HCU exe Trojan Heuristic 文件恶意软件分析: 1fdc8513a1d427cced9dd94144c48970

HCU.exe Trojan Heuristic 分析

更新于 15 days ago

检查者 Malware Check

HCU.exe

哈希类型	值	操作
MD5	1fdc8513a1d427cced9dd94144c48970
SHA1	b7cd688c2757d4a8716075c72b1833bfddc1acad
SHA256	5b4bd21c06ff9fd1213eb16bef6284732e319bfc63652d04f0400a95a20056a3
SHA512	6a5098603616f4fc4ff0940e083e4322f805ed9e574005ee4c0bd44b9e2e9a9063189021ea163b911b83ffd8b59108f4a5da9deec807868479c8fae5f7da91a5
ImpHash	1a42a142a3c2fe90659caa60cbc43ec5

哈希类型

值

操作

MD5

1fdc8513a1d427cced9dd94144c48970

SHA1

b7cd688c2757d4a8716075c72b1833bfddc1acad

SHA256

5b4bd21c06ff9fd1213eb16bef6284732e319bfc63652d04f0400a95a20056a3

SHA512

6a5098603616f4fc4ff0940e083e4322f805ed9e574005ee4c0bd44b9e2e9a9063189021ea163b911b83ffd8b59108f4a5da9deec807868479c8fae5f7da91a5

ImpHash

1a42a142a3c2fe90659caa60cbc43ec5

PE 分析

基本信息

▼

图标	哈希: 22904ea86c84d0d321ec0685880b4df3 模糊: de96d67a739c2bcc50243da3270ea817 dHash: 00694d4c4c4d6900
映像基址	`0x00400000`
入口点	`0x010d221c`
编译时间	2019-02-07 15:12:32
校验和	0x00000000 (实际: 0x009396b4)
操作系统版本	5.0
PEiD 签名	`PE32 executable (GUI) Intel 80386, for MS Windows`
数字签名	No valid SignedData structure was found.
导入	25 库
导出	3 函数
资源	10 资源
节	12 节

版本信息

▼

FileVersion	1.0.0.322
ProductName	HCU
ProductVersion	1.0.0.322
Translation	0x0409 0x04e4

PE 节

▼

名称	虚拟地址	虚拟大小	原始大小	熵	特征	MD5
`.text`	`0x00001000`	5,445,552 bytes	0 bytes	0.00 (正常)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`D41D8CD98F00B204E9800998ECF8427E`
`.itext`	`0x00533000`	22,200 bytes	0 bytes	0.00 (正常)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`D41D8CD98F00B204E9800998ECF8427E`
`.data`	`0x00539000`	218,396 bytes	0 bytes	0.00 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.bss`	`0x0056f000`	150,040 bytes	0 bytes	0.00 (正常)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.idata`	`0x00594000`	22,138 bytes	0 bytes	0.00 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.didata`	`0x0059a000`	2,708 bytes	0 bytes	0.00 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.edata`	`0x0059b000`	149 bytes	0 bytes	0.00 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`D41D8CD98F00B204E9800998ECF8427E`
`.tls`	`0x0059c000`	80 bytes	0 bytes	0.00 (正常)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.rdata`	`0x0059d000`	93 bytes	0 bytes	0.00 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`D41D8CD98F00B204E9800998ECF8427E`
`.MPV0`	`0x0059e000`	6,750,729 bytes	0 bytes	0.00 (正常)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`D41D8CD98F00B204E9800998ECF8427E`
`.MPV1`	`0x00c0f000`	9,499,872 bytes	9,500,160 bytes	7.98 (打包/加密)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`42F1D0CB806890AB3220E3842B33FC6D`
`.rsrc`	`0x0151f000`	107,473 bytes	107,520 bytes	2.05 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`EF05BBDE4EFF9BFB33C190EF00C46ED8`

熵分析警报

1 检测到高熵（≥7.5）的节 - 可能存在打包/加密

资源分析

▼

资源总数: 10 (106,883 字节)

资源类型	数量	总大小	百分比
RT_ICON	6	104,336 字节	97.6%
RT_GROUP_ICON	1	90 字节	0.1%
RT_VERSION	1	368 字节	0.3%
RT_MANIFEST	2	2,089 字节	2%

证书链分析

▼

无数字签名

此文件未进行数字签名。

安全影响:

无法验证发布者的身份
运行此文件时安全风险增加
可能在某些系统上触发安全警告

⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。

证书验证状态

No valid SignedData structure was found.

建议: 验证文件来源并确保它来自可信的发布者.

发表评论

文件名	HCU.exe
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
扫描器版本	1.0.231.174
数据库版本	2025-12-26 14:00:39 UTC

HCU.exe Trojan Heuristic 分析

技术分析

Trojan.Heur!.022D6421

扫描另一个文件

文件识别