| 文件名 | steam_api64.dll |
| 文件类型 |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.182.174 |
| 数据库版本 | 2024-07-16 16:00:25 UTC |
恶意软件家族: GameHack
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
c6eb5ca85c4bc2e9324f5acdf83f6eae
|
|
| SHA1 |
c89db2ec77a5ad292f0c7aeb841616e753135a2b
|
|
| SHA256 |
84f8e6b6c394141c046833946260194df26758839ecc0af8abcbdba32e65507d
|
|
| SHA512 |
aec576ee53c2f4dad31db569245395e2e5361b8f4d6e8e8d27d3a6daf470c935bf7c9bf553773d1451c21f9a82bd23f3b1cfa0b2fc101b78acfd70d95fdc74b3
|
|
| ImpHash |
9f2106e6557640037fd66464f8dd2ef5
|
| 映像基址 | 0x180000000 |
| 入口点 | 0x18001bf2c |
| 编译时间 | 2013-10-26 16:41:00 |
| 校验和 | 0x00000000 (实际: 0x000c2d42) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
| 数字签名 | The PE file does not contain a certificate table. |
| 导入 |
5 库
KERNEL32, USER32, GDI32, ADVAPI32, SHELL32 |
| 导出 | 58 函数 |
| 资源 | 4 资源 |
| 节 | 8 节 |
| CompanyName | *!ReLOADeD!* |
| FileDescription | Steam API |
| FileVersion | 2,2,0,0 |
| InternalName | steam_api |
| LegalCopyright | *!ReLOADeD!* |
| OriginalFilename | steam_api |
| ProductName | Steam API |
| ProductVersion | 2,2,0,0 |
| Translation | 0x0409 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
160,975 bytes | 161,280 bytes | 6.42 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
195D1B70E268F965AF322194257C4C76 |
.rdata |
0x00029000 |
75,404 bytes | 75,776 bytes | 4.37 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
C37098E745FA61B1B4C600DA6A8C5569 |
.data |
0x0003c000 |
16,056 bytes | 7,168 bytes | 3.39 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
7DB767EC61ED718FAC53BC355D6DF8D1 |
.pdata |
0x00040000 |
11,388 bytes | 11,776 bytes | 5.26 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
9763B2584F6C238EC1318658ACB8D11F |
.rsrc |
0x00043000 |
117,976 bytes | 118,272 bytes | 5.67 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
F063E25B2E6FFC47156A9BC6AE276395 |
.RLD0 |
0x00060000 |
26,694 bytes | 27,136 bytes | 2.13 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
35696C284111E922371289603EAAEA77 |
.RLD1 |
0x00067000 |
378,564 bytes | 378,880 bytes | 7.63 (打包/加密) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
871057C6C847499BBA06B200F6949A15 |
.reloc |
0x000c4000 |
6,880 bytes | 7,168 bytes | 5.53 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
B4743A67EF0A54333D2DC7C72B6136A6 |
1 检测到高熵(≥7.5)的节 - 可能存在打包/加密
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_BITMAP | 3 | 117,048 字节 | |
| RT_VERSION | 1 | 668 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The PE file does not contain a certificate table.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
