| 文件名 | TEKLauncher.exe |
| 文件类型 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.212.174 |
| 数据库版本 | 2025-03-30 21:00:27 UTC |
恶意软件家族: ZgRAT
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
03a7490421f5f285201e15c222173af7
|
|
| SHA1 |
139ad0df1dd439c190cadf36fba44adc5c74ea13
|
|
| SHA256 |
4222b9ed7a08ea340aed36e4482daadc44540f81c189b163ba3e2b865c64a01a
|
|
| SHA512 |
ed4e22b074fbd8f3aa725ea4fd8645ab75d44e91081013756fafdc62b01d3d5de5d947f5ec003629d8da076642bd3c3cc2bcfdc70cb6ce8290a874b8e3e892fe
|
|
| ImpHash |
6a91eb82bfd19d2706c7d43c46f7064e
|
| 图标 |
哈希: bb9beb873272a25026bf66d57b68d25d
模糊: 1229ed6e29282087d05fdc764bcbc036 dHash: f8f8f0e8f8f2f0c0 |
| 映像基址 | 0x140000000 |
| 入口点 | 0x140011360 |
| 编译时间 | 2024-01-17 16:27:44 |
| 校验和 | 0x003385eb (实际: 0x003385eb) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| PDB 路径 | D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb |
| 数字签名 | Chain verification from CN=Nuclearist (serial:39250072496249749898143963923751766372, sha1:d675c4cc5dfa7241da44fe659936bf503f71b10d) failed: The X.509 certificate provided is self-signed - "Common Name: Nuclearist" |
| 导入 | 12 库 |
| 导出 | 0 函数 |
| 资源 | 11 资源 |
| 节 | 7 节 |
| Translation | 0x0000 0x04b0 |
| CompanyName | Nuclearist |
| FileDescription | TEKLauncher |
| FileVersion | 9.4.85.0 |
| InternalName | TEKLauncher.dll |
| LegalCopyright | Copyright © 2020-2024 Nuclearist |
| OriginalFilename | TEKLauncher.dll |
| ProductName | TEK Launcher |
| ProductVersion | 9.4.85.0+fb32f294ca9cf70d920f84525815e148631440ed |
| Assembly Version | 9.4.85.0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
92,508 bytes | 92,672 bytes | 6.37 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
D57A468618D720AA383BA4FA099FA4FF |
.rdata |
0x00018000 |
38,366 bytes | 38,400 bytes | 4.49 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
96ED1F87424AC825D5793C842C766319 |
.data |
0x00022000 |
6,224 bytes | 2,560 bytes | 2.37 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
C68D08B021655366041F689D3F3C06F9 |
.pdata |
0x00024000 |
5,052 bytes | 5,120 bytes | 4.98 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
58B5C0BA22A038CA54D885829AB5F06D |
_RDATA |
0x00026000 |
500 bytes | 512 bytes | 4.21 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
F03E9BC08417A2C7013707183AF3D6F7 |
.reloc |
0x00027000 |
792 bytes | 1,024 bytes | 4.70 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
8C0B631B1BF06E3A21B8F532673041EA |
.rsrc |
0x00028000 |
184,900 bytes | 185,344 bytes | 7.98 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
110839E256965FFED566461053EC99D5 |
1 检测到高熵(≥7.5)的节 - 可能存在打包/加密
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 8 | 182,166 字节 | |
| RT_GROUP_ICON | 1 | 118 字节 | |
| RT_VERSION | 1 | 886 字节 | |
| RT_MANIFEST | 1 | 1,073 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
Chain verification from CN=Nuclearist (serial:39250072496249749898143963923751766372, sha1:d675c4cc5dfa7241da44fe659936bf503f71b10d) failed: The X.509 certificate provided is self-signed - "Common Name: Nuclearist"
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
