0138C4E0F4C87867AB90220681C97 |
.rsrc |
0x00384000 |
72,760 bytes | 73,216 bytes | 4.82 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
9ADDCF19D97F8AB1ABCEBCAB00DB4BFA |
1 检测到高熵(≥7.5)的节 - 可能存在打包/加密
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 1 | 67,624 字节 | |
| RT_GROUP_ICON | 1 | 20 字节 | |
| RT_VERSION | 1 | 812 字节 | |
| RT_MANIFEST | 1 | 3,999 字节 |
| 主题 |
WZTeam |
| 颁发者 | WZTeam |
| 序列号 | -155843482902537470358085606074993314206 |
| 主题 |
Sectigo RSA Time Stamping CA Sectigo Limited GB |
| 颁发者 | USERTrust RSA Certification Authority |
| 序列号 | 63883093293784159655322269805543173561 |
| 主题 |
Sectigo RSA Time Stamping Signer #2 Sectigo Limited GB |
| 颁发者 | Sectigo RSA Time Stamping CA |
| 序列号 | 186713047966142775501540888803396521323 |
Chain verification from CN=WZTeam (serial:-155843482902537470358085606074993314206, sha1:648384a4dee53d4c1c87e10d67cc99307ccc9c98) failed: The X.509 certificate provided is self-signed - "Common Name: WZTeam"
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
