LicDataViewer v1 0 0 5 exe (lic) 文件恶意软件分析

LicDataViewer_v1.0.0.5.exe (lic) 文件分析

更新于 1 year ago

检查者 Malware Check

LicDataViewer_v1.0.0.5.exe

哈希类型	值	操作
MD5	9733980909d705d0c488947e797b7de4
SHA1	a006f423bd294d250fe4691649ee8007ebd08282
SHA256	d0e77868c764c980eed2d227627a5732f8116b691a6eddb0d53e7f16b9da04c1
SHA512	b1084333fcaddb1f685e4d6fc860fbdf5ae4623a887ba949105ec01396fb0ddeb4808929ab35a31c909111773934f09e03aeaf6bbcdbf3eea00d77cbec621dec
ImpHash	2aaf777df3205ede6fab9d9a68290995

哈希类型

值

操作

MD5

9733980909d705d0c488947e797b7de4

SHA1

a006f423bd294d250fe4691649ee8007ebd08282

SHA256

d0e77868c764c980eed2d227627a5732f8116b691a6eddb0d53e7f16b9da04c1

SHA512

b1084333fcaddb1f685e4d6fc860fbdf5ae4623a887ba949105ec01396fb0ddeb4808929ab35a31c909111773934f09e03aeaf6bbcdbf3eea00d77cbec621dec

ImpHash

2aaf777df3205ede6fab9d9a68290995

PE 分析

基本信息

▼

图标	哈希: 768df61d52d94fc2e8edfc97c7ddbb8a 模糊: 3a1da0bd7057f477997b833bc1c8b6f3 dHash: 9e65614c266dcc4c
映像基址	`0x00400000`
入口点	`0x00609c10`
编译时间	2023-02-27 20:20:33
校验和	0x00000000 (实际: 0x05a0eeea)
操作系统版本	6.0
PEiD 签名	`PE32 executable (GUI) Intel 80386, for MS Windows`
数字签名	The PE file does not contain a certificate table.
导入	12 库
导出	3 函数
资源	76 资源
节	11 节

版本信息

▼

FileDescription	lic
FileVersion	1.0.0.5
ProgramID	com.embarcadero.lic
ProductName	lic
ProductVersion	1.0.0.0
Translation	0x0419 0x04e3

PE 节

▼

名称	虚拟地址	虚拟大小	原始大小	熵	特征	MD5
`.text`	`0x00001000`	2,124,364 bytes	2,124,800 bytes	6.50 (压缩)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`12BE9ABEA7A83CF89D528FD45878EEB8`
`.itext`	`0x00208000`	7,352 bytes	7,680 bytes	6.20 (正常)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`51DBDBB1B32B66DBCEFCF2E82F31B971`
`.data`	`0x0020a000`	24,292 bytes	24,576 bytes	5.26 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`0AD5FCAA0823F7598D2591E40F163ED6`
`.bss`	`0x00210000`	27,924 bytes	0 bytes	0.00 (正常)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.idata`	`0x00217000`	13,334 bytes	13,824 bytes	5.16 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`DCEDE1A092103AC321703EE6CE0E2A3E`
`.didata`	`0x0021b000`	3,212 bytes	3,584 bytes	4.09 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`53312231DE627B5D3A240B1EB37C9561`
`.edata`	`0x0021c000`	149 bytes	512 bytes	1.83 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`76777E35E3E8B1ED2ABA6AFA904CA487`
`.tls`	`0x0021d000`	84 bytes	0 bytes	0.00 (正常)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.rdata`	`0x0021e000`	93 bytes	512 bytes	1.37 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`0D27C8B7E48EB2DD82E82AE4FF397F15`
`.reloc`	`0x0021f000`	183,532 bytes	183,808 bytes	6.71 (压缩)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`4CE53233A6C580D4B2E7F4FBA6E80547`
`.rsrc`	`0x0024c000`	92,062,720 bytes	92,062,720 bytes	8.00 (打包/加密)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`8D3C09C5D3A4E2092F429A0EE0723DF3`

熵分析警报

1 检测到高熵（≥7.5）的节 - 可能存在打包/加密

2 检测到较高熵（≥6.5）的节 - 可能存在压缩

资源分析

▼

资源总数: 76 (92,058,076 字节)

资源类型	数量	总大小	百分比
RT_CURSOR	7	2,156 字节	0%
RT_ICON	1	33,520 字节	0%
RT_STRING	24	18,936 字节	0%
RT_RCDATA	34	92,001,014 字节	99.9%
RT_GROUP_CURSOR	7	140 字节	0%
RT_GROUP_ICON	1	20 字节	0%
RT_VERSION	1	476 字节	0%
RT_MANIFEST	1	1,814 字节	0%

证书链分析

▼

证书 Information

产品	lic
描述	lic
文件版本	1.0.0.5

✓ 此文件已进行数字签名，证书链已验证。

签名确保文件的完整性和发布者的真实性。
时间戳证明签名的应用时间。

证书验证状态

The PE file does not contain a certificate table.

建议: 验证文件来源并确保它来自可信的发布者.

发表评论

文件名	LicDataViewer_v1.0.0.5.exe
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
扫描器版本	1.0.146.174
数据库版本	2023-11-07 07:00:48 UTC

LicDataViewer_v1.0.0.5.exe (lic) 文件分析

技术分析

干净文件

扫描另一个文件

文件识别