| 文件名 | Setup.exe |
| 文件类型 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.216.174 |
| 数据库版本 | 2025-05-13 20:00:24 UTC |
恶意软件家族: Sabsik
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
fd4852363878a21d0f84b84507a30d6a
|
|
| SHA1 |
c0aec4857a0a550277a444ea476d5691be29a25b
|
|
| SHA256 |
cb3f8aba47c155707473c68dfe1fe7710d25af4305f2117d443872c9ee9e45b9
|
|
| SHA512 |
524e42d26dbfb51bae8698be1f7782c4db243ad3b9cbe0bd664eef99c1b9bc8380ae540ee0050810e5070ee1ec58fcf4fb86b5d703881c0babdddfeae1ef266b
|
|
| ImpHash |
3e2a6ecfffc5d43a7565ef87874e92c4
|
| 映像基址 | 0x140000000 |
| 入口点 | 0x14003c0c8 |
| 编译时间 | 2025-05-10 13:27:14 |
| 校验和 | 0x000b9268 (实际: 0x000b875a) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 数字签名 | The expected hash does not match the digest in SpcInfo |
| 导入 |
1 库
KERNEL32 |
| 导出 | 0 函数 |
| 资源 | 1 资源 |
| 节 | 12 节 |
| CompanyName | Microsoft Corporation |
| FileDescription | TCP/IP Netstat Command |
| FileVersion | 10.0.19041.1 (WinBuild.160101.0800) |
| InternalName | netstat.exe |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | netstat.exe |
| ProductName | Microsoft® Windows® Operating System |
| ProductVersion | 10.0.19041.1 |
| Translation | 0x0409 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
331,754 bytes | 331,776 bytes | 6.97 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
81E38A5E86BB0A32A4BD9A13E5D3BEAC |
.rdata |
0x00052000 |
49,996 bytes | 50,176 bytes | 4.98 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
F165AEF952BFDF7C90727F1D089F497F |
.data |
0x0005f000 |
11,752 bytes | 4,096 bytes | 2.67 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
3CCA234710982B7935596F937BA65B20 |
.pdata |
0x00062000 |
7,044 bytes | 7,168 bytes | 5.50 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
20FA49249635FAC91C3A9F7181C87998 |
.OBM |
0x00064000 |
27,499 bytes | 27,648 bytes | 6.76 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
AA68A05B611D7DF2C79A8498FA70A837 |
.gxfg |
0x0006b000 |
5,232 bytes | 5,632 bytes | 4.85 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
984C1B53081E2E466A5C3C08EFC2697B |
.retplne |
0x0006d000 |
140 bytes | 512 bytes | 1.05 (正常) |
0x00000000
|
8C950F651287CBC1296BCB4E8CD7E990 |
_RDATA |
0x0006e000 |
500 bytes | 512 bytes | 4.22 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
543102FF75AD174A965343354278F59E |
.reloc |
0x0006f000 |
1,948 bytes | 2,048 bytes | 5.35 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
06F47478FECD78131B27BB6807421639 |
.bss |
0x00070000 |
140,800 bytes | 140,800 bytes | 8.00 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
C343621DFC13BAC8B6B0C5B8F2DF9F49 |
.bss |
0x00093000 |
140,800 bytes | 140,800 bytes | 8.00 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
C343621DFC13BAC8B6B0C5B8F2DF9F49 |
.rsrc |
0x000b6000 |
1,012 bytes | 1,024 bytes | 3.31 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
AE4054FED7D9660E9CED308EDE66F61F |
2 检测到高熵(≥7.5)的节 - 可能存在打包/加密
2 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_VERSION | 1 | 924 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The expected hash does not match the digest in SpcInfo
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
