| 文件名 | OInstall_x64.exe |
| 文件类型 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.211.174 |
| 数据库版本 | 2025-03-28 17:01:21 UTC |
恶意软件家族: KMS
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
f0800f93e96d5fd57834f3fd76612022
|
|
| SHA1 |
f9346d0b20b3623a0b45a4db03affd7067feb779
|
|
| SHA256 |
89c4a8591606262a1fc4fc1aebc3545987e8116fbf946426fc7d34b4d2d37d6a
|
|
| SHA512 |
0df2e465010dbe81b2e3e6594db15f097695a094dee4822b1bedf8c82363425f4e7c2a97c204ad99b5c6dfda6efe39e6fe0cec2503df44d8016fee421be6ca49
|
|
| ImpHash |
6c6bc2e2564fc52bd8e5b8dcc7dfbbeb
|
| 图标 |
哈希: cf8b3d44cc80ac3d3f5b2c3f6848133a
模糊: 71fcd2e860bbcd562ce257f969072383 dHash: e0c8ccc6c6c6c0e0 |
| 映像基址 | 0x140000000 |
| 入口点 | 0x140001000 |
| 编译时间 | 2023-11-10 06:39:03 |
| 校验和 | 0x01ef14d8 (实际: 0x01ef14d8) |
| 操作系统版本 | 5.0 |
| PEiD 签名 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 数字签名 | Chain verification from CN=WZTeam (serial:-155843482902537470358085606074993314206, sha1:648384a4dee53d4c1c87e10d67cc99307ccc9c98) failed: The X.509 certificate provided is self-signed - "Common Name: WZTeam" |
| 导入 | 12 库 |
| 导出 | 0 函数 |
| 资源 | 7 资源 |
| 节 | 7 节 |
| ProductName | Office 2013-2021 C2R Install |
| FileDescription | Office 2013-2021 C2R Install |
| Translation | 0x0000 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.code |
0x00001000 |
544,341 bytes | 544,768 bytes | 5.83 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
41019ADFF59351812F12FCA886FAADA6 |
.text |
0x00086000 |
903,331 bytes | 903,680 bytes | 6.52 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
280F83BEBB30B235B9A8BAA3E3FABDAC |
.rdata |
0x00163000 |
234,496 bytes | 234,496 bytes | 5.92 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
0C0B1BD5D58BF6D4D4EBCCCDDFF20850 |
.pdata |
0x0019d000 |
40,968 bytes | 41,472 bytes | 6.07 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
28360680F2C9FA03F1809727315D87D7 |
.data |
0x001a8000 |
31,114,056 bytes | 30,605,312 bytes | 6.90 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
E88F6726DDAC5A883A1421AB3F4FC804 |
.rsrc |
0x01f55000 |
85,168 bytes | 85,504 bytes | 1.93 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
E499723B5EEDF9E5958C8A63F743729B |
.modplug |
0x01f6a000 |
20,480 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
2 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 4 | 82,656 字节 | |
| RT_GROUP_ICON | 1 | 62 字节 | |
| RT_VERSION | 1 | 412 字节 | |
| RT_MANIFEST | 1 | 1,585 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
Chain verification from CN=WZTeam (serial:-155843482902537470358085606074993314206, sha1:648384a4dee53d4c1c87e10d67cc99307ccc9c98) failed: The X.509 certificate provided is self-signed - "Common Name: WZTeam"
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
