| 文件名 | COMPRS060SW9D.exe |
| 文件类型 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 扫描器版本 | 1.0.216.174 |
| 数据库版本 | 2025-05-08 17:00:16 UTC |
恶意软件家族: Downloader
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
03ce9a1fb33aa7ec5eff4ec77d42298d
|
|
| SHA1 |
08f9df87269108afdeb1c49562f6fe076409f49e
|
|
| SHA256 |
7c6a7487c376e2e925af4830ca728a34328fbdfc8220ca16f833d312ae3d09fa
|
|
| SHA512 |
272781d18f980982229a2c79930536b71fd6c524bbc645b2735970210d17e655c046ddb958691b0b5c3bbd9256e434f1eae61548628b4e9dff657314bdce8f8e
|
|
| ImpHash |
63dc4f6eb8701c14c45c592730a92198
|
| 图标 |
哈希: 7bc2028e224b8f786a282772a4359fc8
模糊: 080abc571f2207b890b328401c883122 dHash: 68f4f4d0f0f0d8c0 |
| 映像基址 | 0x00400000 |
| 入口点 | 0x00499b74 |
| 编译时间 | 2025-04-23 15:05:43 |
| 校验和 | 0x00000000 (实际: 0x0103c4a3) |
| 操作系统版本 | 4.0 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 数字签名 | No valid SignedData structure was found. |
| 导入 |
8 库
oleaut32, advapi32, user32, kernel32, gdi32, version, ole32, comctl32 |
| 导出 | 0 函数 |
| 资源 | 103 资源 |
| 节 | 9 节 |
| CompanyName | A+Investments |
| FileDescription | NextData |
| FileVersion | 9.2.9.7 |
| InternalName | NextData |
| LegalCopyright | NextData |
| LegalTrademarks | NextData |
| OriginalFilename | NextData |
| ProductName | NextData |
| ProductVersion | 9.2.9.7 |
| Comments | |
| PrivateBuild | NextData |
| SpecialBuild | NextData |
| Translation | 0x0409 0x04e4 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
620,376 bytes | 620,544 bytes | 6.60 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
6D55A020C554FD291237E286EB30628C |
.itext |
0x00099000 |
3,312 bytes | 3,584 bytes | 6.12 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
165587B7C0F4DEED0A65174CD8AF680C |
.data |
0x0009a000 |
22,592 bytes | 23,040 bytes | 5.20 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
82EA4BAAECBA7333B174C7B2C7FEF86C |
.bss |
0x000a0000 |
26,984 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.idata |
0x000a7000 |
10,564 bytes | 10,752 bytes | 5.16 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
39CC8A7A942D600F15ADD5713FFD443A |
.tls |
0x000aa000 |
60 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.rdata |
0x000ab000 |
24 bytes | 512 bytes | 0.21 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
556D2E092FD9529492A7488240EBA501 |
.reloc |
0x000ac000 |
39,700 bytes | 39,936 bytes | 6.66 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
BEE309F7AAA52E754EE73908F182F601 |
.rsrc |
0x000b6000 |
16,280,576 bytes | 16,280,576 bytes | 6.12 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
171E62E54DF4567A7FEFD814A57E72F4 |
2 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| AVI | 8 | 132,096 字节 | |
| UMJAS | 1 | 15,887,020 字节 | |
| UNICODEDATA | 6 | 167,861 字节 | |
| RT_CURSOR | 9 | 2,772 字节 | |
| RT_BITMAP | 28 | 10,064 字节 | |
| RT_ICON | 7 | 42,888 字节 | |
| RT_DIALOG | 2 | 164 字节 | |
| RT_STRING | 29 | 28,332 字节 | |
| RT_RCDATA | 2 | 1,876 字节 | |
| RT_GROUP_CURSOR | 9 | 180 字节 | |
| RT_GROUP_ICON | 1 | 104 字节 | |
| RT_VERSION | 1 | 852 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
No valid SignedData structure was found.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
