| 文件名 | 童貞兄妹_AI_EN.exe |
| 文件类型 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 扫描器版本 | 1.0.167.174 |
| 数据库版本 | 2024-02-23 20:00:15 UTC |
恶意软件家族: Heuristic
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
744c62efe34a92fb9481078821627201
|
|
| SHA1 |
9c9e2bdb118f9db702b341b6128fdf1658600c49
|
|
| SHA256 |
84917d28fad34b1a0a96fbb2e78b5671f54cf2413d435a7698e5dd055444b33f
|
|
| SHA512 |
ef4210cdc3d770525eb32ea00f4755611168154830acc641f49291d8f51793b09d0276480ecb29422a05837a16f826f07d70cbcc069bd3f4cb7c097840e722a5
|
|
| ImpHash |
296df6d34c5cd51c253772b859775151
|
| 图标 |
哈希: a790eb39880a50be088f61f6b01aa9c2
模糊: 4765f5d769a69c2091e18cd37fc9f86f dHash: 0f73d58ddcf06133 |
| 映像基址 | 0x00400000 |
| 入口点 | 0x00639653 |
| 编译时间 | 2021-11-23 10:00:37 |
| 校验和 | 0x004316b0 (实际: 0x05d8711d) |
| 操作系统版本 | 5.1 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| PDB 路径 | tvpwin32.pdb |
| 数字签名 | The PE file does not contain a certificate table. |
| 导入 |
8 库
kernel32, user32, advapi32, oleaut32, ole32, ntdll, SHFolder, shlwapi |
| 导出 | 0 函数 |
| 资源 | 67 资源 |
| 节 | 8 节 |
| FileDescription | 童貞兄妹_KR |
| FileVersion | 1.2.0.3 |
| InternalName | tvp2/win32 |
| LegalCopyright | (KIRIKIRI core) (C) W.Dee and contributors All Rights Reserved. This software is based in part on the work of Independent JPEG Group. For details: Run this program with '-about' option. |
| OriginalFilename | tvpwin32.exe |
| ProductName | TVP(KIRIKIRI) Z core / Scripting Platform for Win32 |
| ProductVersion | 1.2.0.3 |
| Comments | sister position |
| Translation | 0x0411 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
2,874,395 bytes | 2,874,880 bytes | 6.66 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
781538B5A651EB2688086527CE47F7A3 |
.adata |
0x002bf000 |
1,520 bytes | 1,536 bytes | 3.85 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
94E7328775B7111989F1F77FF89F2CA3 |
.rdata |
0x002c0000 |
715,504 bytes | 715,776 bytes | 5.54 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
77AEB0F7DB8A0408AB3DC6CD17458790 |
.data |
0x0036f000 |
698,176 bytes | 42,496 bytes | 5.68 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
5DF51DC7AC89A689230972BA269A5C7F |
.rsrc |
0x0041a000 |
518,338 bytes | 518,656 bytes | 7.63 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
DFE31CB5D8185BDB935E463097BFD3F3 |
.reloc |
0x00499000 |
214,976 bytes | 215,040 bytes | 4.92 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
15EDE8F8A9CA224081EE9C8697F043E1 |
.enigma1 |
0x004ce000 |
4,096 bytes | 93,405,184 bytes | 7.92 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
836B991A14423C0D747736B28ABC9BD9 |
.enigma2 |
0x004cf000 |
282,624 bytes | 282,624 bytes | 6.02 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
B1DAF0F85BE86F3D61DC527920A06C60 |
2 检测到高熵(≥7.5)的节 - 可能存在打包/加密
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| TEXT | 4 | 105,381 字节 | |
| RT_ICON | 1 | 7,336 字节 | |
| RT_DIALOG | 2 | 752 字节 | |
| RT_STRING | 54 | 65,592 字节 | |
| RT_RCDATA | 3 | 334,550 字节 | |
| RT_GROUP_ICON | 1 | 20 字节 | |
| RT_VERSION | 1 | 1,100 字节 | |
| RT_MANIFEST | 1 | 706 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The PE file does not contain a certificate table.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
