| 文件名 | OInstall.exe |
| 文件类型 |
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
|
| 扫描器版本 | 1.0.154.174 |
| 数据库版本 | 2024-01-11 10:05:21 UTC |
恶意软件家族: KMS
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
e08846bdb996040fcfd5fca27583b39d
|
|
| SHA1 |
71f540e3e4f91f4469b0684ac3ad535178994cae
|
|
| SHA256 |
2d261f238eec8f1be72d1ce9be45376d3b9b0d7727c39eabe1618c0c092610fe
|
|
| SHA512 |
2fc096fd6a209e99bdcee283407628c6fceba26f0aca8692bb1c30e71d7d1d209485f75f079cabb4e7e7ef7660c3aeb8d8e8d2b63ee90ff01c578f562003b18f
|
|
| ImpHash |
5552966e57239e4086878e8acaea4b8f
|
| 图标 |
哈希: cf8b3d44cc80ac3d3f5b2c3f6848133a
模糊: 71fcd2e860bbcd562ce257f969072383 dHash: e0c8ccc6c6c6c0e0 |
| 映像基址 | 0x00400000 |
| 入口点 | 0x02290070 |
| 编译时间 | 2022-10-18 03:47:33 |
| 校验和 | 0x00fa6f51 (实际: 0x00fa6f51) |
| 操作系统版本 | 4.0 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
|
| 数字签名 | Chain verification from CN=WZTeam (serial:-155843482902537470358085606074993314206, sha1:648384a4dee53d4c1c87e10d67cc99307ccc9c98) failed: The X.509 certificate provided is self-signed - "Common Name: WZTeam" |
| 导入 | 22 库 |
| 导出 | 0 函数 |
| 资源 | 7 资源 |
| 节 | 3 节 |
| WZTeam | () |
| USERTrust RSA Certification Authority | Sectigo Limited (GB) |
| Sectigo RSA Time Stamping CA | Sectigo Limited (GB) |
| ProductName | Office 2013-2021 C2R Install |
| FileDescription | Office 2013-2021 C2R Install |
| Translation | 0x0000 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
UPX0 |
0x00001000 |
15,794,176 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
UPX1 |
0x00f11000 |
16,252,928 bytes | 16,249,856 bytes | 7.91 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
AD890F552297F848C915B2952B6E0EA6 |
.rsrc |
0x01e91000 |
86,016 bytes | 86,016 bytes | 1.97 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
7866D0C32D17FC1E6AC0DBB9CD6BD0AE |
1 检测到高熵(≥7.5)的节 - 可能存在打包/加密
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 4 | 82,656 字节 | |
| RT_GROUP_ICON | 1 | 62 字节 | |
| RT_VERSION | 1 | 412 字节 | |
| RT_MANIFEST | 1 | 1,117 字节 |
| 主题 |
WZTeam |
| 颁发者 | WZTeam |
| 序列号 | -155843482902537470358085606074993314206 |
| 主题 |
Sectigo RSA Time Stamping CA Sectigo Limited GB |
| 颁发者 | USERTrust RSA Certification Authority |
| 序列号 | 63883093293784159655322269805543173561 |
| 主题 |
Sectigo RSA Time Stamping Signer #3 Sectigo Limited GB |
| 颁发者 | Sectigo RSA Time Stamping CA |
| 序列号 | 191707380446202648670195672873975720259 |
Chain verification from CN=WZTeam (serial:-155843482902537470358085606074993314206, sha1:648384a4dee53d4c1c87e10d67cc99307ccc9c98) failed: The X.509 certificate provided is self-signed - "Common Name: WZTeam"
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
