| 文件名 | DriverUpdate.exe |
| 文件类型 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 扫描器版本 | 1.0.223.174 |
| 数据库版本 | 2025-08-18 01:00:18 UTC |
恶意软件家族: Gen
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
7f75229fe12f0c74e421d109dd0d4662
|
|
| SHA1 |
42479827b46e3e734992d656ece4c0ee3154dd3e
|
|
| SHA256 |
4a2964609fbfe70978aaf7096ce4fc01527174866eb711b74407a6919167b48c
|
|
| SHA512 |
ce31206b1b256230822983d90d5a3cf4ceeae2a214ad996e46bee62802c00f6c30a306aa5db71e9d59fb20ea5dbba32228f175555137016f8b00a242a07a5917
|
|
| ImpHash |
ad12e0e35b1185edd61870518b7b48e5
|
| 图标 |
哈希: a033772c7cc6ccd37d034ee374991583
模糊: ebdb42ce3b9940f6e9bbe1a73f1b41ce dHash: cc8e336969338ecc |
| 映像基址 | 0x00400000 |
| 入口点 | 0x0065c7d4 |
| 编译时间 | 2018-10-24 07:34:01 |
| 校验和 | 0x00000000 (实际: 0x0046d009) |
| 操作系统版本 | 5.0 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 数字签名 | No valid SignedData structure was found. |
| 导入 | 13 库 |
| 导出 | 1 函数 |
| 资源 | 67 资源 |
| 节 | 11 节 |
| FileVersion | 1.0.0.0 |
| ProductVersion | 1.0.0.0 |
| Translation | 0x0409 0x04e4 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
2,465,596 bytes | 2,465,792 bytes | 6.45 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
C06557A5017C540BB9A15DE43FD45DA9 |
.itext |
0x0025b000 |
6,216 bytes | 6,656 bytes | 6.12 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
9BAB05BB97B45447B7382483A5920B17 |
.data |
0x0025d000 |
45,500 bytes | 45,568 bytes | 6.46 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
2D2DB2F2A409FAD001DECDFB85CAB8F8 |
.bss |
0x00269000 |
552,904 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.idata |
0x002f0000 |
17,060 bytes | 17,408 bytes | 5.20 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
7F39D1E3C7477109E3112BE3EDBB72FE |
.didata |
0x002f5000 |
2,664 bytes | 3,072 bytes | 3.81 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
F06B7801F6C15DD0D70E42A278F5FFAB |
.edata |
0x002f6000 |
94 bytes | 512 bytes | 1.10 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
2E0296273D3D3A7C66DE17A0206FA736 |
.tls |
0x002f7000 |
68 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.rdata |
0x002f8000 |
92 bytes | 512 bytes | 1.33 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
2CC632D4A1CD25DF771249FF2E61C5DD |
.reloc |
0x002f9000 |
221,140 bytes | 221,184 bytes | 6.72 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
DA7A2AE1E4AC5006BBB762CD61425E76 |
.rsrc |
0x0032f000 |
230,660 bytes | 230,912 bytes | 5.30 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
793B76672B588BC84ABFF353DF66E2A6 |
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| UNICODEDATA | 6 | 167,861 字节 | |
| RT_CURSOR | 7 | 2,156 字节 | |
| RT_ICON | 2 | 8,528 字节 | |
| RT_STRING | 38 | 43,460 字节 | |
| RT_RCDATA | 4 | 3,786 字节 | |
| RT_GROUP_CURSOR | 7 | 140 字节 | |
| RT_GROUP_ICON | 1 | 20 字节 | |
| RT_VERSION | 1 | 320 字节 | |
| RT_MANIFEST | 1 | 703 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
No valid SignedData structure was found.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
