| 在线病毒检测器 | v.1.0.185.174 |
| 数据库版本: | 2024-09-02 05:00:33 |
下载器旨在下载和安装其他恶意软件到受感染的计算机或设备上。与独立的特洛伊木马不同,下载器特洛伊木马本身没有广泛的恶意功能;相反,它们用于将其他恶意软件传递到受害者系统的手段。
| File | DriverPack-17-Online.exe |
| 已检查 | 2024-09-02 02:41:42 |
| MD5 | 1b1dc6120dc6b427c42968886902e2b4 |
| SHA1 | c325ee370e7656ee7021fe109b7b0dfe28e582e6 |
| SHA256 | c99687e9829de410b66ad7006b0604c3fddb4582050ce205c1d00ff9f309e6b8 |
| SHA512 | 2fba94b0fb40e3d44979b5b008e48178ede13c2136fa2c3f42e4703f977a732830f51c86bb06349721c7c0b154a842ace95248ef87d76e1028cd8ecf3b0f0e4b |
| Imphash | 61259b55b8912888e90f516ca08dc514 |
| File Size | 8827437 bytes |
Gridinsoft能够识别并消除Trojan.Win32.Downloader.sa,无需进一步的用户干预。
 |
6265f480ec0a490fb33d9e6f7cf76982 16ec6a18ef315f3fbedef2ddb813a935 69696969cce871b2 |
| Image Base: | 0x00400000 |
| Entry Point: | 0x00403640 |
| Compilation: | 2021-09-25 22:04:50 |
| Checksum: | 0x00000000 (Actual: 0x0087887a) |
| OS Version: | 4.0 |
| PEiD: | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 5 |
| Imports: | ADVAPI32, SHELL32, ole32, COMCTL32, USER32, GDI32, KERNEL32, |
| Exports: | 0 |
| Resources: | 53 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | MD5 | 熵 |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00006676 | 0x00006800 | d01cd60c08ad4410541807ebc6d4a26f | 6.42 |
| .rdata | 0x00008000 | 0x0000139a | 0x00001400 | 8c5edfd8ff9cc0135e197611be38ca18 | 5.14 |
| .data | 0x0000a000 | 0x00066378 | 0x00000600 | c7e50177934aec2fcddfd0aceaf14b43 | 4.11 |
| .ndata | 0x00071000 | 0x00090000 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .rsrc | 0x00101000 | 0x00007398 | 0x00007400 | acb9aa2a0859867ae862af1a2e1d5604 | 4.48 |
