| 文件名 | Golden.exe |
| 扫描器版本 | 1.0.136.174 |
| 数据库版本 | 2023-09-08 08:01:48 UTC |
恶意软件家族: Heuristic
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
b422ce0900cc6955340ae1299afd1122
|
|
| SHA1 |
f864efa2036dd30f4fc2cb6d719fbe0d2c72c6a3
|
|
| SHA256 |
57a14e84bfc6c2070115f827736d264bf7ba092cbc90bea4365939359f39f083
|
|
| SHA512 |
5cff520c4d6fc0af82d6541421569a0fa597cf086222c82514be4d353d2268e2ad7b7b00107ce1c738170b2cc6bf1a4870eb7978afeace706ce14d03f1d77dea
|
|
| ImpHash |
2a9a8afe0c4589826f3e83ff7470eb91
|
| 图标 |
哈希: 0083a7d377bafa81777c9822b7cedbf1
模糊: 7f2197d1f46a139ef951e97946570b26 dHash: 00c1c8e4c4cc6880 |
| 映像基址 | 0x00400000 |
| 入口点 | 0x01679a60 |
| 编译时间 | 2023-06-13 18:44:10 |
| 校验和 | 0x01363e73 (实际: 0x01363e73) |
| 操作系统版本 | 4.0 |
| PEiD 签名 | 未检测到签名 |
| 数字签名 | OK |
| 导入 |
7 库
kernel32, oleaut32, user32, advapi32, ole32, ntdll, shlwapi |
| 导出 | 0 函数 |
| 资源 | 4 资源 |
| 节 | 4 节 |
| AAA Certificate Services | Sectigo Limited (GB) |
| Sectigo Public Code Signing CA R36 | Carlos Armando Celaya López (MX) |
| Sectigo Public Code Signing Root R46 | Sectigo Limited (GB) |
| Translation | 0x0000 0x04b0 |
| Comments | Anticheat Solutions |
| CompanyName | Golden Solutions LLC |
| FileDescription | Golden Anticheat |
| FileVersion | 1.3.0.0 |
| InternalName | Golden.exe |
| LegalCopyright | Copyright © 2022 Golden Solutions LLC |
| LegalTrademarks | |
| OriginalFilename | Golden.exe |
| ProductName | Golden Anticheat |
| ProductVersion | 1.3.0.0 |
| Assembly Version | 1.1.0.0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00002000 |
19,322,952 bytes | 19,323,392 bytes | 7.20 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
023F8182C1ED161B64300814BF804B89 |
.rsrc |
0x01270000 |
15,105 bytes | 15,360 bytes | 4.04 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
0FB00A35A068405C49A78721AD991C55 |
.enigma1 |
0x01274000 |
8,192 bytes | 221,184 bytes | 7.90 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
A6F4ACB2FB1B6558072B6683CBA2D329 |
.enigma2 |
0x01276000 |
712,704 bytes | 712,704 bytes | 5.41 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
91BACE064B02CF508F0C31FCFF5B34DB |
1 检测到高熵(≥7.5)的节 - 可能存在打包/加密
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 1 | 10,192 字节 | |
| RT_GROUP_ICON | 1 | 20 字节 | |
| RT_VERSION | 1 | 940 字节 | |
| RT_MANIFEST | 1 | 3,649 字节 |
| 主题 |
Sectigo Public Code Signing Root R46 Sectigo Limited GB |
| 颁发者 | AAA Certificate Services |
| 序列号 | 97015870309959729927281967672979788822 |
| 主题 |
Carlos Armando Celaya López Carlos Armando Celaya López MX |
| 颁发者 | Sectigo Public Code Signing CA R36 |
| 序列号 | 9537941119312710837320028783741799988 |
| 主题 |
Sectigo Public Code Signing CA R36 Sectigo Limited GB |
| 颁发者 | Sectigo Public Code Signing Root R46 |
| 序列号 | 130417131954583740712891216934480190474 |
OK
按照以下步骤完全从系统中移除威胁
