| 文件名 | primordial-cs2.dll |
| 文件类型 |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.171.174 |
| 数据库版本 | 2024-04-08 21:00:29 UTC |
恶意软件家族: Heuristic
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
f5dfa14149b13d2b19b358bc5a70170b
|
|
| SHA1 |
b748c14dc8e410fe7975cada26efb44e1337f85a
|
|
| SHA256 |
67f202ece0dd924a49192cda4cec0e9107dca88d83a16667c2d5236056c92b27
|
|
| SHA512 |
6f2d9ec5ed20d802e624b3ddd5aab99584b63c58f64c5cbfd8414520af8a5153dbb7bdc3c234fa7a9cd083ed6b51a74b4af3776e139ef65aef7db822648fa3a8
|
|
| ImpHash |
f5d36513925e93b813234e5ca179b39f
|
| 映像基址 | 0x180000000 |
| 入口点 | 0x18002344c |
| 编译时间 | 2024-03-24 10:53:17 |
| 校验和 | 0x00000000 (实际: 0x00dc7c7c) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
| 数字签名 | The PE file does not contain a certificate table. |
| 导入 |
3 库
KERNEL32, WS2_32, ntdll |
| 导出 | 0 函数 |
| 资源 | 1 资源 |
| 节 | 11 节 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
229,846 bytes | 229,888 bytes | 6.36 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
C18905C1059B6AF237D4D7F8E5ABDAB5 |
.rdata |
0x0003a000 |
228,108 bytes | 228,352 bytes | 3.59 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
A10A42078997622D72DCA66814D1FCDB |
.data |
0x00072000 |
10,571,944 bytes | 10,567,680 bytes | 7.31 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
2707D4071FCE1488148AF3210ECA8624 |
.pdata |
0x00a88000 |
5,976 bytes | 6,144 bytes | 7.78 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
0015F898118FEEF82E6C003562C37161 |
.00cfg |
0x00a8a000 |
56 bytes | 512 bytes | 0.51 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
BC624B59F0A19E26B6E34A2875EE1797 |
.gxfg |
0x00a8b000 |
5,600 bytes | 5,632 bytes | 5.12 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
638D69593037B3FC2E580EA39EE83981 |
.retplne |
0x00a8d000 |
140 bytes | 512 bytes | 1.05 (正常) |
0x00000000
|
8C950F651287CBC1296BCB4E8CD7E990 |
_RDATA |
0x00a8e000 |
500 bytes | 512 bytes | 4.21 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
95E6F1F9EB8C2C973C5491433E61BBA9 |
._4r |
0x00a8f000 |
3,348,196 bytes | 3,348,480 bytes | 7.15 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
BE5B4E1DC06E88320B08014C611585AA |
.rsrc |
0x00dc1000 |
223 bytes | 512 bytes | 2.35 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
8AE37722C718B479B99A224D70CBA852 |
.reloc |
0x00dc2000 |
1,936 bytes | 2,048 bytes | 5.38 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
17C3F52B48C22C6A7DA00469DA5CE7BD |
1 检测到高熵(≥7.5)的节 - 可能存在打包/加密
2 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_MANIFEST | 1 | 135 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The PE file does not contain a certificate table.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
