| 文件名 | Bandicam_v7.0.0.2117.exe |
| 文件类型 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 扫描器版本 | 1.0.142.174 |
| 数据库版本 | 2023-10-10 23:07:08 UTC |
恶意软件家族: Keygen
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
4ba56432d57b98aa1afbb379f9a11cc1
|
|
| SHA1 |
981063c22eacf9eef8435eb5bada061007d26641
|
|
| SHA256 |
abfb413414e9e0b323f3eb26a213d692e1e95bd40020249de3797034103f0efa
|
|
| SHA512 |
5183dd35ecbe9f6ca417ec3fba3d1e04feeef8dd327b8a44b3eccf5b46a49512981f1b677d52e383548f83dbc2e7a58f6100e90dac1e34a9abeb6266b63f096c
|
|
| ImpHash |
483f0c4259a9148c34961abbda6146c1
|
| 图标 |
哈希: d44ed167856233cc92bf5ab1583aac9c
模糊: 44f61ef91c6d12e067529f0ac405e304 dHash: 71c48a3969b28e69 |
| 映像基址 | 0x00400000 |
| 入口点 | 0x00416478 |
| 编译时间 | 2012-10-02 05:04:04 |
| 校验和 | 0x00000000 (实际: 0x01dbfc45) |
| 操作系统版本 | 5.0 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 数字签名 | The PE file does not contain a certificate table. |
| 导入 |
5 库
oleaut32, advapi32, user32, kernel32, comctl32 |
| 导出 | 0 函数 |
| 资源 | 17 资源 |
| 节 | 8 节 |
| Comments | This installation was built with Inno Setup. |
| CompanyName | BandiSoft (RePack by Dodakaedr) |
| FileDescription | Bandicam |
| FileVersion | 7.0.0.2117 |
| LegalCopyright | Dodakaedr |
| ProductName | Bandicam |
| ProductVersion | 7.0.0.2117 |
| Translation | 0x0000 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
82,936 bytes | 82,944 bytes | 6.48 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
345DB2B6911ADDC85B53F32245F969A0 |
.itext |
0x00016000 |
3,048 bytes | 3,072 bytes | 6.02 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
2E74D968CAEDEB2D71B9505530D43907 |
.data |
0x00017000 |
3,484 bytes | 3,584 bytes | 2.67 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D5B22EFF9E08EDAA95F493C1A71158C0 |
.bss |
0x00018000 |
22,352 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.idata |
0x0001e000 |
3,998 bytes | 4,096 bytes | 4.97 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
B47EACA4C149EE829DE76A342B5560D5 |
.tls |
0x0001f000 |
8 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.rdata |
0x00020000 |
24 bytes | 512 bytes | 0.19 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
3746F5876803F8F30DB5BB2DEB8772AE |
.rsrc |
0x00021000 |
89,820 bytes | 90,112 bytes | 6.17 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
92A598666FD34B4BF7B95BE3CAEF2A12 |
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 4 | 48,706 字节 | |
| RT_STRING | 6 | 3,200 字节 | |
| RT_RCDATA | 4 | 34,004 字节 | |
| RT_GROUP_ICON | 1 | 62 字节 | |
| RT_VERSION | 1 | 1,208 字节 | |
| RT_MANIFEST | 1 | 1,582 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The PE file does not contain a certificate table.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
