SAntivirusWD exe Trojan Heuristic 文件恶意软件分析: f0d41c048482ae563bfaba92f4b323df

SAntivirusWD.exe Trojan Heuristic 分析

更新于 1 year ago

检查者 Malware Check

SAntivirusWD.exe

哈希类型	值	操作
MD5	f0d41c048482ae563bfaba92f4b323df
SHA1	f7db99926c1c4408921365f9dfda9e23ada2a783
SHA256	5013e953a55534b83f74be41d5a08048f57e52be78c776566d58d296a0e7b381
SHA512	ac180878080123baf5e99b0419b3a9f7ad6c7e2bbd8a82e6b45dd94d3de48e2fc17545221aec94fbe421371ae8f1cc2b331615d279cf26e1d71508d5640a014d
ImpHash	87b79871203ea245059d92a2ab553b6f

哈希类型

值

操作

MD5

f0d41c048482ae563bfaba92f4b323df

SHA1

f7db99926c1c4408921365f9dfda9e23ada2a783

SHA256

5013e953a55534b83f74be41d5a08048f57e52be78c776566d58d296a0e7b381

SHA512

ac180878080123baf5e99b0419b3a9f7ad6c7e2bbd8a82e6b45dd94d3de48e2fc17545221aec94fbe421371ae8f1cc2b331615d279cf26e1d71508d5640a014d

ImpHash

87b79871203ea245059d92a2ab553b6f

PE 分析

基本信息

▼

图标	哈希: f33c31bbe5e37d7d2d48f3b2f9dbf889 模糊: 14e33edbae4e2016dd5ba8d1dc15dddc dHash: c08362434b69a6c8
映像基址	`0x140000000`
入口点	`0x1400ec474`
编译时间	2023-04-07 18:11:07
校验和	0x0074ef7b (实际: 0x04752629)
操作系统版本	6.0
PEiD 签名	`PE32+ executable (console) x86-64, for MS Windows`
数字签名	Unknown certificate revision b5e6
导入	19 库
导出	0 函数
资源	7 资源
节	16 节

数字签名

▼

Segurazo Security

Segurazo Security (CA)

版本信息

▼

CompanyName	DlGlTAL COMMUNICATIONS INC
FileDescription	IServ
FileVersion	1.0.22.33
InternalName	IServ
LegalCopyright	DlGlTAL COMMUNICATIONS INC
OriginalFilename	IServ
ProductName	IServ
ProductVersion	1.0.22.33
Translation	0x0409 0x04b0

PE 节

▼

名称	虚拟地址	虚拟大小	原始大小	熵	特征	MD5
`.text`	`0x00001000`	2,314,080 bytes	2,314,240 bytes	6.48 (正常)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`3B4ED70EABEE589BD2A0155DAE93E2CE`
`.fdata`	`0x00236000`	186 bytes	512 bytes	2.77 (正常)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`ED044A3C2E2DC7EF655EE144D336FCAB`
`.code2`	`0x00237000`	479 bytes	512 bytes	4.34 (正常)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`C2262431B34FEC58E005756A1BAC3D27`
`.code3`	`0x00238000`	3,928 bytes	4,096 bytes	5.97 (正常)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`41B1B7CAC9BF4A0ECF098B8E536893F2`
`.code4`	`0x00239000`	1,196 bytes	1,536 bytes	5.35 (正常)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`8FE73101A44FB0C26480D0DFAAD53170`
`.code1`	`0x0023a000`	2,412 bytes	2,560 bytes	5.97 (正常)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`276368249272FC22F2B7B739FDDAC430`
`.code`	`0x0023b000`	11,752 bytes	11,776 bytes	6.01 (正常)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`E30C336F54417A0B1936CD86FA6373BB`
`.code5`	`0x0023e000`	1,190 bytes	1,536 bytes	4.91 (正常)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`E7E161C8CE6598336FF4B62A64108C1D`
`.code6`	`0x0023f000`	9,544 bytes	9,728 bytes	5.85 (正常)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`2372CAE56E81CCBECF220BCD028B5844`
`.code7`	`0x00242000`	9,692 bytes	9,728 bytes	6.09 (正常)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`758FE1DEF761BAB35FF309FDD7857C54`
`.rdata`	`0x00245000`	4,849,178 bytes	4,849,664 bytes	7.89 (打包/加密)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`2EA14844A082BF6087880025AF54FD5E`
`.data`	`0x006e5000`	79,180 bytes	64,000 bytes	5.23 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`887F958AAA144E44F2B18E3A3C40A8B6`
`.pdata`	`0x006f9000`	118,644 bytes	118,784 bytes	6.32 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`E3914A36A6DA74AFE36A32153EFF98C7`
`.gfids`	`0x00716000`	5,652 bytes	6,144 bytes	3.84 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`7531A774DA6AEA899F517B19172BD653`
`.tls`	`0x00718000`	9 bytes	512 bytes	0.02 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`1F354D76203061BFDD5A53DAE48D5435`
`.rsrc`	`0x00719000`	257,160 bytes	257,536 bytes	7.96 (打包/加密)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`2E036F7CC01D1B7C084DF8E5EB3F657F`

熵分析警报

2 检测到高熵（≥7.5）的节 - 可能存在打包/加密

资源分析

▼

资源总数: 7 (256,667 字节)

资源类型	数量	总大小	百分比
RT_ICON	2	13,904 字节	5.4%
RT_RCDATA	2	241,648 字节	94.1%
RT_GROUP_ICON	1	34 字节	0%
RT_VERSION	1	700 字节	0.3%
RT_MANIFEST	1	381 字节	0.1%

证书链分析

▼

证书 #1

主题	Segurazo Security Segurazo Security CA
颁发者	Segurazo Security
序列号	`-2777590441930211166224332569712903199`

证书验证状态

Unknown certificate revision b5e6

建议: 验证文件来源并确保它来自可信的发布者.

发表评论

文件名	SAntivirusWD.exe
文件类型	PE32+ executable (console) x86-64, for MS Windows
扫描器版本	1.0.154.174
数据库版本	2024-01-15 01:03:51 UTC

SAntivirusWD.exe Trojan Heuristic 分析

技术分析

Trojan.Heur!.00016023

扫描另一个文件

文件识别