| 文件名 | 8d0533fb09fea4884101ce88949feb1ef7643a155ce4882907c4f8ff97e42550.exe |
| 文件类型 |
Win32 EXE
|
| 魔术字节 | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive |
| SSDEEP 哈希 |
24576:uXu+Y3lt1e3d7ICGwFosemvKP6gl4O76n:Eu+QGSwFEmCP6+XO
|
| 扫描器版本 | 1.0.219.174 |
| 数据库版本 | 2025-06-23 18:11:40 UTC |
被 9 个安全引擎检测到 - 需要谨慎
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
f96f94e14f3eb1f8a60409d378c99276
|
|
| SHA1 |
896296beb2f208132ebe5e72f1452c4ab54a247a
|
|
| SHA256 |
8d0533fb09fea4884101ce88949feb1ef7643a155ce4882907c4f8ff97e42550
|
|
| SHA512 |
f0e92823761718db7503ccbee13c398733be4e609514c539f0d7e9cfcf83fb5c6d20959cf7abc035397ee2edad1d38b59baca8d0f8e60a30ef98e135630a299e
|
|
| ImpHash |
f4639a0b3116c2cfc71144b88a929cfd
|
| 图标 |
哈希: 96f2f16fddcc8badeb90382af85852cb
模糊: 6672d3f0b8c47ecf06e49e589f00a443 dHash: e87c60b0a88898e0 |
| 映像基址 | 0x00400000 |
| 入口点 | 0x0040351c |
| 编译时间 | 2024-03-30 16:55:15 |
| 校验和 | 0x000e0287 (实际: 0x000e0287) |
| 操作系统版本 | 4.0 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
| 数字签名 | Chain verification from CN=Dislocability, [email protected], L=Fréjus, ST=Provence-Alpes-Côte d'Azur, C=FR (serial:434036969945003141043972783612837832461249805870, sha1:067362ca904caea67bbcf64e19a1f2dfaacab1e2) failed: The X.509 certificate provided is self-signed - "Common Name: Dislocability, Email Address: [email protected], Locality: Fréjus, State/Province: Provence-Alpes-Côte d'Azur, Country: FR" |
| 导入 |
7 库
ADVAPI32, SHELL32, ole32, COMCTL32, USER32, GDI32, KERNEL32 |
| 导出 | 0 函数 |
| 资源 | 22 资源 |
| 节 | 5 节 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
25,974 bytes | 26,112 bytes | 6.46 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
1E4066ED6E7440CC449C401DFD9CA64F |
.rdata |
0x00008000 |
4,952 bytes | 5,120 bytes | 5.10 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
F0B500FF912DDA10F31F36DA3EFC8A1E |
.data |
0x0000a000 |
129,848 bytes | 1,536 bytes | 4.04 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
2E1D49B2855A89E6218E118F0C182B81 |
.ndata |
0x0002a000 |
208,896 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.rsrc |
0x0005d000 |
190,624 bytes | 190,976 bytes | 5.59 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
642F63857CA8DC5BF5FFAB2C5A884360 |
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_BITMAP | 1 | 872 字节 | |
| RT_ICON | 14 | 185,776 字节 | |
| RT_DIALOG | 5 | 1,504 字节 | |
| RT_GROUP_ICON | 1 | 202 字节 | |
| RT_MANIFEST | 1 | 1,059 字节 |
| 验证状态 | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. |
| 签名者 | Dislocability |
4C 06 E4 0F 8B C2 6D 06 A2 E8 4F 32 7E A4 7A 0C D4 85 FE 2E✓ 此文件已进行数字签名,证书链已验证。
Chain verification from CN=Dislocability, [email protected], L=Fréjus, ST=Provence-Alpes-Côte d'Azur, C=FR (serial:434036969945003141043972783612837832461249805870, sha1:067362ca904caea67bbcf64e19a1f2dfaacab1e2) failed: The X.509 certificate provided is self-signed - "Common Name: Dislocability, Email Address: [email protected], Locality: Fréjus, State/Province: Provence-Alpes-Côte d'Azur, Country: FR"
建议: 验证文件来源并确保它来自可信的发布者.
Gridinsoft Anti-Malware 拥有更强大的病毒扫描引擎。我们建议使用它来更准确地诊断受感染的系统。这个简短的指南将帮助您安装我们的旗舰产品以进行更准确的诊断:
下载反恶意软件此文件看起来是干净的,但定期的安全维护很重要
