Double Commander (Double Commander Setup) Alexander Koblov 文件恶意软件分析

Double Commander (Double Commander Setup) 文件分析

更新于 2 years ago

检查者 Malware Check

uploaded

哈希类型	值	操作
MD5	25d802309019367f217902cd1e1f36e2
SHA1	f30304ace9d68c0921b8eedb97a9ebab70a8b5cf
SHA256	aa62781dcbf881107904f6e049af3d4876df63502ad6bba280b9290365620b3e
SHA512	486e3e80c675f928d120ca5c032346d059ab3b04d4e172f8aeb3f292b574a1484775ebf29672bf434eee3a5394dd88dde085072803b7c642ebe170522fa5ab02
ImpHash	20dd26497880c05caed9305b3c8b9109

哈希类型

值

操作

MD5

25d802309019367f217902cd1e1f36e2

SHA1

f30304ace9d68c0921b8eedb97a9ebab70a8b5cf

SHA256

aa62781dcbf881107904f6e049af3d4876df63502ad6bba280b9290365620b3e

SHA512

486e3e80c675f928d120ca5c032346d059ab3b04d4e172f8aeb3f292b574a1484775ebf29672bf434eee3a5394dd88dde085072803b7c642ebe170522fa5ab02

ImpHash

20dd26497880c05caed9305b3c8b9109

PE 分析

基本信息

▼

图标	哈希: 30adcb5c0b2e3c35eaec2c110733c9f8 模糊: c98f96d6ffe5af8d4eb0870c1dc20826 dHash: 92e0b496a6cada72
映像基址	`0x00400000`
入口点	`0x0041181c`
编译时间	2018-06-14 13:27:46
校验和	0x00000000 (实际: 0x008b0b39)
操作系统版本	5.0
PEiD 签名	`PE32 executable (GUI) Intel 80386, for MS Windows`
数字签名	The PE file does not contain a certificate table.
导入	5 库 oleaut32, advapi32, user32, kernel32, comctl32
导出	0 函数
资源	17 资源
节	8 节

版本信息

▼

Comments	This installation was built with Inno Setup.
CompanyName	Alexander Koblov
FileDescription	Double Commander Setup
FileVersion
LegalCopyright
ProductName	Double Commander
ProductVersion	1.0.11
Translation	0x0000 0x04b0

PE 节

▼

名称	虚拟地址	虚拟大小	原始大小	熵	特征	MD5
`.text`	`0x00001000`	62,044 bytes	62,464 bytes	6.38 (正常)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`0DA5D73FFBC41792FA65A09058A91476`
`.itext`	`0x00011000`	4,004 bytes	4,096 bytes	5.78 (正常)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`2EB275566563C3F1D0099A0DA7345B74`
`.data`	`0x00012000`	3,212 bytes	3,584 bytes	2.30 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`73B859E23F5FD17E00C08DB2E0E73DFE`
`.bss`	`0x00013000`	22,204 bytes	0 bytes	0.00 (正常)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.idata`	`0x00019000`	3,588 bytes	4,096 bytes	4.60 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`E9B9C0328FD9628AD4D6AB8283DCB20E`
`.tls`	`0x0001a000`	8 bytes	0 bytes	0.00 (正常)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.rdata`	`0x0001b000`	24 bytes	512 bytes	0.20 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`3DFFC444CCC131C9DCEE18DB49EE6403`
`.rsrc`	`0x0001c000`	45,568 bytes	45,568 bytes	4.14 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`595CC8DB214989372289CA277964EC9B`

资源分析

▼

资源总数: 17 (44,126 字节)

资源类型	数量	总大小	百分比
RT_ICON	4	4,640 字节	10.5%
RT_STRING	6	2,668 字节	6%
RT_RCDATA	4	33,908 字节	76.8%
RT_GROUP_ICON	1	62 字节	0.1%
RT_VERSION	1	1,268 字节	2.9%
RT_MANIFEST	1	1,580 字节	3.6%

证书链分析

▼

证书 Information

产品	Double Commander
描述	Double Commander Setup

✓ 此文件已进行数字签名，证书链已验证。

签名确保文件的完整性和发布者的真实性。
时间戳证明签名的应用时间。

证书验证状态

The PE file does not contain a certificate table.

建议: 验证文件来源并确保它来自可信的发布者.

发表评论

文件名	uploaded
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
扫描器版本	1.0.139.174
数据库版本	2023-09-25 16:01:54 UTC

Double Commander (Double Commander Setup) 文件分析

技术分析

干净文件

扫描另一个文件

文件识别