| 在线病毒检测器 | v.1.0.165.174 |
| 数据库版本: | 2024-02-17 12:00:15 |
STOP/Djvu勒索软件,也简称为STOP勒索软件或Djvu勒索软件,是一种恶意软件,它加密受害者计算机上的文件,并要求赎金以解密这些文件。这种勒索软件变种已经活跃了数年,影响了众多用户和组织。
| File | 授業deえっち?_chs.exe |
| 已检查 | 2024-02-17 11:02:21 |
| MD5 | c02fb5958ee0f83d5d4e03285dcbfb4c |
| SHA1 | 9504fc0a48505573efe6727f972551739780695b |
| SHA256 | 4bd534e4e7aa468cda99bc33a82a58d7f36af31dba86db564f7f31925c36e6e0 |
| SHA512 | b7f19545538aecbc9e12c3b6000b0321ab7fca268c1dbb7034e5b16a4551fc713f26b80f81d7ff15f276b7bd533b4108a88364c7e1a363d4862fe092c2cc02c9 |
| Imphash | 2f727a975c44a2925ace416e4a5ad2d8 |
| File Size | 6094848 bytes |
Gridinsoft能够识别并消除Ransom.Win32.STOP.dg!se51856,无需进一步的用户干预。
 |
843c789cffd4754ba8e00062d3092cb2 829bcb0afdb95882b0ccb82856de13cd fe5a9a929a9a8ec0 |
| Image Base: | 0x00400000 |
| Entry Point: | 0x00464c9a |
| Compilation: | 2011-07-15 12:47:38 |
| Checksum: | 0x000d9703 (Actual: 0x005d73ef) |
| OS Version: | 4.0 |
| PEiD: | PE32 executable (GUI) Intel 80386, for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 6 |
| Imports: | kernel32, user32, advapi32, oleaut32, ole32, ntdll, SHFolder, shlwapi, |
| Exports: | 0 |
| Resources: | 40 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | MD5 | 熵 |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x0009d4aa | 0x0009e000 | 0fac66cc26dd8a708dfa1a65912c180d | 6.73 |
| .rdata | 0x0009f000 | 0x00007222 | 0x00008000 | c98a4beeac7b84a3caadc7e553a36372 | 6.30 |
| .data | 0x000a7000 | 0x00110338 | 0x0001c000 | f0db64e1f22887ec54d642a453020e97 | 6.03 |
| .rsrc | 0x001b8000 | 0x00007af4 | 0x00008000 | 9c372fce5db3f57953b024d3238ea398 | 5.19 |
| .enigma1 | 0x001c0000 | 0x00001000 | 0x004be000 | 4ddd0e7d8d5ab326d899b2f8ca8ffa2c | 6.82 |
| .enigma2 | 0x001c1000 | 0x00047000 | 0x00047000 | fc7440d07bce52cc856ff210c4ba8ad3 | 5.86 |
