| 文件名 | autocad2010update2x64.exe |
| 文件类型 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.158.174 |
| 数据库版本 | 2024-02-04 11:00:38 UTC |
恶意软件家族: Miner
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
205f8ad8840d26edc31f08bd56af33ae
|
|
| SHA1 |
643b00cf7a56b1187769773a3770422ff7315eea
|
|
| SHA256 |
6097ca42b9c0a3779ce7acb0ece2ad6ad6b4d5e07923a331aaef584540008eb9
|
|
| SHA512 |
4de01dac6b4bd45d5613241b35b842784930913abe6f179ef861b6ffb5161cd61827843a2dff87be89abe164c9c2b1fb038bbada1c8987228b9405d61a613419
|
|
| ImpHash |
6ed91d6f1cc234e9e45a83e1de99b415
|
| 映像基址 | 0x140000000 |
| 入口点 | 0x140008a70 |
| 编译时间 | 2010-04-19 10:56:13 |
| 校验和 | 0x02920db2 (实际: 0x02920db2) |
| 操作系统版本 | 5.2 |
| PEiD 签名 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 数字签名 | Chain verification from CN=Autodesk\, Inc, OU=Design Solutions Group, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Autodesk\, Inc, L=San Rafael, ST=California, C=US (serial:46926037903300280469636714148227324347, sha1:f652b1ed7f969543ca88a919dd11c806bf26f573) failed: The path could not be validated because intermediate certificate 1 expired 2019-05-20 23:59:59Z |
| 导入 |
4 库
msi, KERNEL32, USER32, SHELL32 |
| 导出 | 0 函数 |
| 资源 | 31 资源 |
| 节 | 6 节 |
| VeriSign, Inc. (US) | |
| VeriSign Class 3 Code Signing 2009-2 CA | Autodesk, Inc (US) |
| Comments | Autodesk, Inc. |
| CompanyName | Autodesk, Inc. |
| FileDescription | Autodesk SP. |
| FileVersion | 18.0.309.0.0 |
| InternalName | SP.EXE |
| LegalCopyright | Copyright (c) 1982-2009 by Autodesk, Inc. |
| OriginalFilename | SP.exe |
| ProductName | SP |
| ProductVersion | 18.0.309.0.0 |
| Translation | 0x0409 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
87,478 bytes | 87,552 bytes | 6.35 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
13BF99F92841A587CD80D4F2B8B8629F |
.rdata |
0x00017000 |
22,646 bytes | 23,040 bytes | 4.90 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
6FE82219883B76463D35BD4061729B7F |
.data |
0x0001d000 |
14,416 bytes | 6,144 bytes | 2.02 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
81E4256577D2F96247E9BD6C46214C5E |
.pdata |
0x00021000 |
5,292 bytes | 5,632 bytes | 4.84 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
E9777FB3D8E4B3B970EE2176A60E3F90 |
.rsrc |
0x00023000 |
42,972,616 bytes | 42,972,672 bytes | 7.95 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
E6071D0D98FB288F78D834A01046F3EE |
.reloc |
0x0291f000 |
4,836 bytes | 5,120 bytes | 0.99 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
90303C9A6C30C4836E5C30E2AF6D0836 |
1 检测到高熵(≥7.5)的节 - 可能存在打包/加密
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| MSP | 1 | 42,944,512 字节 | |
| RT_STRING | 28 | 25,920 字节 | |
| RT_VERSION | 1 | 796 字节 | |
| RT_MANIFEST | 1 | 353 字节 |
| 主题 |
VeriSign Class 3 Code Signing 2009-2 CA VeriSign, Inc. US |
| 颁发者 | 未知 |
| 序列号 | 134678584529721923331408176609551902556 |
| 主题 |
Autodesk, Inc Autodesk, Inc US |
| 颁发者 | VeriSign Class 3 Code Signing 2009-2 CA |
| 序列号 | 46926037903300280469636714148227324347 |
Chain verification from CN=Autodesk\, Inc, OU=Design Solutions Group, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Autodesk\, Inc, L=San Rafael, ST=California, C=US (serial:46926037903300280469636714148227324347, sha1:f652b1ed7f969543ca88a919dd11c806bf26f573) failed: The path could not be validated because intermediate certificate 1 expired 2019-05-20 23:59:59Z
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
