| 文件名 | ep_setup.exe |
| 文件类型 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.216.174 |
| 数据库版本 | 2025-05-17 19:00:24 UTC |
恶意软件家族: Wacapew
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
f164888a6fbc646b093f6af6663f4e63
|
|
| SHA1 |
3c0bb9f9a4ad9b1c521ad9fc30ec03668577c97c
|
|
| SHA256 |
8c5a3597666f418b5c857e68c9a13b7b6d037ea08a988204b572f053450add67
|
|
| SHA512 |
f1b2173962561d3051ec6b5aa2fc0260809e37e829255d95c8a085f990c18b724daff4372f646d505dabe3cc3013364d4316c2340527c75d140dbc6b5ebdeee1
|
|
| ImpHash |
f1499aa854493f33c80eb31e0ab8ae92
|
| 映像基址 | 0x140000000 |
| 入口点 | 0x140008c18 |
| 编译时间 | 2024-11-02 13:43:18 |
| 校验和 | 0x00000000 (实际: 0x00aae0b5) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| PDB 路径 | D:\a\ExplorerPatcher\ExplorerPatcher\build\Release\x64\ep_setup.pdb |
| 数字签名 | No valid SignedData structure was found. |
| 导入 |
8 库
KERNEL32, USER32, ADVAPI32, SHELL32, ole32, RstrtMgr, VERSION, SHLWAPI |
| 导出 | 0 函数 |
| 资源 | 37 资源 |
| 节 | 6 节 |
| CompanyName | ExplorerPatcher Developers |
| FileDescription | ExplorerPatcher Setup Program |
| FileVersion | 22621.4317.67.1 |
| InternalName | ep_setup.exe |
| LegalCopyright | (C) 2021-2024 ExplorerPatcher Developers. All rights reserved. |
| OriginalFilename | ep_setup.exe |
| ProductName | ExplorerPatcher |
| ProductVersion | 22621.4317.67.1 |
| Translation | 0x0409 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
151,408 bytes | 151,552 bytes | 6.47 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
1F4FC22D148D6D3135755EEA43C697E1 |
.rdata |
0x00026000 |
64,800 bytes | 65,024 bytes | 5.37 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
AA96A95A51639AA280D1A0D77A982305 |
.data |
0x00036000 |
8,020 bytes | 3,072 bytes | 1.96 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
70729D2EC4F7F720830CE88E7A8DEFB2 |
.pdata |
0x00038000 |
6,828 bytes | 7,168 bytes | 5.29 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
BD20803E644778B5C525E4BCF2D8D029 |
.rsrc |
0x0003a000 |
10,913,032 bytes | 10,913,280 bytes | 7.99 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
B66E28F0C9DD840431C3F09702E7E354 |
.reloc |
0x00aa3000 |
1,700 bytes | 2,048 bytes | 5.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
5EA92CC594F6F022327F422CCDB67DFD |
1 检测到高熵(≥7.5)的节 - 可能存在打包/加密
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_STRING | 34 | 35,162 字节 | |
| RT_RCDATA | 1 | 10,875,097 字节 | |
| RT_VERSION | 1 | 896 字节 | |
| RT_MANIFEST | 1 | 638 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
No valid SignedData structure was found.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
