| 文件名 | dohnadohna.exe |
| 文件类型 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 扫描器版本 | 1.0.215.174 |
| 数据库版本 | 2025-04-24 10:00:23 UTC |
恶意软件家族: Gen
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
618c66cd1682d95aac9616d19e5661b5
|
|
| SHA1 |
990afcc46f3157cc546ba1e7c196d62b8da06367
|
|
| SHA256 |
950eaa37430724fe8fa2a9bf6cba1ef9363a937e4824b4a999b39296c381701b
|
|
| SHA512 |
54484920cd7478d79c2071add8b8ec4f288fc890db0b3b6bccb20538cc816c6f0bc78e6456a1b55a18c030d100f861b38c6f0dc41d9fd4020d7246f1af9f5989
|
|
| ImpHash |
138fc2389a60e750fb2d2b584aa16150
|
| 图标 |
哈希: 1f67559569ae1e75a1e3a684e3b62e50
模糊: 86972196be91a4cd724db6a6362b8be6 dHash: c8acf1c4f4f0a4cc |
| 映像基址 | 0x00400000 |
| 入口点 | 0x011c475c |
| 编译时间 | 2020-09-03 08:41:46 |
| 校验和 | 0x003dd436 (实际: 0x003d9293) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 数字签名 | The expected hash does not match the digest in SpcInfo |
| 导入 | 13 库 |
| 导出 | 0 函数 |
| 资源 | 21 资源 |
| 节 | 10 节 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
|
0x00001000 |
3,915,776 bytes | 1,421,824 bytes | 8.00 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
218AA0116BAB858B5A7D5CD5785F1657 |
|
0x003bd000 |
679,936 bytes | 248,320 bytes | 8.00 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
05EF29777EC6B0647E0E671D9B87B6C9 |
|
0x00463000 |
155,648 bytes | 24,576 bytes | 7.98 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
0D4265B7F46350D4F94609D6300E561B |
|
0x00489000 |
8,192 bytes | 2,048 bytes | 7.49 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
9F8E571B2009C2F9CA86EB80B6545C5C |
|
0x0048b000 |
4,096 bytes | 512 bytes | 0.18 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
5BD7A1E2B19AF97574FCFB9B115AFCB5 |
|
0x0048c000 |
4,096 bytes | 1,024 bytes | 5.76 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
E0138EF1D07A9B813392D96A1DE9D5A6 |
|
0x0048d000 |
372,736 bytes | 210,944 bytes | 8.00 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
483E97EFCF5EEA8DB224DC18864D9AF0 |
.rsrc |
0x004e8000 |
40,960 bytes | 38,400 bytes | 5.16 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
517F7C8F5EBA70245190CFE1175656EA |
|
0x004f2000 |
7,200,768 bytes | 1,024 bytes | 6.61 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
93D58CE82132690C7AC52F0E577BB66B |
.data |
0x00bd0000 |
2,072,576 bytes | 2,071,552 bytes | 7.98 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
50B57BD32C8F6F516E8AA8307D897536 |
5 检测到高熵(≥7.5)的节 - 可能存在打包/加密
2 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| PSO | 1 | 2,028 字节 | |
| SLK | 2 | 329,920 字节 | |
| VSO | 1 | 864 字节 | |
| RT_ICON | 10 | 35,820 字节 | |
| RT_MENU | 2 | 332 字节 | |
| RT_DIALOG | 2 | 608 字节 | |
| RT_ACCELERATOR | 1 | 40 字节 | |
| RT_GROUP_ICON | 1 | 146 字节 | |
| RT_MANIFEST | 1 | 751 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The expected hash does not match the digest in SpcInfo
建议: 验证文件来源并确保它来自可信的发布者.
Gridinsoft 能够识别并消除 Malware.Win32.Gen.bot!se39933,无需用户进一步干预。
下载反恶意软件按照以下步骤完全从系统中移除威胁
