文件名 | steam_api.dll |
文件类型 |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
扫描器版本 | 1.0.186.174 |
数据库版本 | 2024-09-08 09:00:29 UTC |
恶意软件家族: Agent
哈希类型 | 值 | 操作 |
---|---|---|
MD5 |
11c18d9b18f541b9e773229f0616d50d
|
|
SHA1 |
6bd51dd630c91eb6c867183ef92fce1279b7f5b1
|
|
SHA256 |
5b7fea0d99396461eb4198c9c0f30ac75f0870f0c403b3f453b60c73dfc1c89d
|
|
SHA512 |
d0aa48a8bf06b66885b9038ba1aaa9621f0899861830c5e0849c02e8459ca01f12c5b359321b1a6efc93f9515b3aa0a276d9572cac481cabce81b05a8777ecb6
|
|
ImpHash |
d4f26e1f19a810bf92ac9ac81d45efeb
|
映像基址 | 0x10000000 |
入口点 | 0x10033cfa |
编译时间 | 2015-03-08 17:02:20 |
校验和 | 0x00000000 (实际: 0x0010dbf9) |
操作系统版本 | 6.0 |
PEiD 签名 |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
数字签名 | The PE file does not contain a certificate table. |
导入 |
6 库
KERNEL32, USER32, GDI32, ADVAPI32, SHELL32, WINMM |
导出 | 710 函数 |
资源 | 4 资源 |
节 | 7 节 |
CompanyName | *!ReLOADeD!* |
FileDescription | Steam API |
FileVersion | 4,6,0,0 |
InternalName | steam_api |
LegalCopyright | *!ReLOADeD!* |
OriginalFilename | steam_api |
ProductName | Steam API |
ProductVersion | 4,6,0,0 |
Translation | 0x0409 0x04b0 |
名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
---|---|---|---|---|---|---|
.text |
0x00001000 |
256,683 bytes | 257,024 bytes | 6.55 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
1D7668BCD590024784F410DE75FC2631 |
.rdata |
0x00040000 |
83,680 bytes | 83,968 bytes | 5.58 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
F4B982819B180026FCA4097899C4396B |
.data |
0x00055000 |
13,312 bytes | 5,632 bytes | 3.68 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
587AF2AC6A10F60195E7FDE71311239E |
.rsrc |
0x00059000 |
117,976 bytes | 118,272 bytes | 5.67 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
19922D55CD9A9CB52A85A1238516A57D |
.RLD0 |
0x00076000 |
15,036 bytes | 15,360 bytes | 6.74 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
FBEE56AAE91C06550BBC3F4B81F38561 |
.RLD1 |
0x0007a000 |
597,089 bytes | 597,504 bytes | 7.90 (打包/加密) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
6DD37CA135E33A2A3D6E8846D29A5F48 |
.reloc |
0x0010c000 |
14,828 bytes | 14,848 bytes | 6.41 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
849AE606DF2C0AA525C12587381AA4C8 |
1 检测到高熵(≥7.5)的节 - 可能存在打包/加密
2 检测到较高熵(≥6.5)的节 - 可能存在压缩
资源类型 | 数量 | 总大小 | 百分比 |
---|---|---|---|
RT_BITMAP | 3 | 117,048 字节 | |
RT_VERSION | 1 | 668 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The PE file does not contain a certificate table.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁