| 文件名 | Updater.exe |
| 文件类型 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.182.174 |
| 数据库版本 | 2024-07-15 20:00:25 UTC |
恶意软件家族: Packed
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
4ab8ccecd4a134b37a1141b515371b66
|
|
| SHA1 |
d0ebd671b85d91b7e4405e78dc8de723c23ee99d
|
|
| SHA256 |
7059ff79287dcb1ead0d9b0a166bc551d729b1c7c412cecab3574ac1379685f8
|
|
| SHA512 |
249ed30e142530b006958605f9f31f6d9fcf39b412e4ef1b2040887ed7020363749ce89150c4c35a3b4a92a7e6955775dc9f7c0246034fe18909c39bdb121ecd
|
|
| ImpHash |
5f85c353cf9895ecc2a751010283213a
|
| 图标 |
哈希: 3baaa1348a74c805c98ca0c9ccd05c11
模糊: 3d5004e5f1a3de5b86836ab7f3986200 dHash: f0cc9d93928ec8e0 |
| 映像基址 | 0x140000000 |
| 入口点 | 0x14087b511 |
| 编译时间 | 2024-06-29 13:47:42 |
| 校验和 | 0x00000000 (实际: 0x00946b87) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 数字签名 | The PE file does not contain a certificate table. |
| 导入 |
4 库
msvcrt, KERNEL32, WTSAPI32, USER32 |
| 导出 | 0 函数 |
| 资源 | 3 资源 |
| 节 | 10 节 |
| CompanyName | Google Inc. |
| FileTitle | chrome.exe |
| FileDescription | Google Chrome |
| FileVersion | 70,0,3538,110 |
| LegalCopyright | Copyright 2017 Google Inc. All rights reserved. |
| LegalTrademark | |
| ProductName | Google Chrome |
| ProductVersion | 70,0,3538,110 |
| Translation | 0x0409 0x04e4 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
74,358 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.rdata |
0x00014000 |
12,836 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.data |
0x00018000 |
5,234,632 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.pdata |
0x00516000 |
408 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.00cfg |
0x00517000 |
16 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.tls |
0x00518000 |
16 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.vmp0 |
0x00519000 |
3,496,420 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.vmp1 |
0x0086f000 |
9,618,824 bytes | 9,618,944 bytes | 7.97 (打包/加密) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
D4CC77FEF0D229CB27E192067596E7DA |
.reloc |
0x0119c000 |
228 bytes | 512 bytes | 2.26 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
75FFE5ACD12D6097E354066B18130975 |
.rsrc |
0x0119d000 |
68,632 bytes | 69,120 bytes | 3.52 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
9C37A4C754CC1206D5C4DAD67CE81970 |
1 检测到高熵(≥7.5)的节 - 可能存在打包/加密
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 1 | 67,624 字节 | |
| RT_GROUP_ICON | 1 | 20 字节 | |
| RT_VERSION | 1 | 752 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The PE file does not contain a certificate table.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
