| 文件名 | pixar mail access.exe |
| 文件类型 |
Win32 EXE
|
| 魔术字节 | PE32+ executable (console) x86-64, for MS Windows |
| SSDEEP 哈希 |
98304:goEeJQoDRG+OeMQEExAupm4n4Enr0xNLtrwGUz8GP:3QoDRGGMpE8uUprJ+
|
| 扫描器版本 | 1.0.218.174 |
| 数据库版本 | 2025-06-14 06:00:25 UTC |
被 7 个安全引擎检测到 - 需要谨慎
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
6b71428e5d05147ad17dae7e77e0b77c
|
|
| SHA1 |
597d507ee837a7e5ccb43c7ab60adc1feadc5556
|
|
| SHA256 |
6ae684744d092caba64d47671d04ffd994ac1c18a6c3ff0f38d4dcd2a4f133ea
|
|
| SHA512 |
7d93a8d140978d0a2c038b69b6a76a412dfe3effbe5abf5b9fcfbfbed812f833a9ac75abf597c678137e2abf8303ef3cf60ca031f66560d46d74298b0c6ccac2
|
|
| ImpHash |
c2d457ad8ac36fc9f18d45bffcd450c2
|
| 映像基址 | 0x00400000 |
| 入口点 | 0x0046d800 |
| 编译时间 | 1970-01-01 00:00:00 |
| 校验和 | 0x00000000 (实际: 0x00823965) |
| 操作系统版本 | 6.1 |
| PEiD 签名 |
PE32+ executable (console) x86-64, for MS Windows
|
| 数字签名 | No valid SignedData structure was found. |
| 导入 |
1 库
kernel32 |
| 导出 | 0 函数 |
| 资源 | 0 资源 |
| 节 | 15 节 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
2,712,533 bytes | 2,712,576 bytes | 6.20 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
E3B362699554E0207A59D670ADA3AA2D |
.rdata |
0x00298000 |
2,708,016 bytes | 2,708,480 bytes | 5.67 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
E7FD3B2755C24AD63401B279D4BDABB8 |
.data |
0x0052e000 |
855,584 bytes | 275,456 bytes | 4.52 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
254E4EA0912D5B5193E19FC64DE05DC8 |
.pdata |
0x005ff000 |
59,268 bytes | 59,392 bytes | 5.43 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
5FAD142F5D7C264830F2ABB15D69D035 |
.xdata |
0x0060e000 |
180 bytes | 512 bytes | 1.79 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
667AA6E6C268425A499634F70BDC8BD5 |
/4 |
0x0060f000 |
297 bytes | 512 bytes | 5.08 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES
|
17F62672C8506464AE13ECCC2EB6CB94 |
/19 |
0x00610000 |
460,459 bytes | 460,800 bytes | 8.00 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES
|
01DBD5DC644A56B4F4CF750E985B2269 |
/32 |
0x00681000 |
96,190 bytes | 96,256 bytes | 7.94 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES
|
328537FACE31A0674592A5820FEB12E7 |
/46 |
0x00699000 |
48 bytes | 512 bytes | 0.86 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES
|
40CCA7C46FC713B4F088E5D440CA7931 |
/65 |
0x0069a000 |
963,667 bytes | 964,096 bytes | 8.00 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES
|
B7365A8FD9A006AB10B42DF6012FA1A2 |
/78 |
0x00786000 |
595,609 bytes | 595,968 bytes | 8.00 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES
|
B632139AC96893D57C939256466E582C |
/90 |
0x00818000 |
175,180 bytes | 175,616 bytes | 7.83 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES
|
EAA5B62CFEF78961B7FCA6A4346BAE57 |
.idata |
0x00843000 |
1,364 bytes | 1,536 bytes | 4.05 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
1E747D47693A7826F0630D15298C7406 |
.reloc |
0x00844000 |
47,524 bytes | 47,616 bytes | 5.45 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
6C56A422B267DDCDACDF004426D09867 |
.symtab |
0x00850000 |
370,370 bytes | 370,688 bytes | 5.29 (正常) |
IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
E614BC2B70A0954178BB1C2208D6763C |
5 检测到高熵(≥7.5)的节 - 可能存在打包/加密
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
No valid SignedData structure was found.
建议: 验证文件来源并确保它来自可信的发布者.
Gridinsoft Anti-Malware 拥有更强大的病毒扫描引擎。我们建议使用它来更准确地诊断受感染的系统。这个简短的指南将帮助您安装我们的旗舰产品以进行更准确的诊断:
下载反恶意软件此文件看起来是干净的,但定期的安全维护很重要
