| 文件名 | TheForest32.exe |
| 文件类型 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 扫描器版本 | 1.0.211.174 |
| 数据库版本 | 2025-03-19 17:00:32 UTC |
我们的扫描器未检测到威胁
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
4e2d9fd9badcd85fc1acdf93d1dc4dc6
|
|
| SHA1 |
0005269196329e68156989a78410a90a202d2c6f
|
|
| SHA256 |
75c0f192dc7210e0a9febc5bce2b38e484e4d3fd3f3ac04775cc2ca12cedd959
|
|
| SHA512 |
43fd3323d5ea814001606e29dc4575d8b091e28a5545fbfa309bdc19b356cc55ed76b8c0d25f09702b03ff888058aef07e19700bc488e17963bbfd284ab8970b
|
|
| ImpHash |
45353117c90005b66833fc08c1b39216
|
| 图标 |
哈希: da7e5e6814439b078163aa524cb479bf
模糊: 98fca8bd45f4c154efa813f7010ceb8b dHash: 3068dcdc96c8f831 |
| 映像基址 | 0x00400000 |
| 入口点 | 0x00c8e7c7 |
| 编译时间 | 2018-04-10 09:51:52 |
| 校验和 | 0x00000000 (实际: 0x01160100) |
| 操作系统版本 | 5.1 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| PDB 路径 | C:\buildslave\unity\build\build\WindowsStandaloneSupport\Variations\win32_nondevelopment_mono\player_win_x86.pdb |
| 数字签名 | No valid SignedData structure was found. |
| 导入 | 17 库 |
| 导出 | 2 函数 |
| 资源 | 17 资源 |
| 节 | 9 节 |
| FileVersion | 5.6.5.1082900 |
| ProductVersion | 5.6.5.1082900 |
| Unity Version | 5.6.5p4_10861494ddb7 |
| Translation | 0x0409 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
14,941,418 bytes | 14,941,696 bytes | 6.75 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
A5A916670735E7FF5710DE1850CC9353 |
.rdata |
0x00e41000 |
1,815,604 bytes | 1,816,064 bytes | 6.11 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
42244777C3D5152C2A449AD1AF192255 |
.data |
0x00ffd000 |
1,082,880 bytes | 263,168 bytes | 5.54 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
0536F68491978D743EB4C8C56B735AEA |
.rodata |
0x01106000 |
2,768 bytes | 3,072 bytes | 3.97 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
9349F2D7CD96BE2FA9A3F808675BF933 |
.trace |
0x01107000 |
6,976 bytes | 7,168 bytes | 2.90 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D5091C1296D6736542424866CBACC0AF |
.data1 |
0x01109000 |
64 bytes | 512 bytes | 0.44 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
F5688ADFEAF35CD6BE99948B3E39F323 |
_RDATA |
0x0110a000 |
1,344 bytes | 1,536 bytes | 4.75 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
E5CCE10246944818A93D9B136F7FA610 |
.rsrc |
0x0110b000 |
567,104 bytes | 567,296 bytes | 4.31 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
7008B38C4091A45CCF812565DBDE73C8 |
.reloc |
0x01196000 |
596,674 bytes | 596,992 bytes | 5.65 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
46CFF933C0066135AA8649FA092DC1D3 |
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 9 | 562,568 字节 | |
| RT_DIALOG | 5 | 1,372 字节 | |
| RT_GROUP_ICON | 1 | 132 字节 | |
| RT_VERSION | 1 | 424 字节 | |
| RT_MANIFEST | 1 | 1,621 字节 |
| 文件版本 | 5.6.5.1082900 |
✓ 此文件已进行数字签名,证书链已验证。
No valid SignedData structure was found.
建议: 验证文件来源并确保它来自可信的发布者.
Gridinsoft Anti-Malware 拥有更强大的病毒扫描引擎。我们建议使用它来更准确地诊断受感染的系统。这个简短的指南将帮助您安装我们的旗舰产品以进行更准确的诊断:
下载反恶意软件此文件看起来是干净的,但定期的安全维护很重要
