| 文件名 | SmCredential.exe |
| 文件类型 |
PE32+ executable (console) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.192.174 |
| 数据库版本 | 2024-10-16 03:00:36 UTC |
恶意软件家族: CoinMiner
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
6eba6b2af8f709303bc9ead4fac658db
|
|
| SHA1 |
b4818c8adb4567d87ba83d3284a33e9c10f8f3d2
|
|
| SHA256 |
41de08416967de58073203a4a231c2b6d93511a1880d1ec5786a3cb0c1b63f42
|
|
| SHA512 |
abd5719f65eda958b46e24b5bad6509a2c0b2099583a7c7550bee1d819d8d3cdaf8042e56f34832bf37c7ba9f9bf7d377d4bbe74ea55e3e3f6079b8e548ebc2a
|
|
| ImpHash |
12806e48b853545b536463546db4baa1
|
| 图标 |
哈希: e978c4085c6c2cba0a6e5f6871491494
模糊: da7d02a73d2003a54f3910a556e8e28e dHash: b0b5fd2ece80c4c4 |
| 映像基址 | 0x140000000 |
| 入口点 | 0x1403e01a4 |
| 编译时间 | 2024-08-11 18:16:41 |
| 校验和 | 0x00000000 (实际: 0x00614297) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32+ executable (console) x86-64, for MS Windows
|
| 数字签名 | The PE file does not contain a certificate table. |
| 导入 |
10 库
WS2_32, IPHLPAPI, USERENV, CRYPT32, KERNEL32, USER32, SHELL32, ole32, ADVAPI32, bcrypt |
| 导出 | 0 函数 |
| 资源 | 10 资源 |
| 节 | 10 节 |
| CompanyName | Microsoft Corporation |
| FileDescription | Segnalazione errori applicazioni Microsoft |
| FileVersion | 10.0.2627 |
| InternalName | DWIntl |
| LegalCopyright | Copyright© Microsoft Corporation 1999-2001. Tutti i diritti riservati. |
| LegalTrademarks1 | Microsoft® è un marchio registrato di Microsoft Corporation. |
| LegalTrademarks2 | Windows® è un marchio registrato di Microsoft Corporation. |
| OriginalFilename | DWIntl.Dll |
| ProductName | Microsoft Application Error Reporting |
| ProductVersion | 10.0.2627 |
| Built by | OFFMSO7 |
| Translation | 0x0410 0x04e4 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
4,301,944 bytes | 4,302,336 bytes | 6.52 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
7BFA50FF80E175EFDC3F63B945917FFD |
.rdata |
0x0041c000 |
1,732,130 bytes | 1,732,608 bytes | 6.17 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
45AD955DCFEC3415D214EF4E759878B5 |
.data |
0x005c3000 |
2,815,188 bytes | 66,048 bytes | 4.02 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
21BCB66E26A5153208EE0E5B0674AC6A |
.pdata |
0x00873000 |
173,352 bytes | 173,568 bytes | 6.32 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
3216F277E28EEB2A10E798F3C405F411 |
_RANDOMX |
0x0089e000 |
3,158 bytes | 3,584 bytes | 5.68 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
9EE63642B94966ECB630EE0843E46B26 |
_TEXT_CN |
0x0089f000 |
9,937 bytes | 10,240 bytes | 6.08 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
AFEA7882AA31E5987DB2F12B8933DE56 |
_TEXT_CN |
0x008a2000 |
4,484 bytes | 4,608 bytes | 6.05 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
409BF3F918F2402291CB56C2E9354B47 |
_RDATA |
0x008a4000 |
244 bytes | 512 bytes | 2.46 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
9E68FEE697A3137AD662934AB8EC793E |
.rsrc |
0x008a5000 |
8,192 bytes | 5,632 bytes | 3.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
30021C146D62BDF6950BA42238D7F666 |
.reloc |
0x008a7000 |
46,496 bytes | 46,592 bytes | 5.46 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
2DB71728C819782830A4BC6DE4955950 |
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 4 | 2,976 字节 | |
| RT_GROUP_ICON | 4 | 80 字节 | |
| RT_VERSION | 1 | 1,296 字节 | |
| RT_MANIFEST | 1 | 381 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The PE file does not contain a certificate table.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
