| 文件名 | Native-x64.dll |
| 文件类型 |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.216.174 |
| 数据库版本 | 2025-05-08 17:00:16 UTC |
恶意软件家族: Heuristic
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
cbde843e28d0ed9a5c1629fb55e082ce
|
|
| SHA1 |
8850699faafdd93c2052ea330c8d8dbd3139cc3b
|
|
| SHA256 |
b0025609cc125f7aba2a13f57f32e984c3c159e293be4439af11566f80e1cbad
|
|
| SHA512 |
84ad8d98b406f1407658977370be59f2a21192ec8b7f0edc5ab90c4f9f33f6380d7334be6fe59981a88a4ae0f6cab5f8bcf8c2782b01b5f0205e53dae1028f99
|
|
| ImpHash |
48e7caafd94971edacd17131855309f5
|
| 图标 |
哈希: 182f634156555e334997e71fbfcab245
模糊: e2f7005f02c17f39bd85975cd4668309 dHash: f0d4b26262e0f8f0 |
| 映像基址 | 0x180000000 |
| 入口点 | 0x1802bddb4 |
| 编译时间 | 2025-03-27 06:45:36 |
| 校验和 | 0x00702fc0 (实际: 0x00711149) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
| PDB 路径 | E:\Tools\Future\coodesker\bin\Native-x64.pdb |
| 数字签名 | The expected hash does not match the digest in SpcInfo |
| 导入 | 25 库 |
| 导出 | 5 函数 |
| 资源 | 10 资源 |
| 节 | 10 节 |
| CompanyName | www.coodesker.com |
| FileDescription | Native |
| FileVersion | 2.2.0.7 |
| InternalName | Native.dll |
| LegalCopyright | Copyright (C) 2025 |
| OriginalFilename | Native.dll |
| ProductName | Native |
| ProductVersion | 2.2.0.7 |
| Translation | 0x0409 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
5,123,582 bytes | 5,123,584 bytes | 6.76 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
5B9414235DBFA39E1E4FA5C5914A8E21 |
.rdata |
0x004e4000 |
1,311,966 bytes | 1,312,256 bytes | 5.27 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
4D1BF8438957B02F2C5183788FEAACDE |
.data |
0x00625000 |
166,912 bytes | 102,912 bytes | 5.27 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D77DB7CA930CE1C60BC10A040EE1415C |
.pdata |
0x0064e000 |
194,232 bytes | 194,560 bytes | 6.36 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
431BB4B41047AFC005695059E52BFF4D |
.menu_sh |
0x0067e000 |
3,648 bytes | 4,096 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
620F0B67A91F7F74151BC5BE745B7110 |
.detourc |
0x0067f000 |
8,656 bytes | 8,704 bytes | 2.28 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
5E93802DA17536699BB9F3E30D9BA0EA |
.detourd |
0x00682000 |
24 bytes | 512 bytes | 0.12 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
EDDA25907019E5CC74C177F6952E5E4B |
_RDATA |
0x00683000 |
252 bytes | 512 bytes | 2.43 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
2F2A0B136DB0110868A0EF0A2986E679 |
.rsrc |
0x00684000 |
532,800 bytes | 532,992 bytes | 4.73 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
EF7C78DA4E39EFFEE3360311D3B97237 |
.reloc |
0x00707000 |
57,392 bytes | 57,856 bytes | 5.45 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
A2B42E844078C9C6A9567B030D50FBD0 |
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| UI | 1 | 177,651 字节 | |
| RT_ICON | 5 | 353,032 字节 | |
| RT_STRING | 1 | 34 字节 | |
| RT_GROUP_ICON | 1 | 76 字节 | |
| RT_VERSION | 1 | 688 字节 | |
| RT_MANIFEST | 1 | 642 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The expected hash does not match the digest in SpcInfo
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
