| 文件名 | NTR Phone.exe |
| 文件类型 |
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
|
| 扫描器版本 | 1.0.182.174 |
| 数据库版本 | 2024-07-22 20:00:29 UTC |
恶意软件家族: Heuristic
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
5c6997a599007cf14779b44eb3dcf98e
|
|
| SHA1 |
4642dbdb8e57b1e53cf490dbdc509c49d663bffb
|
|
| SHA256 |
a1f435e6654ded32a25baf43e42b017a1b87ccfc7c42045b0ec2e7ae2aeb2cf6
|
|
| SHA512 |
bd76a825eaff818352142b739b276ac3f30edef7624983ca6e56a21120adc0c8cf173c01faaf8a0ace16afe8006d8cdc63ba03439e667f5e650d61623769f08e
|
|
| ImpHash |
843799c8272e7b94f1dd139f92843e1a
|
| 图标 |
哈希: ea1052f053bcdbda5b4921fd85ad9b86
模糊: 737ec69bb96d5cc449d893d6533c67ba dHash: abb3bbbbbbb3ab0b |
| 映像基址 | 0x140000000 |
| 入口点 | 0x1400013d0 |
| 编译时间 | 1970-01-01 00:00:00 |
| 校验和 | 0x041c8af6 (实际: 0x041bfcaa) |
| 操作系统版本 | 4.0 |
| PEiD 签名 |
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
|
| 数字签名 | An error occurred while validating the countersignature: The root Certum Trusted Network CA 2� lists its extended key usages, but {(1, 3, 6, 1, 5, 5, 7, 3, 8)} are not present |
| 导入 | 22 库 |
| 导出 | 18 函数 |
| 资源 | 9 资源 |
| 节 | 13 节 |
| CompanyName | Godot Engine |
| FileDescription | Godot Engine |
| FileVersion | 1.0.0.0 |
| ProductName | Godot Engine |
| Licence | MIT |
| LegalCopyright | Shybox |
| Info | https://godotengine.org |
| ProductVersion | 1.0.0.0 |
| Translation | 0x0409 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
55,278,472 bytes | 55,278,592 bytes | 6.26 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
E238DE824532AC90EB231C206D840800 |
.data |
0x034b9000 |
307,904 bytes | 308,224 bytes | 1.78 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
DB38A71C9715B5CE1EB72D5F83DB99FF |
.rdata |
0x03505000 |
10,175,760 bytes | 10,176,000 bytes | 6.14 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D88740D78721E0D51A40C76AD67FDCCC |
pck |
0x03eba000 |
8 bytes | 512 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
BF619EAC0CDF3F68D496EA9344137E8B |
.pdata |
0x03ebb000 |
1,214,412 bytes | 1,214,464 bytes | 7.02 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
BFC2EFB1FA4301A34E85C3FA12F02121 |
.xdata |
0x03fe4000 |
1,451,440 bytes | 1,451,520 bytes | 4.91 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D74FA7567E4ECB48CDC2DB5042F0D5AB |
.bss |
0x04147000 |
1,784,032 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.edata |
0x042fb000 |
1,094 bytes | 1,536 bytes | 4.53 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
343DE350B3E61FC69E65A5E9AC4FCF67 |
.idata |
0x042fc000 |
20,360 bytes | 20,480 bytes | 5.03 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
B30B6F624B5D4FF7BF36AA72685EFB13 |
.CRT |
0x04301000 |
112 bytes | 512 bytes | 0.48 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
0BEE4E3CDD0C6CE87EB08CFF25F42414 |
.tls |
0x04302000 |
16 bytes | 512 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
BF619EAC0CDF3F68D496EA9344137E8B |
.rsrc |
0x04303000 |
101,748 bytes | 101,888 bytes | 7.98 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
56537EFAC0467F4956B7CB3E545334B4 |
.reloc |
0x0431c000 |
361,084 bytes | 361,472 bytes | 5.46 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
AEEC30D37E4146AF28983641F7926D8B |
1 检测到高熵(≥7.5)的节 - 可能存在打包/加密
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 6 | 100,341 字节 | |
| RT_GROUP_ICON | 2 | 180 字节 | |
| RT_VERSION | 1 | 664 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
An error occurred while validating the countersignature: The root Certum Trusted Network CA 2� lists its extended key usages, but {(1, 3, 6, 1, 5, 5, 7, 3, 8)} are not present
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
