| 文件名 | pcyyb__installer.exe |
| 文件类型 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.169.174 |
| 数据库版本 | 2024-03-21 05:00:33 UTC |
恶意软件家族: Heuristic
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
0d5e87db6d1a6cb43a7731a4d218fb15
|
|
| SHA1 |
e2ee721c8b8fa9f8483f22a2b80f8c7e0c65f3a2
|
|
| SHA256 |
403842190d4beb19226c97d26216c0692cd9b2410a4dc6879b246e70fc5a425e
|
|
| SHA512 |
172183a78e48c376c5ed1ef20ba303913757bd07b2ec26a72fb1ed5073f6ca263691f25d133019af218fcb2228ffcadb3be9f673d99390c4db8c078b9d501367
|
|
| ImpHash |
72f79d3355bf69eb840b73490ffc2cc4
|
| 图标 |
哈希: 5d01bd2cedae64997df260f8c17783ed
模糊: 7e5736be62a3d55cba21787eea828530 dHash: cc27337171331acc |
| 映像基址 | 0x140000000 |
| 入口点 | 0x1402d1404 |
| 编译时间 | 2023-08-02 08:44:20 |
| 校验和 | 0x0065174b (实际: 0x0065174b) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| PDB 路径 | E:\workplace\Androws\p-7d0bede0cc4642bcb2fb80f584c30f51\Build\bin\Release\AndrowsInstaller.pdb |
| 数字签名 | Unknown certificate revision 5f70 |
| 导入 | 19 库 |
| 导出 | 0 函数 |
| 资源 | 11 资源 |
| 节 | 8 节 |
| CompanyName | Tencent |
| FileDescription | 腾讯应用宝 |
| FileVersion | 1.0.0.0 |
| LegalCopyright | Copyright (C) 2022 Tencent. All Rights Reserved. |
| InternalName | Androws |
| ProductName | Androws |
| ProductVersion | 1.0.0.0 |
| Translation | 0x0000 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
3,261,772 bytes | 3,261,952 bytes | 6.52 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
57358735D5176B43D98EB4FF3A1DFDF5 |
.rdata |
0x0031e000 |
1,021,670 bytes | 1,021,952 bytes | 6.15 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
E7A6A394F04164DC5487634278D69E2D |
.data |
0x00418000 |
235,364 bytes | 209,408 bytes | 5.05 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
7C104E2D12FE4DF95337C387CCB5F104 |
.pdata |
0x00452000 |
144,456 bytes | 144,896 bytes | 6.33 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
8E2B9B837FDAA782DBD420C6E554F8F0 |
_RDATA |
0x00476000 |
244 bytes | 512 bytes | 2.42 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
4B124F15DC58009808D4E8FDD991BD79 |
.QMGuid |
0x00477000 |
32 bytes | 512 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
BF619EAC0CDF3F68D496EA9344137E8B |
.rsrc |
0x00478000 |
1,914,480 bytes | 1,914,880 bytes | 6.37 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
44CD55D4847D43EC50CEC0A3E1DA2169 |
.reloc |
0x0064c000 |
34,640 bytes | 34,816 bytes | 5.46 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
54C160293AA78D3B094A17DED7859FF5 |
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| CUSTOM | 1 | 1,679,360 字节 | |
| ZIPRES | 1 | 127,479 字节 | |
| RT_ICON | 6 | 105,508 字节 | |
| RT_GROUP_ICON | 1 | 90 字节 | |
| RT_VERSION | 1 | 652 字节 | |
| RT_MANIFEST | 1 | 653 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
Unknown certificate revision 5f70
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
