| 文件名 | MINI_KEYBOARD.exe |
| 文件类型 |
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
| 扫描器版本 | 1.0.168.174 |
| 数据库版本 | 2024-03-06 21:00:32 UTC |
我们的扫描器未检测到威胁
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
054e168b4c18b7c6e67ecb8399d566d6
|
|
| SHA1 |
7bbee157d0e2a874e5f472a0f4b834ca5020646b
|
|
| SHA256 |
d12c03ffe89ad9b840373073625369aec4cc770db470a72074948df489b3d6e8
|
|
| SHA512 |
1fa45ec9c0b3daa17519e87c08c5214e5ec8d140be195c676724e39972ee2557eff74ba93ae502a0e8555dea4d8c22d4823dfc9a1b7a690ddd46e6b1771640d4
|
|
| ImpHash |
e6ac742cc6d8e268850d8b02d07c2e87
|
| 图标 |
哈希: 297dd2d9b6376d055c2b143b4107d119
模糊: 3c2c2bc3f4383674e27a83057b5c7798 dHash: 5e1eaaaaaaaaaaaa |
| 映像基址 | 0x00400000 |
| 入口点 | 0x00401480 |
| 编译时间 | 2023-12-13 07:08:25 |
| 校验和 | 0x00212b6e (实际: 0x00212b6e) |
| 操作系统版本 | 4.0 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
| 数字签名 | The PE file does not contain a certificate table. |
| 导入 |
9 库
hidapi, Qt5Core, Qt5Gui, Qt5Widgets, libgcc_s_dw2-1, KERNEL32, msvcrt, SHELL32, libstdc++-6 |
| 导出 | 0 函数 |
| 资源 | 3 资源 |
| 节 | 9 节 |
| CompanyName | |
| FileDescription | |
| FileVersion | 0.0.0.0 |
| LegalCopyright | |
| OriginalFilename | MINI_KEYBOARD.exe |
| ProductName | MINI_KEYBOARD |
| ProductVersion | 0.0.0.0 |
| Translation | 0x0409 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
546,660 bytes | 546,816 bytes | 5.97 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_16BYTES
|
73FD795A4F50461E8DF679DED9B4E28C |
.data |
0x00087000 |
408 bytes | 512 bytes | 4.91 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES
|
F519F16E4122072E9C27B8CDF8E79BF4 |
.rdata |
0x00088000 |
1,517,768 bytes | 1,518,080 bytes | 7.97 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_32BYTES
|
11016775CFBE706C38B5914528C9D81F |
.eh_fram |
0x001fb000 |
11,656 bytes | 11,776 bytes | 5.09 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES
|
FF5BC9AB48F862C3FFD86E80A695F1D4 |
.bss |
0x001fe000 |
10,316 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES
|
D41D8CD98F00B204E9800998ECF8427E |
.idata |
0x00201000 |
19,988 bytes | 20,480 bytes | 5.67 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES
|
0C3B1C31B6CC9AB6DDAA3DA2DDB52946 |
.CRT |
0x00206000 |
52 bytes | 512 bytes | 0.28 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES
|
DCA9081CADB27C6D5B1D96E45AF6E2BD |
.tls |
0x00207000 |
8 bytes | 512 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES
|
BF619EAC0CDF3F68D496EA9344137E8B |
.rsrc |
0x00208000 |
10,496 bytes | 10,752 bytes | 4.22 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES
|
EA3EF8AA02A07930202D9F6F01221592 |
1 检测到高熵(≥7.5)的节 - 可能存在打包/加密
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 1 | 9,640 字节 | |
| RT_GROUP_ICON | 1 | 20 字节 | |
| RT_VERSION | 1 | 576 字节 |
| 产品 | MINI_KEYBOARD |
| 文件版本 | 0.0.0.0 |
| 原始名称 | MINI_KEYBOARD.exe |
✓ 此文件已进行数字签名,证书链已验证。
The PE file does not contain a certificate table.
建议: 验证文件来源并确保它来自可信的发布者.
Gridinsoft Anti-Malware 拥有更强大的病毒扫描引擎。我们建议使用它来更准确地诊断受感染的系统。这个简短的指南将帮助您安装我们的旗舰产品以进行更准确的诊断:
下载反恶意软件此文件看起来是干净的,但定期的安全维护很重要
