在线病毒检测器 | v.1.0.181.174 |
数据库版本: | 2024-07-07 05:00:23 |
“Heur”代表“启发式”,这意味着我们使用一组规则、算法或行为分析来检测潜在的威胁,这些威胁可能没有特定的已知签名。这是一种主动的方法,用于识别可能表示特洛伊木马或其他恶意软件存在的可疑行为或代码模式。该文件的行为或特征触发了启发式分析,可能是恶意的迹象。然而,并不一定意味着该文件确实是特洛伊木马。它也可能是误报,即合法程序展示出类似恶意活动的行为。
File | A2UDUGYP99ZRW.exe |
已检查 | 2024-07-07 02:41:54 |
MD5 | 1730cef78b7f4cc41633a54be28f7916 |
SHA1 | f6a437437e65097f3441ea2ffa6662146109b080 |
SHA256 | d62987e984718de681e1dedeb5b497b71ba8edcd896c446de5668502217dd6f8 |
SHA512 | a0dd02486bf3fc0a3cc5b8aee716a9890b9d5a3bf2e266a58f903abadf88489d0f42db07a07bff1714badeb34232d27c97cf9b630e0f256d770dd1a49be43e82 |
Imphash | 33d8aa50bc9fb3599bf3af7d4247a8e2 |
File Size | 15829392 bytes |
Gridinsoft能够识别并消除Trojan.Heur!.00212031,无需进一步的用户干预。
b8ec5f99c9350df25ffc5468b4977147 623c4a7df7e79fb148a6de633d7d8cad c4cdf968f0c28092 |
|
Image Base: | 0x00400000 |
Entry Point: | 0x00f9079b |
Compilation: | 2024-04-17 08:27:53 |
Checksum: | 0x00f2377a (Actual: 0x00f1b516) |
OS Version: | 6.0 |
PEiD: | PE32 executable (GUI) Intel 80386, for MS Windows |
Sign: | The expected hash does not match the digest in SpcInfo |
Sections: | 7 |
Imports: | KERNEL32, USER32, GDI32, ADVAPI32, SHELL32, ole32, OLEAUT32, IMM32, XINPUT1_4, MSVCP140, WININET, urlmon, d3d9, ntdll, IPHLPAPI, WINMM, VCRUNTIME140, api-ms-win-crt-string-l1-1-0, api-ms-win-crt-runtime-l1-1-0, api-ms-win-crt-stdio-l1-1-0, api-ms-win-crt-heap-l1-1-0, api-ms-win-crt-utility-l1-1-0, api-ms-win-crt-math-l1-1-0, api-ms-win-crt-convert-l1-1-0, api-ms-win-crt-filesystem-l1-1-0, api-ms-win-crt-time-l1-1-0, api-ms-win-crt-locale-l1-1-0, |
Exports: | 0 |
Resources: | 18 |
名称 | 虚拟地址 | 虚拟大小 | 原始大小 | MD5 | 熵 |
---|---|---|---|---|---|
.text | 0x00001000 | 0x000da596 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
.rdata | 0x000dc000 | 0x000785fc | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
.data | 0x00155000 | 0x00025bf0 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
.supreme | 0x0017b000 | 0x00808d21 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
.supreme | 0x00984000 | 0x00000998 | 0x00000a00 | 221981d5cb63af38cf85c495de730ac0 | 0.52 |
.supreme | 0x00985000 | 0x00eb7000 | 0x00eb7000 | 159d59a6f15f40b2877590768d751625 | 7.87 |
.rsrc | 0x0183c000 | 0x0005e7ac | 0x0005e800 | a91d9a665e39e731e5e85066e5816714 | 5.72 |