| 文件名 | Shift - PDF_432wr.exe |
| 文件类型 |
Win32 EXE
|
| 魔术字节 | PE32 executable (GUI) Intel 80386, for MS Windows |
| SSDEEP 哈希 |
49152:4BuZrEUPAga4ESbhFwReftw9iW2MVeCG8lsLf2Vfx3hWL2dz96KmRxHtzdT:mkL5a7SlFwg6HnVe78lCUcqXTmjHtzV
|
| 扫描器版本 | 1.0.216.174 |
| 数据库版本 | 2025-05-17 02:00:24 UTC |
被 4 个安全引擎检测到 - 需要谨慎
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
2e0da3559d138ef631a663858826af90
|
|
| SHA1 |
ffc982e741653f8e217e329489c3498105a5a566
|
|
| SHA256 |
91224ff8d7ec1ae301d8a5ce454f61e5e50e3d850e63b931f05265d9e8488ae4
|
|
| SHA512 |
f84f3b61f0b067446d992b885b2dce07e7dd89a84c2d1d104b747604387eb3da405ad85f314cb3060d5b77d7d988b441ff6b8a57256aa61f939d2c0a9afa8ad2
|
|
| ImpHash |
e569e6f445d32ba23766ad67d1e3787f
|
| 图标 |
哈希: d92f59a169d10b6d84022a68c59f3c89
模糊: d65d8e3680fdb85033b30388a3f93c6e dHash: e4c68e1c38329cd8 |
| 映像基址 | 0x00400000 |
| 入口点 | 0x004b5eec |
| 编译时间 | 2023-02-15 14:54:16 |
| 校验和 | 0x002a6585 (实际: 0x002a6585) |
| 操作系统版本 | 6.1 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 数字签名 | Chain verification from 1.3.6.1.4.1.311.60.2.1.3=CA, 1.3.6.1.4.1.311.60.2.1.2=British Columbia, 2.5.4.15=Private Organization, CN=Shift Technologies Inc., 2.5.4.5=BC1191266, O=Shift (Shift Technologies Inc.), L=Victoria, ST=British Columbia, C=CA (serial:77899635933473310954358423417576081786, sha1:355fef4f77c8b4ceeababacf91834240a8d76435) failed: Unable to build a validation path for the certificate "Incorporation Country: CA, Incorporation State/Province: British Columbia, Business Category: Private Organization, Common Name: Shift Technologies Inc., Serial Number: BC1191266, Organization: Shift (Shift Technologies Inc.), Locality: Victoria, State/Province: British Columbia, Country: CA" - no issuer matching "Common Name: SSL.com EV Code Signing Intermediate CA RSA R3, Organization: SSL Corp, Locality: Houston, State/Province: Texas, Country: US" was found |
| 导入 |
7 库
kernel32, comctl32, version, user32, oleaut32, netapi32, advapi32 |
| 导出 | 3 函数 |
| 资源 | 23 资源 |
| 节 | 10 节 |
| Comments | This installation was built with Inno Setup. |
| CompanyName | Shift |
| FileDescription | Shift Setup |
| FileVersion | 132.3.1 |
| LegalCopyright | Copyright Shift. All rights reserved. |
| OriginalFileName | |
| ProductName | Shift |
| ProductVersion | 132.3.1 |
| Translation | 0x0000 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
735,716 bytes | 735,744 bytes | 6.36 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
43AF0A9476CA224D8E8461F1E22C94DA |
.itext |
0x000b5000 |
5,768 bytes | 6,144 bytes | 5.97 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
185E04B9A1F554E31F7F848515DC890C |
.data |
0x000b7000 |
14,244 bytes | 14,336 bytes | 5.05 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
CAB2107C933B696AA5CF0CC6C3FD3980 |
.bss |
0x000bb000 |
28,136 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.idata |
0x000c2000 |
4,060 bytes | 4,096 bytes | 5.03 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
E7D1635E2624B124CFDCE6C360AC21CD |
.didata |
0x000c3000 |
420 bytes | 512 bytes | 2.75 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
8CED971D8A7705C98B173E255D8C9AA7 |
.edata |
0x000c4000 |
154 bytes | 512 bytes | 1.88 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
8D4E1E508031AFE235BF121C80FD7D5F |
.tls |
0x000c5000 |
24 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.rdata |
0x000c6000 |
93 bytes | 512 bytes | 1.38 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
8F2F090ACD9622C88A6A852E72F94E96 |
.rsrc |
0x000c7000 |
401,760 bytes | 401,920 bytes | 7.69 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
F19BE7A6D364A01D1512D30749B28742 |
1 检测到高熵(≥7.5)的节 - 可能存在打包/加密
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 6 | 388,165 字节 | |
| RT_STRING | 11 | 8,040 字节 | |
| RT_RCDATA | 3 | 768 字节 | |
| RT_GROUP_ICON | 1 | 90 字节 | |
| RT_VERSION | 1 | 1,412 字节 | |
| RT_MANIFEST | 1 | 1,960 字节 |
| 产品 | Shift |
| 描述 | Shift Setup |
| 文件版本 | 132.3.1 |
| 签名日期 | 09:40 PM 04/15/2025 (246 天前) |
| 验证状态 | Signed |
| 签名者 | Shift Technologies Inc.; SSL.com EV Code Signing Intermediate CA RSA R3; SSL.com EV Root Certification Authority RSA R2 |
| 副签名者 | SSL.com Timestamping Unit 2024 E1; SSL.com Timestamping Issuing RSA CA R1; SSL.com Root Certification Authority RSA |
| 版权 | Copyright Shift. All rights reserved. |
3A 9A EC 95 1A 14 4C 96 B3 62 58 4F 25 35 C9 7A5A 5A AC E8 1A 35 6E B4 62 86 8D 57 7D E0 3D C76D 52 18 70 87 E8 23 4D 85 60 00 D0 80 8F 93 56✓ 此文件已进行数字签名,证书链已验证。
Chain verification from 1.3.6.1.4.1.311.60.2.1.3=CA, 1.3.6.1.4.1.311.60.2.1.2=British Columbia, 2.5.4.15=Private Organization, CN=Shift Technologies Inc., 2.5.4.5=BC1191266, O=Shift (Shift Technologies Inc.), L=Victoria, ST=British Columbia, C=CA (serial:77899635933473310954358423417576081786, sha1:355fef4f77c8b4ceeababacf91834240a8d76435) failed: Unable to build a validation path for the certificate "Incorporation Country: CA, Incorporation State/Province: British Columbia, Business Category: Private Organization, Common Name: Shift Technologies Inc., Serial Number: BC1191266, Organization: Shift (Shift Technologies Inc.), Locality: Victoria, State/Province: British Columbia, Country: CA" - no issuer matching "Common Name: SSL.com EV Code Signing Intermediate CA RSA R3, Organization: SSL Corp, Locality: Houston, State/Province: Texas, Country: US" was found
建议: 验证文件来源并确保它来自可信的发布者.
Gridinsoft Anti-Malware 拥有更强大的病毒扫描引擎。我们建议使用它来更准确地诊断受感染的系统。这个简短的指南将帮助您安装我们的旗舰产品以进行更准确的诊断:
下载反恶意软件此文件看起来是干净的,但定期的安全维护很重要
保持无恶意软件:使用 Gridinsoft 反恶意软件 保护您的 PC
Gridinsoft 反恶意软件正是如此——提供强大、用户友好的解决方案,让您安心,并不断更新以应对最新威胁。由网络安全专家设计,它提供实时保护和轻松删除恶意软件。这不仅仅是检测威胁;它是通过不间断的安全来增强您的数字生活。试一试,体验无忧浏览的感觉!
