| 文件名 | QuantV_Install.exe |
| 文件类型 |
PE32+ executable (console) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.222.174 |
| 数据库版本 | 2025-08-02 21:00:20 UTC |
恶意软件家族: Agent
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
c7e8bc52072fceae17e1e0e51ad7c7e1
|
|
| SHA1 |
82140beb419de0dd798401f99284f9f69be6a662
|
|
| SHA256 |
89b87ee6778b2c3349c1a18d6f4e75b8c29031695460d452fb4fbe5add6f3902
|
|
| SHA512 |
acd0300ad6207d666813239a762020cba433c85ef2a49d861e8d7b61f42cca9cb65e1b43a176438791edc2fbbb6257e70664b87a1403aebcc09d1c8246b512c0
|
|
| ImpHash |
d42595b695fc008ef2c56aabd8efd68e
|
| 映像基址 | 0x00400000 |
| 入口点 | 0x004775e0 |
| 编译时间 | 1970-01-01 00:00:00 |
| 校验和 | 0x00000000 (实际: 0x0081cb9f) |
| 操作系统版本 | 6.1 |
| PEiD 签名 |
PE32+ executable (console) x86-64, for MS Windows
|
| 数字签名 | No valid SignedData structure was found. |
| 导入 |
1 库
kernel32 |
| 导出 | 0 函数 |
| 资源 | 0 资源 |
| 节 | 15 节 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
2,625,745 bytes | 2,626,048 bytes | 6.21 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
87C7759C8A3E4D199680F7A45EDF1D43 |
.rdata |
0x00283000 |
2,775,480 bytes | 2,775,552 bytes | 5.53 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
5649720F0F6C094642DB921CCB20C565 |
.data |
0x00529000 |
655,280 bytes | 305,152 bytes | 6.26 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
F6B241E9CB87D3DA8360DF401A963870 |
.pdata |
0x005c9000 |
60,264 bytes | 60,416 bytes | 5.48 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
CA9D57A9E98A71FA9896C795BAE10197 |
.xdata |
0x005d8000 |
180 bytes | 512 bytes | 1.78 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
1F0B77C93CC5480943D8EF623BD62683 |
/4 |
0x005d9000 |
331 bytes | 512 bytes | 5.58 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES
|
523EAECD9190DFD8860C76496FE54D39 |
/19 |
0x005da000 |
478,306 bytes | 478,720 bytes | 8.00 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES
|
1B9A478DFF6EF55129E82EABEDB1C3EE |
/32 |
0x0064f000 |
97,961 bytes | 98,304 bytes | 7.94 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES
|
6AA01EF278C3CDFE83EEF896CF63A1F6 |
/46 |
0x00667000 |
48 bytes | 512 bytes | 0.86 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES
|
40CCA7C46FC713B4F088E5D440CA7931 |
/65 |
0x00668000 |
849,504 bytes | 849,920 bytes | 8.00 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES
|
90D668BD2D04AD0774A0786DFC39F2C5 |
/78 |
0x00738000 |
614,270 bytes | 614,400 bytes | 8.00 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES
|
27C1EDCFFB342B85C997E36F7E8414EC |
/90 |
0x007ce000 |
190,705 bytes | 190,976 bytes | 7.82 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES
|
A7DE241FEAD6E942EB021BA958DCE085 |
.idata |
0x007fd000 |
1,342 bytes | 1,536 bytes | 4.01 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D17A7552F7B8C94C92741A11E2AEE36A |
.reloc |
0x007fe000 |
50,548 bytes | 50,688 bytes | 5.44 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
406813978407417C141181239B5F098B |
.symtab |
0x0080b000 |
412,302 bytes | 412,672 bytes | 5.34 (正常) |
IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
8B5DDA459110558F050BA16409F0AF0D |
5 检测到高熵(≥7.5)的节 - 可能存在打包/加密
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
No valid SignedData structure was found.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
