| 文件名 | ESRS.exe |
| 文件类型 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 扫描器版本 | 1.0.211.174 |
| 数据库版本 | 2025-03-20 10:00:39 UTC |
恶意软件家族: Heuristic
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
0202855d1f0a206deba4c2609ce89f84
|
|
| SHA1 |
801b83f89f43bb1d3ce9f2dd15035b28f1545b4d
|
|
| SHA256 |
50bfea6c398d32aa37f7a211f9c55257f99fe9cccc9f64dc58c8f203a9f77422
|
|
| SHA512 |
5ae82ed9f8128cbf17a19fe9188054172e17575b4bc54aa116e93d080ca2f88aa3175d140454dbace753a6d91025230fdb2ff02c7f854e499c716453be27fc73
|
|
| ImpHash |
c57932fca7fce06c6e8a3a2664a177cb
|
| 图标 |
哈希: c42d9f1a38a2f8ac88c215d9b7801e99
模糊: 79983bf248603b7ecee4b2f9f52ea996 dHash: fefee6d6948e7a9e |
| 映像基址 | 0x00400000 |
| 入口点 | 0x00428433 |
| 编译时间 | 2023-05-12 10:32:03 |
| 校验和 | 0x00000000 (实际: 0x002452fd) |
| 操作系统版本 | 1.0 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 数字签名 | No valid SignedData structure was found. |
| 导入 |
6 库
cvirte, ADVAPI32, GDI32, KERNEL32, msi, USER32 |
| 导出 | 0 函数 |
| 资源 | 8 资源 |
| 节 | 16 节 |
| CompanyName | 青岛仪迪电子公司 |
| FileDescription | ESRS (Release x86) |
| FileVersion | 1.0 |
| InternalName | ESRS |
| LegalCopyright | Copyright IDI Instrument Co.Ltd. 2023 |
| OriginalFilename | ESRS.exe |
| ProductName | 双通道安全性能综合测试系统 |
| ProductVersion | 1.0 |
| Translation | 0x0409 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
233,746 bytes | 233,984 bytes | 6.34 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
9EF869F77E23858A97799C1C970123EE |
.data |
0x0003b000 |
239,193 bytes | 239,616 bytes | 5.53 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
93E749E78E2B3EA2780675D23FB8D121 |
.bss |
0x00076000 |
6,600 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.rdata |
0x00078000 |
5,120 bytes | 5,120 bytes | 5.85 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D2D64C2D9C58FECB3DC4A3EC71676524 |
.db_info |
0x0007a000 |
4,007 bytes | 4,096 bytes | 5.07 (正常) |
IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
958F9DE4F7660421F7ED86233C0DCB00 |
.db_abbv |
0x0007b000 |
1,040 bytes | 1,536 bytes | 3.54 (正常) |
IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
0E7CBE57E596148277EAE7E0175BF809 |
.db_line |
0x0007c000 |
1,606 bytes | 2,048 bytes | 5.00 (正常) |
IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
D6F1DB37447517FDE6499064DE8D1AB0 |
.db_pnam |
0x0007d000 |
1,397 bytes | 1,536 bytes | 4.42 (正常) |
IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
42640BF3150AD3E49B58D63E5F775A59 |
.db_str |
0x0007e000 |
2,565 bytes | 3,072 bytes | 4.53 (正常) |
IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
E8CA142D3C794A8915A16D0FD9902BF2 |
.db_ref |
0x0007f000 |
1,050 bytes | 1,536 bytes | 4.12 (正常) |
IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
C492F4493CAC7B128DEC7598B75FFBB9 |
.db_fram |
0x00080000 |
800 bytes | 1,024 bytes | 3.19 (正常) |
IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
74642F790AE717CDD5514C04C50E2316 |
_data |
0x00081000 |
10 bytes | 512 bytes | 0.04 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
4C5B8AF90312D48F50B09A05AE1B16A3 |
_text |
0x00082000 |
444 bytes | 512 bytes | 5.58 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
7B965209BA92BBFC2E17B84352D59171 |
.idata |
0x00083000 |
56,694 bytes | 56,832 bytes | 5.91 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
FEAE19FDF6341A1FFC056328B894055F |
.edata |
0x00091000 |
49 bytes | 512 bytes | 0.37 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
F2F1FA5CC9B0735A60CB5F636E9B416C |
.rsrc |
0x00092000 |
1,798,920 bytes | 1,799,168 bytes | 7.46 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
C3E17948514026BF27CF34769F181D51 |
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| UIRFILETYPE | 3 | 1,784,748 字节 | |
| RT_ICON | 1 | 12,432 字节 | |
| RT_STRING | 1 | 40 字节 | |
| RT_GROUP_ICON | 1 | 20 字节 | |
| RT_VERSION | 1 | 712 字节 | |
| RT_MANIFEST | 1 | 340 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
No valid SignedData structure was found.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
