| 文件名 | vmware-workstation_oYK-3B2.exe |
| 文件类型 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 扫描器版本 | 1.0.218.174 |
| 数据库版本 | 2025-06-19 20:00:24 UTC |
恶意软件家族: BundleInstaller
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
b1747a5ac2e8fd7cd2a245b38500b201
|
|
| SHA1 |
d0c14970ca70c1ad3827719641281a76efd8179e
|
|
| SHA256 |
bc3e1ab485c83475d2644bbd777df1da5ec3b0f2c039aa4f61d95383b6ae276f
|
|
| SHA512 |
c9fb4b4297765e7a1ae71a74e951cdfa08f2d867941dcacb86810edd3e4e202b5dbd2d858c3ca455e23fbc9b043a162bc1994ef830ae8ad8cf0ae22d882b19bb
|
|
| ImpHash |
efd455830ba918de67076b7c65d86586
|
| 图标 |
哈希: a0ef7c81eee20e999575764306184ccf
模糊: 8341e53a6f1047f3c936b4d36dc8f542 dHash: 5050d274ccec82ae |
| 映像基址 | 0x00400000 |
| 入口点 | 0x004acfe0 |
| 编译时间 | 2025-05-03 14:45:36 |
| 校验和 | 0x005a539d (实际: 0x005a539d) |
| 操作系统版本 | 6.1 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 数字签名 | OK |
| 导入 |
5 库
kernel32, comctl32, user32, oleaut32, advapi32 |
| 导出 | 2 函数 |
| 资源 | 31 资源 |
| 节 | 11 节 |
| Comments | This installation was built with Inno Setup. |
| CompanyName | |
| FileDescription | Portale delle applicazioni |
| FileVersion | 2.4.0.9298 |
| LegalCopyright | |
| OriginalFileName | |
| ProductName | Applicazioni Windows |
| ProductVersion | 2.4.0.9298 |
| Translation | 0x0000 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
698,084 bytes | 698,368 bytes | 6.39 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
B8445BDD9E5484C726072A6120DAC5D3 |
.itext |
0x000ac000 |
6,024 bytes | 6,144 bytes | 6.25 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
5F4B1E9E79C8B34D6A04F97D624934E2 |
.data |
0x000ae000 |
15,356 bytes | 15,360 bytes | 4.96 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
5C86C8844D87A63141D9256AB8648C6D |
.bss |
0x000b2000 |
29,348 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.idata |
0x000ba000 |
4,198 bytes | 4,608 bytes | 4.82 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
CFABBE97F496978BE1D9ED2B0E76508C |
.didata |
0x000bc000 |
420 bytes | 512 bytes | 2.76 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
6B25D6A3BA6793DF88CEEC45D9ED59B3 |
.edata |
0x000bd000 |
113 bytes | 512 bytes | 1.33 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
1F044B007F9A7C5E77E0A9392C1C3BCB |
.tls |
0x000be000 |
24 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.rdata |
0x000bf000 |
93 bytes | 512 bytes | 1.40 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
48BDF6E6093F9760E6F540D2B96A5683 |
.reloc |
0x000c0000 |
70,408 bytes | 70,656 bytes | 6.71 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
94B970C14A85684DE6C6A4DFAA0A363B |
.rsrc |
0x000d2000 |
70,144 bytes | 70,144 bytes | 3.73 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
00221B7F14E789FA8679C0E8B21388BF |
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 13 | 55,173 字节 | |
| RT_STRING | 12 | 8,692 字节 | |
| RT_RCDATA | 3 | 956 字节 | |
| RT_GROUP_ICON | 1 | 188 字节 | |
| RT_VERSION | 1 | 1,412 字节 | |
| RT_MANIFEST | 1 | 1,960 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
OK
Gridinsoft 能够识别并消除 PUP.Win32.BundleInstaller.dd!c,无需用户进一步干预。
下载反恶意软件按照以下步骤完全从系统中移除威胁
