| 文件名 | syzs_installer_1000208100_market.exe |
| 文件类型 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 扫描器版本 | 1.0.210.174 |
| 数据库版本 | 2025-03-07 14:00:37 UTC |
恶意软件家族: Heuristic
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
4a21283195f1937910f8ecc6fe867da7
|
|
| SHA1 |
a6cd22c66ee93d3b78e9144f194d6d028f65db6f
|
|
| SHA256 |
91bbe468b58d641c6ea06f79afd757c240e5761b01eeb3f52820c6456846db36
|
|
| SHA512 |
dc9413d59fb605a559fffff391d9b46f8192dd04176de03346a3968bca176ac20384faf73e4f4f8f82fcaed263794e576f6a5220e9b2a901bd5cf9fdea2cd21b
|
|
| ImpHash |
edf81f35a58fa4c5a6421941bbe9a966
|
| 图标 |
哈希: 0300f151fabe9d5fb7e5d48e68bfc8ce
模糊: c8b1e18f5770bc2f701ecac17e8bf713 dHash: fcc4a2d81682d2e0 |
| 映像基址 | 0x00400000 |
| 入口点 | 0x00625d88 |
| 编译时间 | 2023-09-19 16:42:03 |
| 校验和 | 0x003774aa (实际: 0x003774aa) |
| 操作系统版本 | 5.1 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| PDB 路径 | D:\Devops\agent\workspace\p-111758179e0043a5b011650a32a71ea0\src\TGBDownloader\Output\TGBDownloader\Release\TGBDownloader.pdb |
| 数字签名 | OK |
| 导入 | 16 库 |
| 导出 | 0 函数 |
| 资源 | 9 资源 |
| 节 | 8 节 |
| FileDescription | TGBDownloader |
| ProductName | TGBDownloader |
| CompanyName | Tencent |
| FileVersion | 1, 0, 0, 1 |
| InternalName | TGBDownloader.exe |
| LegalCopyright | Copyright ? 2020 Tencent. All Rights Reserved. |
| OriginalFilename | TGBDownloader.exe |
| ProductVersion | 1, 0, 0, 1 |
| Translation | 0x0409 0x04e4 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
2,628,586 bytes | 2,628,608 bytes | 6.71 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
1A4473CBCAEF7DC6BDA670F734E48881 |
.rdata |
0x00283000 |
548,468 bytes | 548,864 bytes | 5.42 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
4D9E43C6442449811DF4F0D931B3F9DA |
.data |
0x00309000 |
85,060 bytes | 66,560 bytes | 5.16 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
DD62CF54706B1ED07AA2FCFCCBF8482B |
.gfids |
0x0031e000 |
4,360 bytes | 4,608 bytes | 3.99 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
3D24357047B2EC28DA41C7EA2DEFA97F |
.tls |
0x00320000 |
9 bytes | 512 bytes | 0.02 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
1F354D76203061BFDD5A53DAE48D5435 |
.QMGuid |
0x00321000 |
20 bytes | 512 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
BF619EAC0CDF3F68D496EA9344137E8B |
.rsrc |
0x00322000 |
216,856 bytes | 217,088 bytes | 7.16 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
080E4D6A1AC771129F4BF64A0CD1C56F |
.reloc |
0x00357000 |
121,424 bytes | 121,856 bytes | 6.60 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
14B91DA2F2660566746F0473722482B1 |
3 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| CUSTOM | 2 | 85,830 字节 | |
| ZIPRES | 1 | 119,068 字节 | |
| RT_ICON | 1 | 9,640 字节 | |
| RT_MENU | 1 | 80 字节 | |
| RT_STRING | 1 | 84 字节 | |
| RT_GROUP_ICON | 1 | 20 字节 | |
| RT_VERSION | 1 | 788 字节 | |
| RT_MANIFEST | 1 | 651 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
OK
按照以下步骤完全从系统中移除威胁
