| 文件名 | CMLauncher.exe |
| 文件类型 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 扫描器版本 | 1.0.193.174 |
| 数据库版本 | 2024-10-19 15:00:33 UTC |
恶意软件家族: Agent
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
6eb5bd5c5c219d80cf35268b21141b7d
|
|
| SHA1 |
eb9eab739f70258c1c5078740836749f86d0433a
|
|
| SHA256 |
507bb3c962c233257999cb65352cec684b7dd611f689eca43c8db4452c84f596
|
|
| SHA512 |
9ede414f6bf8937065c44b75bf3139aac76bab3ba3e1006d25703d3469c07a87112e59c1b277adb1214790c61bdc93f566429b0de0653400d077834d46a3ae94
|
|
| ImpHash |
79fd65f332ce716896a6cf17170e092e
|
| 图标 |
哈希: 1fad46a22d2214ac75ed19f037a71821
模糊: 6869e21d0cbc201e6acc930042b6135e dHash: e89c9ad5e5baccc8 |
| 映像基址 | 0x00400000 |
| 入口点 | 0x00914edd |
| 编译时间 | 2024-01-28 12:11:15 |
| 校验和 | 0x00ec6db1 (实际: 0x00ecbc06) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| PDB 路径 | Z:\_SOURCE_CODE\ClientModLauncher\Launcher\Release\CMLauncher.pdb |
| 数字签名 | Chain verification from CN=ClientModGame (serial:126250232860106813693179804450808953640, sha1:b0ed53cd87f9e2bc51c6d202b7f6cfe2acdf953e) failed: The X.509 certificate provided is self-signed - "Common Name: ClientModGame" |
| 导入 | 26 库 |
| 导出 | 3 函数 |
| 资源 | 16 资源 |
| 节 | 7 节 |
| LegalCopyright | ClientMod (C) 2024 |
| ProductName | ClientMod Launcher |
| ProductVersion | 1.4.5 |
| FileVersion | 1.4.5 |
| Translation | 0x0409 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00010000 |
10,670,208 bytes | 10,670,592 bytes | 6.67 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
5D061AC4F369A0556A22E433135166C4 |
.rdata |
0x00a40000 |
3,509,638 bytes | 3,509,760 bytes | 6.67 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
419E91BE79539E03F4E007A3DEA276B4 |
.data |
0x00da0000 |
724,092 bytes | 590,848 bytes | 7.48 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
083BFA053CB765FCD5560DB05DFE93E2 |
.cdata |
0x00e60000 |
516 bytes | 1,024 bytes | 2.53 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
DCDA1710F7666849EBC25103CCEE15B5 |
_RDATA |
0x00e70000 |
9,736 bytes | 10,240 bytes | 6.08 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
5C2D75C9D32C819A368EE0E85FC4C392 |
.rsrc |
0x00e80000 |
206,712 bytes | 206,848 bytes | 5.37 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
2BB690F2BF7B5456D4BF2A81A92E92E9 |
.reloc |
0x00ec0000 |
482,356 bytes | 482,816 bytes | 6.59 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
72F8E3D9F4C449091EE5CFAA681B8AF7 |
4 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 12 | 204,064 字节 | |
| RT_GROUP_ICON | 2 | 180 字节 | |
| RT_VERSION | 1 | 460 字节 | |
| RT_MANIFEST | 1 | 1,079 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
Chain verification from CN=ClientModGame (serial:126250232860106813693179804450808953640, sha1:b0ed53cd87f9e2bc51c6d202b7f6cfe2acdf953e) failed: The X.509 certificate provided is self-signed - "Common Name: ClientModGame"
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
