| 文件名 | FFWsRegister.dll |
| 文件类型 |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.175.174 |
| 数据库版本 | 2024-05-07 18:00:26 UTC |
恶意软件家族: Packed
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
2d8c0895bcc12579f98838cc8c4293d5
|
|
| SHA1 |
8295561809329963f4f83fe4aed4d3f3724e94f9
|
|
| SHA256 |
48222e7bfdb9edd3a99552c38de134acf8becfef9d5af00dc0a4c85e6c3cc891
|
|
| SHA512 |
63a0eea20e61f1b2ea907c807640b9fd6aeeaccd9308e928bc80bbcd8227b1326abc827b50ad4a6294d2d33dd0fd7e1b1286c8da6a59cfb0df273b3fe29adadc
|
|
| ImpHash |
3f3475ae0d1f766debc5241dcdfbbd3a
|
| 图标 |
哈希: a4c09c4859e5ebf0c25d5741e4dcf096
模糊: f3a8cd694b22d7e9f267a395d00d9ba9 dHash: c69a727219ccb2b2 |
| 映像基址 | 0x180000000 |
| 入口点 | 0x180537108 |
| 编译时间 | 2023-08-22 10:05:56 |
| 校验和 | 0x0039e51f (实际: 0x0039e51f) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
| 数字签名 | The PE file does not contain a certificate table. |
| 导入 | 13 库 |
| 导出 | 22 函数 |
| 资源 | 12 资源 |
| 节 | 13 节 |
| CompanyName | Wondershare |
| FileDescription | FFWsRegister |
| FileVersion | 12, 5, 6, 3504 |
| InternalName | FFWsRegister |
| LegalCopyright | Copyright (c) 2020-2023 Wondershare. All rights reserved. |
| OriginalFilename | FFWsRegister |
| ProductName | FFWsRegister |
| ProductVersion | 12.5.6.3504 |
| Translation | 0x0804 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
|
0x00001000 |
83,550 bytes | 34,304 bytes | 7.97 (打包/加密) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
317DB3D9EEDC085E30B0DF6882CE2B8A |
|
0x00016000 |
38,010 bytes | 10,752 bytes | 7.88 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
A41FDB136D54C5DD0316EC788092F6EB |
|
0x00020000 |
3,328 bytes | 512 bytes | 7.22 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D2AEEA41732B18B2B04A016AAF51936E |
|
0x00021000 |
5,208 bytes | 3,584 bytes | 7.51 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D73124B318FA1ABB1E7FAACE618B7072 |
|
0x00023000 |
196,376 bytes | 54,784 bytes | 7.96 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
6609EC4D362B7D34E583B4E254E930B5 |
|
0x00053000 |
344 bytes | 512 bytes | 5.63 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
8728D5B5A25372E776A467D972A93CD4 |
.edata |
0x00054000 |
4,096 bytes | 1,536 bytes | 4.95 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D2E2244411B2BF7A06C935A356F2101C |
.idata |
0x00055000 |
4,096 bytes | 1,536 bytes | 3.32 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
8D5C27152514825465E6361272C323F6 |
.tls |
0x00056000 |
4,096 bytes | 512 bytes | 0.28 (正常) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
2A85BC6F83A879ED0EE2FA814121D815 |
.rsrc |
0x00057000 |
196,608 bytes | 196,608 bytes | 5.95 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
12DFE4A4840C370A9E13C25D8B0B1F6D |
.themida |
0x00087000 |
4,915,200 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.boot |
0x00537000 |
3,419,648 bytes | 3,419,648 bytes | 7.95 (打包/加密) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
4E1AF10636C277FC99EB85DA42E6BD6C |
.reloc |
0x0087a000 |
4,096 bytes | 16 bytes | 2.47 (正常) |
IMAGE_SCN_MEM_READ
|
C340D86520B7C04F3678761E90B40FBA |
5 检测到高熵(≥7.5)的节 - 可能存在打包/加密
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 9 | 194,325 字节 | |
| RT_GROUP_ICON | 1 | 132 字节 | |
| RT_VERSION | 1 | 808 字节 | |
| RT_MANIFEST | 1 | 381 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The PE file does not contain a certificate table.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
