| 文件名 | PDFSuite20.exe |
| 扫描器版本 | 1.0.136.174 |
| 数据库版本 | 2023-09-08 08:01:48 UTC |
恶意软件家族: Avanquest
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
bb76bec75120d6865ae5db16e1c20e1b
|
|
| SHA1 |
be51c95608502d02318f56f808388338fcd3264b
|
|
| SHA256 |
69c4f0d56ce64c37f9dcc2b35c449218e154369d17ce639d33c63e26390e9cba
|
|
| SHA512 |
508963d04c2a5edfd736b7c2db218031de83804f4ab9f11743b344715e7fdd294c5789cca25c4eaed94d04bf3f63dd9ec6dda64002da00a765696b223ee690fb
|
|
| ImpHash |
14e5f654a2f824adb344ab4d99b3b57e
|
| 图标 |
哈希: 4f76226c273711adcad863215fd5146c
模糊: b072b2f279011ad36487bb03c55aee6f dHash: 0024d4e8f49a8480 |
| 映像基址 | 0x00400000 |
| 入口点 | 0x00b67212 |
| 编译时间 | 2023-07-07 13:29:24 |
| 校验和 | 0x00e5b12f (实际: 0x00e528ee) |
| 操作系统版本 | 5.1 |
| PEiD 签名 | 未检测到签名 |
| PDB 路径 | E:\TemporaryBuilds\azure-installer-pool-de-1\15\s\Installer\_bin\suite\Win32\PDFSuite20.pdb |
| 数字签名 | OK |
| 导入 |
7 库
msi, KERNEL32, WINSPOOL, USERENV, gdiplus, UxTheme, USP10 |
| 导出 | 163 函数 |
| 资源 | 141 资源 |
| 节 | 5 节 |
| Entrust Root Certification Authority - G2 | Entrust, Inc. (US) |
| Entrust Root Certification Authority - G2 | Entrust, Inc. (US) |
| Entrust Code Signing Root Certification Authority - CSBR1 | Entrust, Inc. (US) |
| Entrust Extended Validation Code Signing CA - EVCS2 | Avanquest Software (7270356 Canada Inc) (CA) |
| FileVersion | 20.0.5.2954 |
| ProductVersion | 20.0.5.2954 |
| CompanyName | Avanquest Software |
| FileDescription | PDF Suite 20 Installer |
| InternalName | PDFSuite20.exe |
| LegalCopyright | © 2007-2023 Avanquest Software (7270356 Canada Inc.). All rights reserved. |
| OriginalFilename | PDFSuite20.exe |
| ProductName | PDF Suite 20 Installer |
| CommitID | c692fb773bc7489556def422eb965141bc3a49a0 |
| Translation | 0x0409 0x04e4 |
| FileVersion | 20.0.5.2954 |
| ProductVersion | 20.0.5.2954 |
| CompanyName | Avanquest Software |
| FileDescription | PDF Suite 20 Installer |
| InternalName | PDFSuite20.exe |
| LegalCopyright | © 2007-2023 Avanquest Software (7270356 Canada Inc.). All rights reserved. |
| OriginalFilename | PDFSuite20.exe |
| ProductName | PDF Suite 20 Installer |
| CommitID | c692fb773bc7489556def422eb965141bc3a49a0 |
| Translation | 0x0409 0x04e4 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
9,064,113 bytes | 9,064,448 bytes | 6.58 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
91C4559B2336CFBCEF8E8771289CECC3 |
.rdata |
0x008a6000 |
1,808,156 bytes | 1,808,384 bytes | 5.28 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
4D0DC4CA85B577CD16947E6E85F4B6D9 |
.data |
0x00a60000 |
450,500 bytes | 386,560 bytes | 5.35 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
51F48EA207509E503901695286B48953 |
.rsrc |
0x00ace000 |
3,184,764 bytes | 3,185,152 bytes | 7.06 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
39DCA009BD3C4819CAD3B5FE89E1A068 |
.reloc |
0x00dd8000 |
538,832 bytes | 539,136 bytes | 6.56 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
6A48A7E59AEB0ADD716C25301700F1D2 |
3 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| DLL | 1 | 983,608 字节 | |
| DOWNLOAD | 1 | 257 字节 | |
| REGISTRY | 2 | 440 字节 | |
| SETTINGS | 4 | 9,529 字节 | |
| TYPELIB | 1 | 2,428 字节 | |
| UI-DATA | 123 | 2,154,585 字节 | |
| RT_ICON | 4 | 17,472 字节 | |
| RT_STRING | 1 | 64 字节 | |
| RT_GROUP_ICON | 1 | 62 字节 | |
| RT_VERSION | 2 | 2,032 字节 | |
| RT_MANIFEST | 1 | 833 字节 |
| 主题 |
Entrust Root Certification Authority - G2 Entrust, Inc. US |
| 颁发者 | Entrust Root Certification Authority - G2 |
| 序列号 | 1246989352 |
| 主题 |
Entrust Code Signing Root Certification Authority - CSBR1 Entrust, Inc. US |
| 颁发者 | Entrust Root Certification Authority - G2 |
| 序列号 | 104016719443392582891195013311543612543 |
| 主题 |
Entrust Extended Validation Code Signing CA - EVCS2 Entrust, Inc. US |
| 颁发者 | Entrust Code Signing Root Certification Authority - CSBR1 |
| 序列号 | 71361457201517752660581604742734624043 |
| 主题 |
Avanquest Software (7270356 Canada Inc) Avanquest Software (7270356 Canada Inc) CA |
| 颁发者 | Entrust Extended Validation Code Signing CA - EVCS2 |
| 序列号 | 86567264048968947235244180863179642758 |
OK
按照以下步骤完全从系统中移除威胁
保持无恶意软件:使用 Gridinsoft 反恶意软件 保护您的 PC
Gridinsoft 反恶意软件正是如此——提供强大、用户友好的解决方案,让您安心,并不断更新以应对最新威胁。由网络安全专家设计,它提供实时保护和轻松删除恶意软件。这不仅仅是检测威胁;它是通过不间断的安全来增强您的数字生活。试一试,体验无忧浏览的感觉!
