在线病毒检测器 | v.1.0.185.174 |
数据库版本: | 2024-08-17 06:00:12 |
RedLine Stealer是一种恶意程序,旨在从浏览器、系统和已安装软件中窃取用户的机密数据。它通常通过电子邮件附件或被攻陷的网站传递。RedLine不仅窃取敏感信息,还通过引入其他恶意软件到受害者的操作系统中构成重大威胁。这种双重攻击方式使RedLine成为一个强大而危险的网络威胁。
File | S0lard.exe |
已检查 | 2024-08-17 03:41:49 |
MD5 | f96ecc2941d9b1e8af07b17ee1a02065 |
SHA1 | 2dcf3e82968f90813a8f63085bf2910a16daab1a |
SHA256 | acbb3d54b4392443037ed3ecb35d079cb2a9b11f914b3ee74f9ad2de1aee6ee3 |
SHA512 | 497abf482c74a711dbd90c158c63d27c736874152889a0cba897a8e8108cea440e62959440d52bfcb79074a4f2c62cac794e81ba40c44f7d427f4173dd834a43 |
Imphash | 4328f7206db519cd4e82283211d98e83 |
File Size | 4810540 bytes |
Gridinsoft能够识别并消除Trojan.Win32.RedLine.mz!n,无需进一步的用户干预。
Translation | 0x0000 0x04b0 |
Comments | XHP Booster |
CompanyName | |
FileDescription | XHP |
FileVersion | 12.9.1.22 |
InternalName | Whammed.exe |
LegalCopyright | XHP Corporation Copyright © 2021 |
LegalTrademarks | |
OriginalFilename | Whammed.exe |
ProductName | XHP booster |
ProductVersion | 12.9.1.22 |
Assembly Version | 1.1.21.1 |
f6caf46481ec10e787a10651fca07072 7c466c9d3a73044c50aae8ab2b16657e e0f8f9696ce0e478 |
|
Image Base: | 0x00400000 |
Entry Point: | 0x00ef0000 |
Compilation: | 2085-05-29 16:38:55 |
Checksum: | 0x0049f04e (Actual: 0x0049b913) |
OS Version: | 4.0 |
PEiD: | PE32 executable (GUI) Intel 80386, for MS Windows |
Sign: | The expected hash does not match the digest in SpcInfo |
Sections: | 8 |
Imports: | kernel32, mscoree, |
Exports: | 0 |
Resources: | 5 |
名称 | 虚拟地址 | 虚拟大小 | 原始大小 | MD5 | 熵 |
---|---|---|---|---|---|
.text | 0x00002000 | 0x00030000 | 0x0002ec00 | 7e2deecbe392703b05492ac8e41dc03d | 6.21 |
0x00032000 | 0x0001b288 | 0x00005561 | f7494a5814b9aa691a73e878393a379a | 7.96 | |
0x0004e000 | 0x0000000c | 0x0000000f | c3a142726b23c85214c79a7fcb8938d9 | 3.64 | |
.imports | 0x00050000 | 0x00002000 | 0x00000400 | 22a082a752943aa74ccec8c28ff001ff | 0.59 |
.rsrc | 0x00052000 | 0x00003400 | 0x00003400 | 4c58a2516e3f9444c5a783531f3021e8 | 7.40 |
.themida | 0x00056000 | 0x00640000 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
.boot | 0x00696000 | 0x00459400 | 0x00459400 | 6221654849135a2a3f75c88fa3a3661e | 7.95 |
.taggant | 0x00af0000 | 0x00002400 | 0x00002014 | 4b49769a54c0c2e3e8c083243d2f7762 | 6.83 |