LX63 dll 文件恶意软件分析

技术分析

文件名	LX63.dll
文件类型	Win32 DLL
魔术字节	`PE32+ executable (DLL) (GUI) x86-64, for MS Windows`
SSDEEP 哈希	49152:OllJxThXQMiPLfQAvpMSMk4wELmeXZsQKtD2ZAsajHchmGN:kl33Yr/M0ameXZsQKtD2ZAsajoN
扫描器版本	1.0.222.174
数据库版本	2025-08-04 14:00:40 UTC

扫描另一个文件

文件识别

哈希类型	值	操作
MD5	227ef1ec4140b90fb5e7271929919252
SHA1	b0e1c6337649aab40e45959a7cd642186d0bf7ff
SHA256	4680b5f9163a865251ab2156cde290a6a145b27b42a70bc4160d331d9217e021
SHA512	0bf7aee233f603d04734b8e1c12da59067e77804026d9b3fe6776aa20e30ea1a9ca7eda1f223499a5b678e4b8cca05f0c098bc40a211490680d0072d8a8abd74
ImpHash	90b82d02419db84e0c03e60c3a030ef7

检测到威胁的安全引擎 (1 共 72)

Microsoft

Trojan:Win32/Wacatac.B!ml Malicious

71 个引擎未报告威胁 - 为清晰起见，仅显示有检测结果的引擎

PE 分析

基本信息

▼

映像基址	`0x180000000`
入口点	`0x1801d2ce0`
编译时间	2025-08-03 20:50:51
校验和	0x00278781 (实际: 0x00278781)
操作系统版本	6.0
PEiD 签名	`PE32+ executable (DLL) (GUI) x86-64, for MS Windows`
数字签名	An error occurred while validating the countersignature: Chain verification from [email protected], CN=viper, O=take2games, L=San Francisco, ST=California, C=US (serial:1000, sha1:20ae9df7716c2b66800d978aa57219f2db429ae7) failed: The X.509 certificate provided is self-signed - "Email Address: [email protected], Common Name: viper, Organization: take2games, Locality: San Francisco, State/Province: California, Country: US"
导入	25 库
导出	1 函数
资源	1 资源
节	6 节

PE 节

▼

名称	虚拟地址	虚拟大小	原始大小	熵	特征	MD5
`.text`	`0x00001000`	1,950,503 bytes	1,950,720 bytes	6.45 (正常)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`3983CB300489DD15670E10965DDC0213`
`.rdata`	`0x001de000`	499,640 bytes	499,712 bytes	5.91 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`8C8E87715DBFA0058D067F7BF29D98A1`
`.data`	`0x00258000`	44,880 bytes	35,840 bytes	4.84 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`5A172CAF9A84A14F79DECCA592B5095C`
`.pdata`	`0x00263000`	69,744 bytes	70,144 bytes	6.20 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`E3DF5249D1BB55550A7958ECBF3632F0`
`.rsrc`	`0x00275000`	248 bytes	512 bytes	2.52 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`AA22580139B88015429BC67CDE31C1ED`
`.reloc`	`0x00276000`	12,712 bytes	12,800 bytes	5.45 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`886B50F680AD9C22BBAC213F178854AB`

资源分析

▼

资源总数: 1 (145 字节)

资源类型	数量	总大小	百分比
RT_MANIFEST	1	145 字节	100%

证书链分析

▼

证书 Information

验证状态	A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
签名者	Take-Two Interactive Software, Inc.; VeriSign Class 3 Code Signing 2010 CA; VeriSign
副签名者	viper

证书链摘要

viper #1 主要

有效期: 2025-01-27 02:43:29 → 2026-01-27 02:43:29

签名算法: sha256RSA

序列号: 03 E8

Take-Two Interactive Software, Inc. #2 链

有效期: 2011-09-21 00:00:00 → 2013-09-20 23:59:59

签名算法: sha1RSA

序列号: 69 50 43 D6 8F 15 55 0F D5 DB 37 0F A8 81 7B 04

VeriSign Class 3 Public Primary Certification Authority - G5 #3 链

有效期: 2011-02-22 19:25:17 → 2021-02-22 19:35:17

签名算法: sha1RSA

序列号: 61 19 93 E4 00 00 00 00 00 1C

✓ 此文件已进行数字签名，证书链已验证。

签名确保文件的完整性和发布者的真实性。
时间戳证明签名的应用时间。

证书验证状态

An error occurred while validating the countersignature: Chain verification from [email protected], CN=viper, O=take2games, L=San Francisco, ST=California, C=US (serial:1000, sha1:20ae9df7716c2b66800d978aa57219f2db429ae7) failed: The X.509 certificate provided is self-signed - "Email Address: [email protected], Common Name: viper, Organization: take2games, Locality: San Francisco, State/Province: California, Country: US"

建议: 验证文件来源并确保它来自可信的发布者.

LX63.dll 文件分析