文件名 | uploaded |
文件类型 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
扫描器版本 | 1.0.139.174 |
数据库版本 | 2023-09-18 14:02:12 UTC |
恶意软件家族: Chromnius
哈希类型 | 值 | 操作 |
---|---|---|
MD5 |
4bb331ead48449e15ff9aa51fee8fa25
|
|
SHA1 |
113bffa93601f83ea002317c2f9dd055640cf56c
|
|
SHA256 |
2ab2a97ce09791d77c39da25b974384da6ad9c61f63f4beabfe2f0eddecd73ff
|
|
SHA512 |
8e76046d447b1319cc1503a61e6c54baba6b09233b07a4ef51c04969c874781d41a1eb26e534eb061e9cbfe564512225f4b331fb0a74aaf3379bd30d1ad6e80d
|
|
ImpHash |
21314122cd4542a6b9b297f52a87acbe
|
图标 |
哈希: 5e172c0dc3b3b45ca039c9e793a07b29
模糊: a0944f9361276e2a5e874864a5c88639 dHash: f8e2eae6b696c6cc |
映像基址 | 0x00400000 |
入口点 | 0x005e0862 |
编译时间 | 2023-07-27 09:36:39 |
校验和 | 0x006f2bc4 (实际: 0x006f2bc4) |
操作系统版本 | 6.0 |
PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
PDB 路径 | C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb |
数字签名 | OK |
导入 |
1 库
KERNEL32 |
导出 | 0 函数 |
资源 | 44 资源 |
节 | 5 节 |
GlobalSign | GlobalSign nv-sa (BE) |
GlobalSign Code Signing Root R45 | GlobalSign nv-sa (BE) |
GlobalSign GCC R45 CodeSigning CA 2020 | Dragon Boss Solutions LLC (AE) |
CompanyName | Chromstera Browser |
FileDescription | Chromstera Browser Installer |
FileVersion | 1.0 |
InternalName | ChromsteraPublic |
LegalCopyright | Copyright (C) 2023 Chromstera Browser |
OriginalFileName | ChromsteraPublic.exe |
ProductName | Chromstera Browser |
ProductVersion | 1.0 |
Translation | 0x0409 0x04b0 |
名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
---|---|---|---|---|---|---|
.text |
0x00001000 |
2,534,582 bytes | 2,534,912 bytes | 6.45 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
6609EE5AD35366535F89171104FD9407 |
.rdata |
0x0026c000 |
587,098 bytes | 587,264 bytes | 4.60 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
82A48C8EED166A4419B55B922166495D |
.data |
0x002fc000 |
53,824 bytes | 15,360 bytes | 4.77 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
624471F60C55363D0BDC9E3921A90C7E |
.rsrc |
0x0030a000 |
170,164 bytes | 170,496 bytes | 5.19 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
0541A6101798A79B746007837D07F229 |
.reloc |
0x00334000 |
166,892 bytes | 166,912 bytes | 6.51 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
7704EC72484064D3D713DEF4A99CB43B |
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
资源类型 | 数量 | 总大小 | 百分比 |
---|---|---|---|
RT_BITMAP | 6 | 26,098 字节 | |
RT_ICON | 6 | 10,032 字节 | |
RT_DIALOG | 5 | 1,198 字节 | |
RT_STRING | 15 | 11,262 字节 | |
RT_GROUP_ICON | 1 | 90 字节 | |
RT_VERSION | 1 | 812 字节 | |
RT_HTML | 9 | 116,245 字节 | |
RT_MANIFEST | 1 | 2,063 字节 |
主题 |
GlobalSign Code Signing Root R45 GlobalSign nv-sa BE |
颁发者 | GlobalSign |
序列号 | 159895020367154186454025795821008217243 |
主题 |
GlobalSign GCC R45 CodeSigning CA 2020 GlobalSign nv-sa BE |
颁发者 | GlobalSign Code Signing Root R45 |
序列号 | 159159759846135372329575655669707113543 |
主题 |
Dragon Boss Solutions LLC Dragon Boss Solutions LLC AE |
颁发者 | GlobalSign GCC R45 CodeSigning CA 2020 |
序列号 | 35484042506904463140501520684 |
OK
按照以下步骤完全从系统中移除威胁