| 文件名 | KMSSS.exe |
| 文件类型 |
PE32 executable (console) Intel 80386, for MS Windows
|
| 扫描器版本 | 1.0.156.174 |
| 数据库版本 | 2024-01-26 12:02:35 UTC |
恶意软件家族: KMS
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
22fc15f2c2e2a77bc5a1186e5f55d7d3
|
|
| SHA1 |
17f721a7833deb0b3d0e9ddc7bf6c0b0c40c2244
|
|
| SHA256 |
4c8c3bed3d9e8f48800065e4ac024aef237861aaa37443d4b00b98569d83aeea
|
|
| SHA512 |
72f70e611b7630e1ae2fcea98c278413e67b53acd09ab6bc74884d4c7ac5af16c4b3c1d32e801bc67a22d0cccebdac0438d090921b25bf53391d9a08cbdc433c
|
|
| ImpHash |
d580c8945048fcd3c31a9e045f02457c
|
| 映像基址 | 0x00400000 |
| 入口点 | 0x00419164 |
| 编译时间 | 2015-07-24 04:03:57 |
| 校验和 | 0x0004a92c (实际: 0x0004a92c) |
| 操作系统版本 | 5.1 |
| PEiD 签名 |
PE32 executable (console) Intel 80386, for MS Windows
|
| PDB 路径 | E:\Projects\Visual Studio 2010\KMSEmulator_UpdatedToV6_7_mod_1_0_8\KMS Server Service\bin\x86\Release\KMSSS.pdb |
| 数字签名 | Chain verification from CN=WZT (serial:11510838414342926713584220090592594831, sha1:f81f111d0e5ab58d396f7bf525577fd30fdc95aa) failed: The X.509 certificate provided is self-signed - "Common Name: WZT" |
| 导入 |
5 库
ADVAPI32, RPCRT4, IPHLPAPI, WS2_32, KERNEL32 |
| 导出 | 0 函数 |
| 资源 | 2 资源 |
| 节 | 5 节 |
| WZT | () |
| Thawte Timestamping CA | Symantec Corporation (US) |
| Symantec Time Stamping Services CA - G2 | Symantec Corporation (US) |
| CompanyName | MDL Forum, mod by Ratiborus |
| FileDescription | KMS Server Emulator Service (XP) |
| FileVersion | 1.2.1.0 |
| InternalName | KMSSS.exe |
| LegalCopyright | MDL Forum, mod by Ratiborus |
| OriginalFilename | KMSSS.exe |
| ProductName | KMS Server Emulator Service (XP) |
| ProductVersion | 1.2.1.0 |
| Translation | 0x0409 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
203,043 bytes | 203,264 bytes | 6.69 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
84A6E810C4749F05E143FCC8C329CC58 |
.rdata |
0x00033000 |
72,434 bytes | 72,704 bytes | 6.57 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
8CBF870FA3734EC4D1CB3F7A2A1C51EF |
.data |
0x00045000 |
17,836 bytes | 8,192 bytes | 4.61 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
2006135872BA9899FCB95D86165A4A4C |
.rsrc |
0x0004a000 |
1,328 bytes | 1,536 bytes | 4.47 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
7EF89E01596AF42BAC78BEA6F205C471 |
.reloc |
0x0004b000 |
13,996 bytes | 14,336 bytes | 5.42 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
5F95AC0361ADF44781D483AB0B69E2E6 |
2 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_VERSION | 1 | 820 字节 | |
| RT_MANIFEST | 1 | 346 字节 |
| 主题 |
WZT |
| 颁发者 | WZT |
| 序列号 | 11510838414342926713584220090592594831 |
| 主题 |
Symantec Time Stamping Services CA - G2 Symantec Corporation US |
| 颁发者 | Thawte Timestamping CA |
| 序列号 | 168250781398245547403531165097821404219 |
| 主题 |
Symantec Time Stamping Services Signer - G4 Symantec Corporation US |
| 颁发者 | Symantec Time Stamping Services CA - G2 |
| 序列号 | 19688950797630895426199952712430983760 |
Chain verification from CN=WZT (serial:11510838414342926713584220090592594831, sha1:f81f111d0e5ab58d396f7bf525577fd30fdc95aa) failed: The X.509 certificate provided is self-signed - "Common Name: WZT"
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
