| 文件名 | DOOM Eternal v1.0-v6.66 Plus 20 Trainer.exe |
| 文件类型 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.179.174 |
| 数据库版本 | 2024-06-20 01:00:34 UTC |
恶意软件家族: GenericMC
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
cc63fa843ab94603b970a6e653f4f13b
|
|
| SHA1 |
6fd8e1fc257153926c2e499b0663b3cdbebd5b34
|
|
| SHA256 |
6d64edfae65a6cd656ef6cdb9e1a477de984f224e72ae3b3e6fdee9b33ed7f71
|
|
| SHA512 |
ba2d92beee1a74bffd45ef8b56eed59da79d61ec9ebee01bbc2c35986be7569d9ed78ac3063c5e5f67a64b7eb96ac87f939757e7a20c22bf0b194b2aefc2db8b
|
|
| ImpHash |
6f120260d16669929176b1edaa6880bd
|
| 图标 |
哈希: 7249d5fc6221a5b21411aa2ad27aa387
模糊: a1c738eea59667290c83d00f50a19604 dHash: 70f8fc7a7e2eaa70 |
| 映像基址 | 0x140000000 |
| 入口点 | 0x1400292e0 |
| 编译时间 | 2021-10-29 22:41:37 |
| 校验和 | 0x00000000 (实际: 0x00129dda) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 数字签名 | The PE file does not contain a certificate table. |
| 导入 |
9 库
KERNEL32, USER32, ADVAPI32, SHELL32, OLEAUT32, mscoree, WININET, VERSION, WINMM |
| 导出 | 0 函数 |
| 资源 | 12 资源 |
| 节 | 7 节 |
| CompanyName | 3DMGAME |
| FileDescription | DOOM Eternal v1.0-v6.66 Plus 20 Trainer |
| FileVersion | 1.0.0.0 |
| InternalName | DOOM Eternal v1.0-v6.66 Plus 20 Trainer |
| LegalCopyright | FLiNG Copyright (C) 2021 |
| OriginalFilename | DOOM Eternal v1.0-v6.66 Plus 20 Trainer.exe |
| ProductName | DOOM Eternal v1.0-v6.66 Plus 20 Trainer |
| ProductVersion | 1.0.738.8 |
| Translation | 0x0000 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
322,256 bytes | 322,560 bytes | 6.44 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
744333CFBF8A1E1BE20A3984ED7738A2 |
.rdata |
0x00050000 |
121,600 bytes | 121,856 bytes | 5.33 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
AF403E4FB2BA435A69B0E4A5D995EB95 |
.data |
0x0006e000 |
14,860 bytes | 6,144 bytes | 3.20 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
0BE332C71AF3FD80078AC6EF79C5C84B |
.pdata |
0x00072000 |
15,408 bytes | 15,872 bytes | 5.58 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
73C25DA4E3A8636DE7B8E41704116C2C |
_RDATA |
0x00076000 |
252 bytes | 512 bytes | 2.45 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
6610494CCC0DFBDED6B900CB8A4325D4 |
.rsrc |
0x00077000 |
692,664 bytes | 692,736 bytes | 7.34 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
0D9F60CE07E05AB1488DFCCBFFE334BB |
.reloc |
0x00121000 |
2,772 bytes | 3,072 bytes | 5.23 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
DAF7B1A2332E1068BF54B26BD1EAD85B |
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| COVER | 1 | 88,377 字节 | |
| REMOTE | 2 | 308,228 字节 | |
| UI | 1 | 181,248 字节 | |
| WAVE | 2 | 22,222 字节 | |
| RT_ICON | 3 | 90,092 字节 | |
| RT_GROUP_ICON | 1 | 48 字节 | |
| RT_VERSION | 1 | 932 字节 | |
| RT_MANIFEST | 1 | 653 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The PE file does not contain a certificate table.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
