| 文件名 | 1 |
| 文件类型 |
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
| 扫描器版本 | 1.0.167.174 |
| 数据库版本 | 2024-02-27 07:00:21 UTC |
恶意软件家族: Agent
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
8596cd4e4cd44928d9621ca7a17a4697
|
|
| SHA1 |
067e1d4bfeec7fa10ee72145df2eec3a61c8d1e0
|
|
| SHA256 |
a3207a4e241d81d510eb7f8f713b961680084a0f4f673f0b086d57dbc5a3b15d
|
|
| SHA512 |
da89c43f339352379b6a8b78e11cd55f97a76e72c018a57805d815be3e5fc8ed37ca478026e78d26507f34cf74dd479f4cbc20aceb54da8e6c482143ba627d16
|
|
| ImpHash |
148bb19e5f2a9444caa6c1588ccb3a58
|
| 映像基址 | 0x6bac0000 |
| 入口点 | 0x6bac13d0 |
| 编译时间 | 2063-07-26 01:20:36 |
| 校验和 | 0x00011dd1 (实际: 0x000116da) |
| 操作系统版本 | 4.0 |
| PEiD 签名 |
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
| 数字签名 | The PE file does not contain a certificate table. |
| 导入 |
3 库
ADVAPI32, KERNEL32, msvcrt |
| 导出 | 1 函数 |
| 资源 | 0 资源 |
| 节 | 11 节 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
8,416 bytes | 8,704 bytes | 5.89 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_16BYTES
|
4818188BD731779A291C9263EFFB331E |
.data |
0x00004000 |
2,128 bytes | 2,560 bytes | 5.10 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES
|
FA855EB5549931CA4D028A7692FC9A3B |
.rdata |
0x00005000 |
1,312 bytes | 1,536 bytes | 3.91 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_16BYTES
|
F9DF8766F0FD989719DA866B889DB95D |
.pdata |
0x00006000 |
552 bytes | 1,024 bytes | 2.41 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES
|
631361500672B9383611948E5A8D8F58 |
.xdata |
0x00007000 |
472 bytes | 512 bytes | 3.74 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES
|
C3A25D1B45D7CF05FDC08F3528D177C3 |
.bss |
0x00008000 |
2,352 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES
|
D41D8CD98F00B204E9800998ECF8427E |
.edata |
0x00009000 |
76 bytes | 512 bytes | 0.70 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES
|
55210AB235AE55CCD6CAF9F2EB16C38E |
.idata |
0x0000a000 |
2,704 bytes | 3,072 bytes | 3.87 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES
|
BDFC2F8F5069406D40A06E2D19E6136A |
.CRT |
0x0000b000 |
88 bytes | 512 bytes | 0.20 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_8BYTES
|
CC1B1B5D666AEE5B54F79D24B47058A0 |
.tls |
0x0000c000 |
104 bytes | 512 bytes | 0.26 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES
|
049282ED3B402B40B4347D0F9AD2526C |
.reloc |
0x0000d000 |
912 bytes | 1,024 bytes | 5.73 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES
|
911C05653202BAA0DBD36D475189C200 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The PE file does not contain a certificate table.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
