| 文件名 | prismlauncher.exe |
| 文件类型 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.191.174 |
| 数据库版本 | 2024-09-26 00:00:21 UTC |
恶意软件家族: Heuristic
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
05c74ad84493a5d93adb3d5922f9a6ae
|
|
| SHA1 |
51e939ed7aeec978933c09d5f743014151965006
|
|
| SHA256 |
749e5714c80aecb30274b59e1dfb13221510aa87d0306bc764ffd3fec4f48e3a
|
|
| SHA512 |
94f2581e9edf1eef0da3ddd721d22d0eaeddd07d1da15dfe362f9db5132a0c8c7c3863eb2df50676e26befc7850d3863a039c81b6945a8ac9718fd1a2c5fabc1
|
|
| ImpHash |
7c237079a3812444f582694a4e44cce5
|
| 图标 |
哈希: 35d2c1a80133032cd42cce963b0770c8
模糊: b40dc48b4f5fb6bc5a605f1d4061fb99 dHash: 30f8b0b0e0b2e030 |
| 映像基址 | 0x140000000 |
| 入口点 | 0x140001140 |
| 编译时间 | 2024-06-22 20:01:54 |
| 校验和 | 0x00000000 (实际: 0x00eda569) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 数字签名 | The PE file does not contain a certificate table. |
| 导入 | 24 库 |
| 导出 | 0 函数 |
| 资源 | 10 资源 |
| 节 | 15 节 |
| CompanyName | MultiMC & Prism Launcher Contributors |
| FileDescription | Prism Launcher |
| FileVersion | 8.4.0.0 |
| ProductName | Prism Launcher |
| ProductVersion | 8.4.0.0 |
| Translation | 0x0000 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
6,704,534 bytes | 6,704,640 bytes | 5.95 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
C8A7F11CA7A8FAD64FE4CB4A4A8F9A9D |
.rdata |
0x00666000 |
5,747,000 bytes | 5,747,200 bytes | 7.37 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D68CE5F069B1D06D743C3EB70B2EFB10 |
.buildid |
0x00be2000 |
53 bytes | 512 bytes | 0.64 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
F41C0FEABA8DFD11F9803C6B56F02913 |
.data |
0x00be3000 |
50,944 bytes | 44,032 bytes | 1.91 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
F1D3FF6E66E0AC0A2A7A50C8020E7FB1 |
.pdata |
0x00bf0000 |
97,380 bytes | 97,792 bytes | 6.45 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
C6AC673EB9D745A4C8EBE774B218863E |
.qtversi |
0x00c08000 |
16 bytes | 512 bytes | 0.16 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
B2DBCE093AD1F4F530EB22F97EF2D7DB |
.tls |
0x00c09000 |
16 bytes | 512 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
BF619EAC0CDF3F68D496EA9344137E8B |
.rsrc |
0x00c0a000 |
375,072 bytes | 375,296 bytes | 3.63 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D5F231C9A868A8689559A40715C24EC3 |
.reloc |
0x00c66000 |
53,004 bytes | 53,248 bytes | 5.46 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
6EB943338AFFCAF83DDAF08CB943C4EB |
/4 |
0x00c73000 |
7,798 bytes | 8,192 bytes | 4.56 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
4F1D7192DD8A5E0E8E1AC55FC3D39A19 |
/18 |
0x00c75000 |
112,395 bytes | 112,640 bytes | 5.01 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
065CFC8CD5D112A4672BBBBFED9AD992 |
/30 |
0x00c91000 |
10,727 bytes | 10,752 bytes | 5.67 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
3131B4F97BCE860FDA46F797EFDEC343 |
/42 |
0x00c94000 |
10,236 bytes | 10,240 bytes | 1.99 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
9E975E4220AA8AAABFBB372BFD9C7ACF |
/53 |
0x00c97000 |
480 bytes | 512 bytes | 1.30 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
4792203EC22DEF54D9860307FC2F8671 |
/67 |
0x00c98000 |
116,893 bytes | 117,248 bytes | 5.24 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
37488D7DB039966A004443947C6CB44F |
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 7 | 372,408 字节 | |
| RT_GROUP_ICON | 1 | 104 字节 | |
| RT_VERSION | 1 | 564 字节 | |
| RT_MANIFEST | 1 | 1,366 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The PE file does not contain a certificate table.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
