| 文件名 | Keygen.exe |
| 文件类型 |
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
|
| 扫描器版本 | 1.0.168.174 |
| 数据库版本 | 2024-03-07 18:00:32 UTC |
恶意软件家族: Agent
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
e314faf959775fcd77d078c74fd56901
|
|
| SHA1 |
bef96f03e59fc6f65b8c40004cd7957f5d5b2748
|
|
| SHA256 |
a28e3266550cffafc4643a744811383a83e8f6902fb5eee6b1552212433c7bfb
|
|
| SHA512 |
eb99a721c0cd3fac78d2994df089a8a1905415f7eea5b4c6f18989747d53ccf79bb42c0921bf47eb1c10368fd5e315818024b2267b66636352b071c18948ab46
|
|
| ImpHash |
a2399784c9cecf3938a6d532c332a51c
|
| 图标 |
哈希: 08910a1e9c8311b5692e2ea0ad21c37d
模糊: 2f084952801a753bae0b288368824de2 dHash: 426c59317265c755 |
| 映像基址 | 0x140000000 |
| 入口点 | 0x1400014c0 |
| 编译时间 | 2021-02-21 07:36:46 |
| 校验和 | 0x000165c5 (实际: 0x000165c5) |
| 操作系统版本 | 4.0 |
| PEiD 签名 |
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
|
| 数字签名 | The PE file does not contain a certificate table. |
| 导入 |
3 库
KERNEL32, msvcrt, USER32 |
| 导出 | 0 函数 |
| 资源 | 6 资源 |
| 节 | 11 节 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
31,512 bytes | 31,744 bytes | 6.33 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_16BYTES
|
2EE8192FFE3D909E1089CA0EAD497535 |
.data |
0x00009000 |
208 bytes | 512 bytes | 0.48 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES
|
0C67957AA584FEA3B3ABF324009ECE2B |
.rdata |
0x0000a000 |
2,416 bytes | 2,560 bytes | 4.77 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_32BYTES
|
DC42C721377354F74B342C0D376AC9C9 |
.pdata |
0x0000b000 |
1,224 bytes | 1,536 bytes | 3.52 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES
|
E938DCCA7A18CF624C43C0EE0572B0DC |
.xdata |
0x0000c000 |
1,180 bytes | 1,536 bytes | 3.78 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES
|
4EBBBE9847CD9F49DEAE7CB8306A7344 |
.bss |
0x0000d000 |
2,912 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES
|
D41D8CD98F00B204E9800998ECF8427E |
.idata |
0x0000e000 |
2,152 bytes | 2,560 bytes | 3.54 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES
|
262B967E1E066709BF7EB9313AF7112B |
.CRT |
0x0000f000 |
104 bytes | 512 bytes | 0.33 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_8BYTES
|
B3025AF23154764A63364FD076618DE3 |
.tls |
0x00010000 |
16 bytes | 512 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_8BYTES
|
BF619EAC0CDF3F68D496EA9344137E8B |
.rsrc |
0x00011000 |
42,432 bytes | 42,432 bytes | 7.05 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES
|
A4B0EB551D6F9B3D0385BCEA70687981 |
.reloc |
0x0001c000 |
124 bytes | 512 bytes | 1.47 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES
|
CCCE5530D53E3BD5C7DA345894EC635F |
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_BITMAP | 1 | 34,810 字节 | |
| RT_ICON | 2 | 5,392 字节 | |
| RT_DIALOG | 1 | 570 字节 | |
| RT_GROUP_ICON | 1 | 34 字节 | |
| RT_MANIFEST | 1 | 1,167 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The PE file does not contain a certificate table.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
