| 文件名 | PotatoGraphics.exe |
| 文件类型 |
Win32 EXE
|
| 魔术字节 | PE32 executable (GUI) Intel 80386, for MS Windows |
| SSDEEP 哈希 |
1572864:8Wl164XEQCrwvXoTXkcpDNNEfxPJc9XIr1lAZ1POJC6X/1B+i3j:8y640cAQ656xPJc9k1lfhWiT
|
| 扫描器版本 | 1.0.210.174 |
| 数据库版本 | 2025-03-14 13:00:54 UTC |
被 5 个安全引擎检测到 - 需要谨慎
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
f73b7791baeb98ce6c6f6b7f82e1792d
|
|
| SHA1 |
3b1620b7a105b3ffa6c248f020cbee1119211952
|
|
| SHA256 |
7533c3d88c4ff72273d982f53faf9cfa04a7ca51dae4c481512663514872d21d
|
|
| SHA512 |
dc4cdca7ece2beb159bb1ed316e61b4334931307351ca3799593c47dc706164454e874aa23ffcbd2c8787ab7d2456068c3bc054800d6d727bec8ad700a4d321c
|
|
| ImpHash |
df453def9d4f8f1453a5fa51c6608cfc
|
| 映像基址 | 0x00400000 |
| 入口点 | 0x008fa050 |
| 编译时间 | 2023-10-31 14:59:22 |
| 校验和 | 0x00000000 (实际: 0x04026c3a) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| PDB 路径 | D:\a\_work\1\s\artifacts\obj\coreclr\windows.x86.Release\Corehost.Static\singlefilehost.pdb |
| 数字签名 | No valid SignedData structure was found. |
| 导入 | 17 库 |
| 导出 | 5 函数 |
| 资源 | 5 资源 |
| 节 | 8 节 |
| Translation | 0x0000 0x04b0 |
| CompanyName | PotatoGraphics |
| FileDescription | PotatoGraphics |
| FileVersion | 1.0.0.0 |
| InternalName | PotatoGraphics.dll |
| LegalCopyright | |
| OriginalFilename | PotatoGraphics.dll |
| ProductName | PotatoGraphics |
| ProductVersion | 1.0.0 |
| Assembly Version | 1.0.0.0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
5,572,874 bytes | 5,573,120 bytes | 6.56 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
7AD59DCF80AFCBA46BB6779381710378 |
.CLR_UEF |
0x00552000 |
68 bytes | 512 bytes | 0.96 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
57BC74EDCAE15B11802D7FF93D25B76A |
.rdata |
0x00553000 |
1,307,630 bytes | 1,307,648 bytes | 5.13 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
A81CB89E48FC1A139C5BD873361779E1 |
.data |
0x00693000 |
81,084 bytes | 29,184 bytes | 3.87 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
9EBA1EFE4F91CDE198B04E2A6523BD9D |
.didat |
0x006a7000 |
28 bytes | 512 bytes | 0.25 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
F0474F498313864F0BEDB9BB443E88CF |
_RDATA |
0x006a8000 |
69,392 bytes | 69,632 bytes | 5.36 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
211089D7D672E1712B48C26D0BDC0A1B |
.rsrc |
0x006b9000 |
1,268,452 bytes | 1,268,736 bytes | 6.40 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
6A924232B319F0A79417DB80C6464134 |
.reloc |
0x007ef000 |
268,556 bytes | 268,800 bytes | 6.67 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
0BDA70936AE3F88B8B17230BF231D2D3 |
2 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_RCDATA | 3 | 1,266,776 字节 | |
| RT_VERSION | 1 | 764 字节 | |
| RT_MANIFEST | 1 | 436 字节 |
| 产品 | PotatoGraphics |
| 描述 | PotatoGraphics |
| 文件版本 | 1.0.0.0 |
| 原始名称 | PotatoGraphics.dll |
| 内部名称 | PotatoGraphics.dll |
33 00 00 05 15 B0 EF 41 0F A4 18 8F B1 00 00 00 00 05 1561 0C 52 4C 00 00 00 00 00 0333 00 00 01 D1 B2 5B 40 28 6C 2E D2 45 00 01 00 00 01 D133 00 00 00 15 C5 E7 6B 9E 02 9B 49 99 00 00 00 00 00 15✓ 此文件已进行数字签名,证书链已验证。
No valid SignedData structure was found.
建议: 验证文件来源并确保它来自可信的发布者.
Gridinsoft Anti-Malware 拥有更强大的病毒扫描引擎。我们建议使用它来更准确地诊断受感染的系统。这个简短的指南将帮助您安装我们的旗舰产品以进行更准确的诊断:
下载反恶意软件此文件看起来是干净的,但定期的安全维护很重要
