| 文件名 | MenuExtendido.exe |
| 文件类型 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 扫描器版本 | 1.0.155.174 |
| 数据库版本 | 2024-01-25 13:02:33 UTC |
恶意软件家族: STOP/Djvu
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
0b5eb3cb4a95e162d69a20e6c1ecf7b5
|
|
| SHA1 |
bac8d203231a5701e4738967d53f3647931dfb5c
|
|
| SHA256 |
39c52799056c0b5aecf1ac8084b6a307896603e8520430d1411962b76d70cb78
|
|
| SHA512 |
031be0f3654034f014c14b773aba68c2bc3fbc8d428f51075abd67672c8a98a7bc374ac6ff29530c6be60a57ba728f76d514d5b71b85842e5173bb6b8dfd7940
|
|
| ImpHash |
2f727a975c44a2925ace416e4a5ad2d8
|
| 图标 |
哈希: 493f48d7fa0f12541d258d62ca498b1d
模糊: 7b303b99564165eadb247d64411b19ea dHash: c0dce8e8e8e8dcc4 |
| 映像基址 | 0x00400000 |
| 入口点 | 0x00644f2b |
| 编译时间 | 2015-02-10 21:03:05 |
| 校验和 | 0x00000000 (实际: 0x00a9dde0) |
| 操作系统版本 | 5.0 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 数字签名 | The PE file does not contain a certificate table. |
| 导入 |
8 库
kernel32, user32, advapi32, oleaut32, ole32, ntdll, SHFolder, shlwapi |
| 导出 | 0 函数 |
| 资源 | 738 资源 |
| 节 | 6 节 |
| Comments | Creado con AutoPlay Media Studio (www.indigorose.com) |
| CompanyName | Doofy´s Projects |
| FileDescription | Menu Extendido para Windows |
| FileVersion | 7.3.0.0 |
| InternalName | ams_runtime |
| LegalCopyright | © Doofy´s Projects |
| OriginalFilename | MenuExtendido.exe |
| ProductName | MenuExtendido |
| ProductVersion | 7.3.0.0 |
| Translation | 0x0409 0x0000 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
4,030,676 bytes | 4,030,976 bytes | 6.66 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
48372A2FDDF5240E0D09DF123A52D31D |
.rdata |
0x003da000 |
874,392 bytes | 874,496 bytes | 5.27 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
762F7EA9280CE4931523D3AC2ACC2ACB |
.data |
0x004b0000 |
486,232 bytes | 148,480 bytes | 5.35 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
E57E9C9325C8BB5AF6716DEC814C194A |
.rsrc |
0x00527000 |
1,468,324 bytes | 1,468,416 bytes | 7.35 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
A99E2FB65A248890D45E608484E8C37F |
.enigma1 |
0x0068e000 |
4,096 bytes | 4,268,032 bytes | 7.88 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
5C167CA2D03F2F4CE9E534146872B662 |
.enigma2 |
0x0068f000 |
290,816 bytes | 290,816 bytes | 5.89 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
41AD950B5DC6B0438DDE60417E0DC1B3 |
1 检测到高熵(≥7.5)的节 - 可能存在打包/加密
2 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| PNG | 491 | 785,808 字节 | |
| STYLE_XML | 4 | 77,256 字节 | |
| TEXTFILE | 6 | 111,263 字节 | |
| RT_CURSOR | 46 | 17,488 字节 | |
| RT_BITMAP | 37 | 128,886 字节 | |
| RT_ICON | 22 | 228,256 字节 | |
| RT_MENU | 4 | 1,024 字节 | |
| RT_DIALOG | 34 | 15,160 字节 | |
| RT_STRING | 43 | 20,424 字节 | |
| RT_GROUP_CURSOR | 41 | 890 字节 | |
| RT_GROUP_ICON | 5 | 212 字节 | |
| RT_VERSION | 1 | 884 字节 | |
| RT_MANIFEST | 1 | 1,425 字节 | |
| None | 3 | 140 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The PE file does not contain a certificate table.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
