Metro 2033 Redux Trainer (+27) [1 0 0 3 1 0 1 10] {hex} exe (Trainer +27 for Metro 2033 Redux [1 0 0 3 1 0 1 10] by hex) PlayGround ru & Nexus Mods 文件恶意软件分析

哈希类型	值	操作
MD5	0f366c37d191cafd51f16666eb77f8e5
SHA1	1b817cff702a455003b2f9e490e6688324e7b81a
SHA256	d98c3443c7176343015fc61936532c9cd8fcdeda0cfebb3b92a7f0d694b773c4
SHA512	34d63a44dc3169c9e8fb7f9bf7db3c0561df8af791f9087a67a4345fd7e7e8723bfc3d28f5ea968a3bd39017087ccd3b78ddefae4252d3057a8d76c98cfbfa0a
ImpHash	d2968bcf270d17d6d3eb34c585dd3436

基本信息

▼

图标	哈希: 95b9e3c175b03d6b7fbf79b1e7baa720 模糊: 5d32ada3fd4a76952e27b93d6ea365b6 dHash: e8f2e8b45abcc2f8
映像基址	`0x140000000`
入口点	`0x140b99020`
编译时间	2025-08-01 17:02:42
校验和	0x0114f1be (实际: 0x0114f1be)
操作系统版本	6.0
PEiD 签名	`PE32+ executable (GUI) x86-64, for MS Windows`
数字签名	Chain verification from CN=hex, [email protected], L=St. Petersburg, C=RU (serial:600902431120564989, sha1:93e99d1afbebe774b8db6957767623964644700d) failed: The X.509 certificate provided is self-signed - "Common Name: hex, Email Address: [email protected], Locality: St. Petersburg, Country: RU"
导入	17 库
导出	0 函数
资源	12 资源
节	12 节

版本信息

▼

CompanyName	PlayGround.ru & Nexus Mods
FileDescription	Trainer +27 for Metro 2033 Redux [1.0.0.3-1.0.1.10] by hex
FileVersion	1.3
InternalName	Metro 2033 Redux Trainer (+27) [1.0.0.3-1.0.1.10] {hex}.exe
LegalCopyright	Copyright (C) 2025 hex (PlayGround.ru & Nexus Mods)
OriginalFilename	Metro 2033 Redux Trainer (+27) [1.0.0.3-1.0.1.10] {hex}.exe
ProductName	Metro 2033 Redux Trainer (+27) [1.0.0.3-1.0.1.10 Steam/GOG GALAXY/Epic Games Store] by hex
ProductVersion	1.3
Translation	0x0400 0x04b0

PE 节

▼

名称	虚拟地址	虚拟大小	原始大小	熵	特征	MD5
`.text`	`0x00001000`	12,389,206 bytes	12,389,376 bytes	6.48 (正常)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`C67F1042507F9B6010C653919041BF34`
`.rdata`	`0x00bd2000`	4,335,364 bytes	4,335,616 bytes	6.36 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`669AD0FCF114BEFEC82C183DC2CF5B10`
`.data`	`0x00ff5000`	480,300 bytes	393,216 bytes	3.98 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`111AFA564F15C326A3153B00AC1084ED`
`.pdata`	`0x0106b000`	350,328 bytes	350,720 bytes	6.47 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`B7D233449576EA6C1B6DB5916BF395B0`
`.fptable`	`0x010c1000`	256 bytes	512 bytes	0.00 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`BF619EAC0CDF3F68D496EA9344137E8B`
`.qtmetad`	`0x010c2000`	1,334 bytes	1,536 bytes	5.05 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`BFD0A37E057F358D80D1716D9A9ABD7E`
`.qtmimed`	`0x010c3000`	322,789 bytes	323,072 bytes	8.00 (打包/加密)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`2D32D357AB751FFBBB513570C6EE6986`
`.retplne`	`0x01112000`	232 bytes	512 bytes	1.64 (正常)	`0x00000000`	`6BDC4F06E76770DED5038AE15A6EE9A1`
`.tls`	`0x01113000`	9 bytes	512 bytes	0.02 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`1F354D76203061BFDD5A53DAE48D5435`
`_RDATA`	`0x01114000`	500 bytes	512 bytes	4.17 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`54A475FEA013378C0A981F737B03FA30`
`.rsrc`	`0x01115000`	247,216 bytes	247,296 bytes	6.73 (压缩)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`EDE968E74232904C091ACC8297C2606B`
`.reloc`	`0x01152000`	54,204 bytes	54,272 bytes	5.48 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`DBE0A88E00C7CD243442DF12932DF9F1`

熵分析警报

1 检测到高熵（≥7.5）的节 - 可能存在打包/加密

1 检测到较高熵（≥6.5）的节 - 可能存在压缩

资源分析

▼

资源总数: 12 (246,433 字节)

资源类型	数量	总大小	百分比
WAVE	2	213,208 字节	86.5%
RT_ICON	7	31,315 字节	12.7%
RT_GROUP_ICON	1	104 字节	0%
RT_VERSION	1	1,220 字节	0.5%
RT_MANIFEST	1	586 字节	0.2%

证书链分析

▼

证书 Information

产品	Metro 2033 Redux Trainer (+27) [1.0.0.3-1.0.1.10 Steam/GOG GALAXY/Epic Games Store] by hex
描述	Trainer +27 for Metro 2033 Redux [1.0.0.3-1.0.1.10] by hex
文件版本	1.3
原始名称	Metro 2033 Redux Trainer (+27) [1.0.0.3-1.0.1.10] {hex}.exe
签名日期	05:10 PM 08/01/2025 (66 天前)
验证状态	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
签名者	hex
内部名称	Metro 2033 Redux Trainer (+27) [1.0.0.3-1.0.1.10] {hex}.exe
版权	Copyright (C) 2025 hex (PlayGround.ru & Nexus Mods)

证书链摘要

hex #1 主要

有效期: 2025-01-01 00:00:00 → 2035-01-01 00:00:00

签名算法: sha256RSA

序列号: 08 56 D5 93 CF 9C 22 FD

DigiCert Trusted Root G4 #2 链

有效期: 2022-08-01 00:00:00 → 2031-11-09 23:59:59

签名算法: sha384RSA

序列号: 0E 9B 18 8E F9 D0 2D E7 EF DB 50 E2 08 40 18 5A

DigiCert Trusted G4 TimeStamping RSA4096 SHA256 2025 CA1 #3 链

有效期: 2025-05-07 00:00:00 → 2038-01-14 23:59:59

签名算法: sha256RSA

序列号: 0D C7 AC 57 05 FF 21 99 2E 40 43 22 0C 3A 49 86

DigiCert SHA256 RSA4096 Timestamp Responder 2025 1 #4 链

有效期: 2025-06-04 00:00:00 → 2036-09-03 23:59:59

签名算法: sha256RSA

序列号: 0A 80 EF 18 4B 8D F1 05 82 D1 C4 76 A7 95 74 68

✓ 此文件已进行数字签名，证书链已验证。

签名确保文件的完整性和发布者的真实性。
时间戳证明签名的应用时间。

证书验证状态

Chain verification from CN=hex, [email protected], L=St. Petersburg, C=RU (serial:600902431120564989, sha1:93e99d1afbebe774b8db6957767623964644700d) failed: The X.509 certificate provided is self-signed - "Common Name: hex, Email Address: [email protected], Locality: St. Petersburg, Country: RU"

建议: 验证文件来源并确保它来自可信的发布者.

文件名	Metro 2033 Redux Trainer (+27) [1.0.0.3-1.0.1.10] {hex}.exe
文件类型	PE32+ executable (GUI) x86-64, for MS Windows
扫描器版本	1.0.226.174
数据库版本	2025-10-04 10:00:33 UTC

Metro 2033 Redux Trainer (+27) [1.0.0.3-1.0.1.10] {hex}.exe (Trainer +27 for Metro 2033 Redux [1.0.0.3-1.0.1.10] by hex) 文件分析

技术分析

干净文件

扫描另一个文件

文件识别

PE 分析

基本信息

版本信息

PE 节

熵分析警报

资源分析

证书链分析

证书 Information

证书链摘要

证书验证状态

记住：这是在线病毒扫描器的结果

保护您的系统

发表评论

Gridinsoft Anti-Malware