| 文件名 | SteamOfEinbroch.exe |
| 文件类型 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 扫描器版本 | 1.0.218.174 |
| 数据库版本 | 2025-06-15 22:00:21 UTC |
恶意软件家族: Heuristic
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
5826d935709a68a1a1081fc076226945
|
|
| SHA1 |
c059afc3ef83d1b45eb882c175b6cff9ac62c0f0
|
|
| SHA256 |
6f117094a7fdf707a209973d1342846036de546d00cf0cac077747aa6ffc8da1
|
|
| SHA512 |
634cf892092a6c490a34e12d127f0271a515d051b3daf8d743c2adf8da07d8c9164c0983eedb85498c27cd24c4ff59e4f1fe1168c8ed3fdacb357e14a71b21c1
|
|
| ImpHash |
c6ad313f9ab925eaeda405c0f513d563
|
| 图标 |
哈希: 24f944cbf7e5301600689bdde7425948
模糊: 8187be336bb3cca393e043dd636c93e4 dHash: aae88e96968ee8aa |
| 映像基址 | 0x00400000 |
| 入口点 | 0x00d4acc1 |
| 编译时间 | 2024-07-04 11:07:28 |
| 校验和 | 0x00000000 (实际: 0x0143992e) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 数字签名 | No valid SignedData structure was found. |
| 导入 | 25 库 |
| 导出 | 1 函数 |
| 资源 | 20 资源 |
| 节 | 15 节 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
11,755,520 bytes | 11,753,482 bytes | 6.47 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
B3F01E48D5D2F5FAA88AD025E57A6BAD |
|
0x00b37000 |
2,080,768 bytes | 2,080,040 bytes | 5.35 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
DA9134ACA09574F83C10EEF67C9D34CD |
p |
0x00d33000 |
4,358,144 bytes | 465,920 bytes | 3.61 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
419B1E9E1D3F372ECCED9560E5419E60 |
|
0x0115b000 |
155,648 bytes | 151,600 bytes | 5.39 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D355DEAF08C54CE7E73598323DD009BF |
|
0x01181000 |
876,544 bytes | 872,532 bytes | 6.67 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
5EC2A42A0FC74FA398C03A4EE81ABCC0 |
.debug |
0x01257000 |
4,096 bytes | 4,096 bytes | 1.91 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
DF8E41E61C72BB74F767C5036CCC1D47 |
.edata |
0x01258000 |
4,096 bytes | 4,096 bytes | 0.23 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
FF38A3F4805DAB744FC3096A704B05B9 |
.vm_sec |
0x01259000 |
16,384 bytes | 16,384 bytes | 3.31 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
90A430ED8893186234B2EB53E4A51142 |
.idata |
0x0125d000 |
4,096 bytes | 4,096 bytes | 3.27 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
7293C30379E724B3F984A7CB5FA4AF62 |
.tls |
0x0125e000 |
4,096 bytes | 4,096 bytes | 0.04 (正常) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
F563C28A4EFD7139113A5EDAC375415B |
.rsrc |
0x0125f000 |
7,376,896 bytes | 4,096 bytes | 2.70 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
79267BADEBCEC699F6304BA29440D263 |
.boot |
0x01968000 |
4,124,672 bytes | 4,122,624 bytes | 7.88 (打包/加密) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
E3EA6E5D66434C0194D0DD70F0BB108A |
.reloc |
0x01d57000 |
1,683,456 bytes | 1,683,456 bytes | 8.00 (打包/加密) |
IMAGE_SCN_MEM_READ
|
5A59B781A461721957A4B438F8FD8EE2 |
.import |
0x01ef2000 |
20,480 bytes | 20,480 bytes | 4.81 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
9E0CA256E8D9EB199F001E972683B32B |
.xdiff |
0x01ef7000 |
4,096 bytes | 2,560 bytes | 5.39 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
96038627C215461E87BCE90471A7F95B |
2 检测到高熵(≥7.5)的节 - 可能存在打包/加密
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 10 | 210,672 字节 | |
| RT_DIALOG | 6 | 5,106 字节 | |
| RT_ACCELERATOR | 1 | 24 字节 | |
| RT_GROUP_ICON | 1 | 20 字节 | |
| RT_MANIFEST | 2 | 1,307 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
No valid SignedData structure was found.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
