| 文件名 | cpasunvirus.exe |
| 文件类型 |
Win32 EXE
|
| 魔术字节 | PE32+ executable (console) x86-64, for MS Windows |
| SSDEEP 哈希 |
49152:oWdyyTQu0xjF8b9g7dQhr+qRmHE3dJPYGqVx7s:Rylu0Yhr+qRmHG/qP
|
| 扫描器版本 | 1.0.176.174 |
| 数据库版本 | 2024-05-22 14:00:27 UTC |
被 10 个安全引擎检测到 - 需要谨慎
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
eeb26701ad82dbddd192f8a28e271152
|
|
| SHA1 |
963b661356b28626d737078967ab02bd8365bd5e
|
|
| SHA256 |
5f54fe8f402aeb3d509cec5bf539be53e5a4a6138f5484d01d5048661d2bffb4
|
|
| SHA512 |
8e91281b85534deee283e8fa816ba67b636b4494c60ee8fc22c48d63ff5e0ca411a39a181edb939bff3b7f167abdaff4d3272d54ec4ec47efa49f665ca63d623
|
|
| ImpHash |
c2d457ad8ac36fc9f18d45bffcd450c2
|
| 映像基址 | 0x00400000 |
| 入口点 | 0x00467b40 |
| 编译时间 | 1970-01-01 00:00:00 |
| 校验和 | 0x00000000 (实际: 0x002ed798) |
| 操作系统版本 | 6.1 |
| PEiD 签名 |
PE32+ executable (console) x86-64, for MS Windows
|
| 数字签名 | The PE file does not contain a certificate table. |
| 导入 |
1 库
kernel32 |
| 导出 | 0 函数 |
| 资源 | 0 资源 |
| 节 | 15 节 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
727,718 bytes | 728,064 bytes | 6.26 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
36DC1A18C4D91E66D0670AA9FDDC2EF6 |
.rdata |
0x000b3000 |
1,230,848 bytes | 1,230,848 bytes | 6.12 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
4AE13D9185EF0C73AAB146A13D7E335D |
.data |
0x001e0000 |
653,632 bytes | 92,672 bytes | 3.26 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D5E8753FA68C2D15D6CBCF2E7CC6BA43 |
.pdata |
0x00280000 |
19,860 bytes | 19,968 bytes | 5.23 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
9BA52A78BEBD53D13D2FAE6F4530D6D0 |
.xdata |
0x00285000 |
180 bytes | 512 bytes | 1.78 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
7575575B512F55963EF9A6F4042E2CAC |
/4 |
0x00286000 |
297 bytes | 512 bytes | 5.08 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES
|
17F62672C8506464AE13ECCC2EB6CB94 |
/19 |
0x00287000 |
157,335 bytes | 157,696 bytes | 7.99 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES
|
E4E4D67CF5ECCE42088D42C0B49CAEE1 |
/32 |
0x002ae000 |
31,501 bytes | 31,744 bytes | 7.93 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES
|
EBB6B87F364D815C7FA636962210699C |
/46 |
0x002b6000 |
42 bytes | 512 bytes | 0.74 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES
|
56D08C10AA9E5C0C3680F67F8992B3D4 |
/65 |
0x002b7000 |
447,199 bytes | 447,488 bytes | 8.00 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES
|
74E87EE200F1EBB10A099A2717B359AC |
/78 |
0x00325000 |
153,460 bytes | 153,600 bytes | 7.99 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES
|
0AC08552CB47E49019741B96A2F9F45D |
/90 |
0x0034b000 |
57,385 bytes | 57,856 bytes | 7.79 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES
|
2D0F2C2158B2087D2004C4B0BDE74ADF |
.idata |
0x0035a000 |
1,364 bytes | 1,536 bytes | 4.06 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
F6870AB87801121016A1152BFB1B9E60 |
.reloc |
0x0035b000 |
17,176 bytes | 17,408 bytes | 5.40 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
7D21E905B9A6643F177EF23DF1916F0E |
.symtab |
0x00360000 |
114,651 bytes | 114,688 bytes | 5.06 (正常) |
IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
D5C3B3B6C3F71AD73ADF86F79C36A1A0 |
5 检测到高熵(≥7.5)的节 - 可能存在打包/加密
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The PE file does not contain a certificate table.
建议: 验证文件来源并确保它来自可信的发布者.
Gridinsoft Anti-Malware 拥有更强大的病毒扫描引擎。我们建议使用它来更准确地诊断受感染的系统。这个简短的指南将帮助您安装我们的旗舰产品以进行更准确的诊断:
下载反恶意软件此文件看起来是干净的,但定期的安全维护很重要
