| 文件名 | 2take1.exe |
| 文件类型 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.170.174 |
| 数据库版本 | 2024-04-02 02:00:47 UTC |
恶意软件家族: Agent
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
1f4213b0ba43fcce619809c9b1bc936e
|
|
| SHA1 |
ad0d4c6368789e7fb268b6d66e4e8bccc7111bc5
|
|
| SHA256 |
96f28285864cfef86cd1b4a45b8dd389bc7cd7ecd894760d8e086bc00903d0ad
|
|
| SHA512 |
8da48b08ea935d36cde33998df967332863a4545adbaa7749d0b1d8da457b396229fbf677680b208379f6af0dbc5ba5500ca460d35ed2d4fb068206f361293da
|
|
| ImpHash |
1af6c885af093afc55142c2f1761dbe8
|
| 图标 |
哈希: 0e2e804ee8646ee54e1d4c3f54ed6a41
模糊: b5ef45d48e7a2b3d4d7d37c78a47c14b dHash: e08eb6b686b292cc |
| 映像基址 | 0x140000000 |
| 入口点 | 0x14000c330 |
| 编译时间 | 2024-03-20 22:56:03 |
| 校验和 | 0x00761146 (实际: 0x00e0eb9a) |
| 操作系统版本 | 5.2 |
| PEiD 签名 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 数字签名 | Unknown certificate revision 159f |
| 导入 |
5 库
USER32, COMCTL32, KERNEL32, ADVAPI32, GDI32 |
| 导出 | 0 函数 |
| 资源 | 9 资源 |
| 节 | 7 节 |
| CompanyName | Microsoft Corporation |
| FileDescription | BDE UI Launcher |
| FileVersion | 10.0.19041.3636 (WinBuild.160101.0800) |
| InternalName | BDEUISRV.DLL |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | BDEUISRV.DLL |
| ProductName | Microsoft® Windows® Operating System |
| ProductVersion | 10.0.19041.3636 |
| Translation | 0x0409 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
175,536 bytes | 175,616 bytes | 6.50 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
75D19A4940B1C41E95D0F65F35D07455 |
.rdata |
0x0002c000 |
77,500 bytes | 77,824 bytes | 5.82 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
FEB175A5ABDD49B29D7F9C09705CC39B |
.data |
0x0003f000 |
13,240 bytes | 3,584 bytes | 1.83 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
C77D6ACF176D4B487EA671C3FD3A6945 |
.pdata |
0x00043000 |
8,964 bytes | 9,216 bytes | 5.38 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
F9C9A5A34BE2CB8FD1246F51C7B22C72 |
_RDATA |
0x00046000 |
500 bytes | 512 bytes | 3.70 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
4EC0234C233E8C5AE54CD80F9630FF86 |
.rsrc |
0x00047000 |
21,796 bytes | 22,016 bytes | 7.81 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
835CEDBE191E8AD6869D1185038FDFDF |
.reloc |
0x0004d000 |
1,880 bytes | 2,048 bytes | 5.25 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
F1D633C1708CAF707B59B5E59D6F78B3 |
1 检测到高熵(≥7.5)的节 - 可能存在打包/加密
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 6 | 18,946 字节 | |
| RT_GROUP_ICON | 1 | 90 字节 | |
| RT_VERSION | 1 | 912 字节 | |
| RT_MANIFEST | 1 | 1,293 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
Unknown certificate revision 159f
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
