| 文件名 | steam_api64.dll |
| 文件类型 |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.215.174 |
| 数据库版本 | 2025-04-25 18:00:19 UTC |
恶意软件家族: GameHack
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
7769d8d2224a54c1230ad9e72e4b0703
|
|
| SHA1 |
aa306381f098c327991080dc1712df6e398673f4
|
|
| SHA256 |
6328a8ca4ee68eda014f2eb592ea55f5b076f3f0117671ac808500ffabe98ae4
|
|
| SHA512 |
28006fbf74e1da71375a9dd208c456b0554b787b2d45cc5aefc9970e37bc70b69217e3cf5c8be74189d7cc4b8e1cdf1274d30c14f62fddfe8a1f31aaba4acad6
|
|
| ImpHash |
0aceff4a53d7fd950ebcf198bc39fcfe
|
| 映像基址 | 0x180000000 |
| 入口点 | 0x180184072 |
| 编译时间 | 2015-05-08 09:54:18 |
| 校验和 | 0x00000000 (实际: 0x0018cdee) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
| 数字签名 | No valid SignedData structure was found. |
| 导入 |
7 库
KERNEL32, USER32, GDI32, ADVAPI32, SHELL32, ole32, WINMM |
| 导出 | 710 函数 |
| 资源 | 4 资源 |
| 节 | 10 节 |
| CompanyName | *!ReLOADeD!* |
| FileDescription | Steam API |
| FileVersion | 4,9,0,0 |
| InternalName | steam_api |
| LegalCopyright | *!ReLOADeD!* |
| OriginalFilename | steam_api |
| ProductName | Steam API |
| ProductVersion | 4,9,0,0 |
| Translation | 0x0409 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
275,759 bytes | 275,968 bytes | 6.43 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
F3F9292BEE56416FAA7515D886A832F2 |
.rdata |
0x00045000 |
134,294 bytes | 134,656 bytes | 5.83 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
7FE94877A0D75844DC8B1C12EEAEEC2D |
.data |
0x00066000 |
16,472 bytes | 7,168 bytes | 3.19 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
0AF2C0C5471FD313F0A76BEED6FBB2E2 |
.pdata |
0x0006b000 |
22,152 bytes | 22,528 bytes | 5.53 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
31AE68D5E1F3A82344B58C9F840D66FC |
.rsrc |
0x00071000 |
117,976 bytes | 118,272 bytes | 5.67 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
BA180A133D9C4D698B1BDD88A57EAA60 |
.RLD0 |
0x0008e000 |
7,868 bytes | 8,192 bytes | 5.42 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
2D96A503B13ACBD4CE617F0C6360F064 |
.RLD1 |
0x00090000 |
972,127 bytes | 972,288 bytes | 7.88 (打包/加密) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
09BB1D8F552B39306C6C949522E173E2 |
.tls |
0x0017e000 |
48 bytes | 512 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
BF619EAC0CDF3F68D496EA9344137E8B |
.RLD2 |
0x0017f000 |
54,880 bytes | 55,296 bytes | 7.24 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
419AACD4F42A6F3A6EAA6156182FB4CC |
.reloc |
0x0018d000 |
8,464 bytes | 8,704 bytes | 5.53 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
61E60A02BDF1B9F0B3AC5D1C6994373F |
1 检测到高熵(≥7.5)的节 - 可能存在打包/加密
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_BITMAP | 3 | 117,048 字节 | |
| RT_VERSION | 1 | 668 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
No valid SignedData structure was found.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
