| 文件名 | velat.exe |
| 文件类型 |
Win32 EXE
|
| 魔术字节 | PE32+ executable (GUI) x86-64, for MS Windows |
| SSDEEP 哈希 |
196608:G0UpNcv/OJE1j9fZwQRCgjmpXHIEGn7jDsfPjRMsqeXL2yrjAnDkyh:Mp2OJ2w8ERIEUsfPjSDNWCkyh
|
| 扫描器版本 | 1.0.219.174 |
| 数据库版本 | 2025-06-25 13:00:19 UTC |
被 31 个安全引擎检测到 - 需要谨慎
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
a78d242327268afc7f511961ded6a257
|
|
| SHA1 |
0952b3a1a2029b4bbc4d268fec4b3df7befa2892
|
|
| SHA256 |
9cd0786706bf53ee0a3bf4da78f3919ea7cf8290d1f4b980f18fd0a6347799b2
|
|
| SHA512 |
701b79815af3e97f87d096af007bc2d86d040b6fa60673727cb918b6ee29682a9d436f567ba06cff340ca0e215070b4b30ef700453cf798f0ebc61dc438f27f0
|
|
| ImpHash |
c990338f8145dc29c6f38fb73cf05c77
|
| 图标 |
哈希: f3fe946504f4d887bd96dde21eb2c23b
模糊: c0d773241056bad299723404d967d30e dHash: 4896cc69b2320810 |
| 映像基址 | 0x140000000 |
| 入口点 | 0x14000d0d0 |
| 编译时间 | 2025-06-23 12:25:48 |
| 校验和 | 0x00af971d (实际: 0x00afd502) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 数字签名 | The expected hash does not match the digest in SpcInfo |
| 导入 |
5 库
USER32, COMCTL32, KERNEL32, ADVAPI32, GDI32 |
| 导出 | 0 函数 |
| 资源 | 10 资源 |
| 节 | 7 节 |
| CompanyName | Microsoft Corporation |
| FileDescription | Windows System Assessment Tool |
| FileVersion | 10.0.19041.3636 (WinBuild.160101.0800) |
| InternalName | WinSAT |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | WinSAT.exe |
| ProductName | Microsoft® Windows® Operating System |
| ProductVersion | 10.0.19041.3636 |
| Translation | 0x0409 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
174,144 bytes | 174,592 bytes | 6.48 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
0B31E33FE5C337AB5001FD0E9827E967 |
.rdata |
0x0002c000 |
78,384 bytes | 78,848 bytes | 5.72 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
0CA11398AC833B42D998693EDD8ACC5D |
.data |
0x00040000 |
20,720 bytes | 3,584 bytes | 1.82 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
197F989242DC6660F50D74CF584E262C |
.pdata |
0x00046000 |
8,892 bytes | 9,216 bytes | 5.34 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
3FAE02FA227E618EBD6D494E5835F23D |
.fptable |
0x00049000 |
256 bytes | 512 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
BF619EAC0CDF3F68D496EA9344137E8B |
.rsrc |
0x0004a000 |
31,048 bytes | 31,232 bytes | 7.86 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
27AE26BBECCFDDAABB5092DA943C4EEC |
.reloc |
0x00052000 |
1,900 bytes | 2,048 bytes | 5.27 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
98C9699B10085BB8E0533706E3897132 |
1 检测到高熵(≥7.5)的节 - 可能存在打包/加密
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 7 | 28,124 字节 | |
| RT_GROUP_ICON | 1 | 104 字节 | |
| RT_VERSION | 1 | 928 字节 | |
| RT_MANIFEST | 1 | 1,293 字节 |
| 产品 | Microsoft® Windows® Operating System |
| 描述 | Windows System Assessment Tool |
| 文件版本 | 10.0.19041.3636 (WinBuild.160101.0800) |
| 原始名称 | WinSAT.exe |
| 签名日期 | 11:11 PM 04/25/2023 (794 天前) |
| 验证状态 | The digital signature of the object did not verify. |
| 签名者 | Akeo Consulting; Sectigo Public Code Signing CA EV R36; Sectigo Public Code Signing Root R46; Sectigo (AAA) |
| 副签名者 | Symantec SHA256 TimeStamping Signer - G3; Symantec SHA256 TimeStamping CA; VeriSign Universal Root Certification Authority |
| 内部名称 | WinSAT |
| 版权 | © Microsoft Corporation. All rights reserved. |
48 FC 93 B4 60 55 94 8D 36 A7 C9 8A 89 D6 94 1633 D7 08 A8 91 40 53 19 E2 A5 BB D3 39 B9 AD 6EBF B1 50 01 BB F5 92 D4 96 2A 77 97 EA 73 6F A37B 05 B1 D4 49 68 51 44 F7 C9 89 D2 9C 19 9D 127B D4 E5 AF BA CC 07 3F A1 01 23 04 22 41 4D 12✓ 此文件已进行数字签名,证书链已验证。
The expected hash does not match the digest in SpcInfo
建议: 验证文件来源并确保它来自可信的发布者.
Gridinsoft Anti-Malware 拥有更强大的病毒扫描引擎。我们建议使用它来更准确地诊断受感染的系统。这个简短的指南将帮助您安装我们的旗舰产品以进行更准确的诊断:
下载反恶意软件此文件看起来是干净的,但定期的安全维护很重要
