| 文件名 | Patcher.exe |
| 文件类型 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 扫描器版本 | 1.0.216.174 |
| 数据库版本 | 2025-05-13 12:00:23 UTC |
恶意软件家族: Downloader
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
1da0e3fda333912114d85e8eca69296d
|
|
| SHA1 |
2e6688916d1e13c401e6b36959e779993d69b256
|
|
| SHA256 |
9e9a0b451bee0fd5f4beed58666c210bc0c1c25a8bc40fff5891aca785b2cf96
|
|
| SHA512 |
ee5997d6d058898b8a047e1f72e7cc58c0b04231d9a2571c3f3a7147b272d639e073a3845e96458b533f8a4e67df41ff53d604f9197482d568532ec717f02466
|
|
| ImpHash |
eeb6da2fae3788c01ace6177badd812a
|
| 图标 |
哈希: 0453a25f96a36016579b2354873474dd
模糊: 31e8ee3293a5ab697de00f706ee87aab dHash: ccd0a8e8d0aaccd4 |
| 映像基址 | 0x00400000 |
| 入口点 | 0x00470165 |
| 编译时间 | 2018-06-19 18:59:27 |
| 校验和 | 0x00122764 (实际: 0x00122764) |
| 操作系统版本 | 5.1 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| PDB 路径 | C:\Users\Marcela Denegri\Documents\DESARROLLO - NO BORRAR X FAVOR\Downloaders\AuditionPatcher\Release\Patcher.pdb |
| 数字签名 | No valid SignedData structure was found. |
| 导入 |
9 库
KERNEL32, USER32, GDI32, ADVAPI32, SHELL32, ole32, OLEAUT32, WS2_32, COMCTL32 |
| 导出 | 0 函数 |
| 资源 | 12 资源 |
| 节 | 5 节 |
| CompanyName | Axeso5.com |
| Name | Audition Setup Manager |
| FileDescription | Audition Patcher |
| FileVersion | 2.94 |
| InternalName | AuditionPatcher |
| LegalCopyright | © 2014, Axeso5.com |
| OriginalFilename | Patcher.exe |
| ProductName | Audition Patcher |
| ProductVersion | 2.94 |
| Translation | 0x2c0a 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
622,129 bytes | 622,592 bytes | 6.50 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
F91E5E5B4A1BD2022101589831EE3AEC |
.rdata |
0x00099000 |
100,502 bytes | 100,864 bytes | 5.24 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
56A72DB16F45F700A8FE2DE63446B6CE |
.data |
0x000b2000 |
44,836 bytes | 9,216 bytes | 4.24 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
9040BFDEEBFB892CF7F42DF37ACA977A |
.rsrc |
0x000bd000 |
373,104 bytes | 373,248 bytes | 7.59 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
5D3B082C81D912061E30FBF4189EC2F2 |
.reloc |
0x00119000 |
25,498 bytes | 25,600 bytes | 6.55 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
37941C8CF7395FE2F1D1D0DAF4D034C6 |
1 检测到高熵(≥7.5)的节 - 可能存在打包/加密
2 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_BITMAP | 6 | 362,682 字节 | |
| RT_ICON | 2 | 8,528 字节 | |
| RT_GROUP_ICON | 2 | 40 字节 | |
| RT_VERSION | 1 | 780 字节 | |
| RT_MANIFEST | 1 | 357 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
No valid SignedData structure was found.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
