| 文件名 | amtrucks.exe |
| 文件类型 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.197.174 |
| 数据库版本 | 2024-11-19 19:00:16 UTC |
恶意软件家族: Heuristic
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
4c3c02dff5ce501473ec06c55ae5f171
|
|
| SHA1 |
aa2fd0ea1b5d7fa29f296ad857cb6f8ec4aa7040
|
|
| SHA256 |
46c8c45ebcdd70bd0c88aa831f1de412809d9362ad7b965fa1d4e8f3cf0600bf
|
|
| SHA512 |
6e709e69556f197a17b2273fbecb964f54d8f699d2ba422e593730d75307efc93d0c5624b716a38836e0bd1ecaed807e4c11007b3ee024e25fee2e3e284a4def
|
|
| ImpHash |
e06d6fbb989925b1f7e445191b5e491e
|
| 图标 |
哈希: e6a83ab213c76532598e8b7561815b83
模糊: 1f5649c9051c71117b809dab46b635f5 dHash: a272f2d69ae8e804 |
| 映像基址 | 0x140000000 |
| 入口点 | 0x1418699d8 |
| 编译时间 | 2024-10-23 12:02:48 |
| 校验和 | 0x00000000 (实际: 0x02aafb41) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| PDB 路径 | d:\buildbot\slaves\win_slave\final_build_ats_151_windows_bin_steam_x64\build\prism\obj\x64\amtrucks\Steam\amtrucks\exe_ats\amtrucks.pdb |
| 数字签名 | No valid SignedData structure was found. |
| 导入 | 19 库 |
| 导出 | 31 函数 |
| 资源 | 62 资源 |
| 节 | 9 节 |
| CompanyName | SCS Software |
| FileDescription | American Truck Simulator |
| FileVersion | 1.52.0.6 (ff28957ed3d0be76f573ecfda079995510f04d76) |
| InternalName | amtrucks |
| LegalCopyright | Copyright (C) SCS Software 2014 |
| LegalTrademarks | American Truck Simulator (C) SCS Software 2014 |
| OriginalFilename | amtrucks.exe |
| ProductName | American Truck Simulator |
| ProductVersion | 1.52.0.6 |
| Translation | 0x0409 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
26,258,384 bytes | 26,258,432 bytes | 6.50 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
C4DCBF0423FE5A4A3A3B7B9015459FF2 |
.rdata |
0x0190c000 |
7,177,418 bytes | 7,177,728 bytes | 5.58 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
2E3B0961E316CA283BAADECDB8749E92 |
.data |
0x01fe5000 |
13,115,124 bytes | 9,113,600 bytes | 0.48 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
93D157C847CEACB9C4A8EA408C4EA399 |
.pdata |
0x02c67000 |
1,250,184 bytes | 1,250,304 bytes | 6.75 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
E4AC6C8369498D0600981B7AACEE6D96 |
_RDATA |
0x02d99000 |
130,016 bytes | 130,048 bytes | 6.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
E60997071698569CBFDED18F7CCC5D85 |
.gxfg |
0x02db9000 |
15,392 bytes | 15,872 bytes | 5.14 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
20C06194D9DA4B6E67E15E9CEA4EF6D8 |
.gehcont |
0x02dbd000 |
36 bytes | 512 bytes | 0.18 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
CC68BCFFC5E75A8F3F5DA83F395CA352 |
.rsrc |
0x02dbe000 |
336,456 bytes | 336,896 bytes | 7.23 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
59F306960FBF3178862D159636D3EBB6 |
.reloc |
0x02e11000 |
422,476 bytes | 422,912 bytes | 5.48 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
E4BF62D92313A57E247EACC1B62B7964 |
3 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| ETWMAN | 1 | 7,700 字节 | |
| WEVT_TEMPLATE | 1 | 5,274 字节 | |
| RT_CURSOR | 1 | 308 字节 | |
| RT_BITMAP | 5 | 31,050 字节 | |
| RT_ICON | 31 | 280,097 字节 | |
| RT_MENU | 1 | 430 字节 | |
| RT_DIALOG | 11 | 3,876 字节 | |
| RT_MESSAGETABLE | 1 | 724 字节 | |
| RT_GROUP_CURSOR | 1 | 20 字节 | |
| RT_GROUP_ICON | 7 | 476 字节 | |
| RT_VERSION | 1 | 1,004 字节 | |
| RT_MANIFEST | 1 | 1,979 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
No valid SignedData structure was found.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
