| 文件名 | WerFault.exe |
| 文件类型 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.142.174 |
| 数据库版本 | 2023-10-09 11:01:54 UTC |
我们的扫描器未检测到威胁
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
332468462b6e9e04fdeeb0af4d668864
|
|
| SHA1 |
c1a9e08f91b2460b2bfb99f1b71a691b7b4cdc97
|
|
| SHA256 |
dccff5cc569944b43a4ea22ae0bf390218cb30703392cfa458b6e2b665c519be
|
|
| SHA512 |
8c851ace40aff8052d05b8862c990f7cfbb616fb93d2db7890256b93e35e351daca821302e47d557553d04bce19768d8609d544dbb12e3dfc127cf4a7da453f5
|
|
| ImpHash |
a4336b3cd2aa3adcbf1468f4a959d93f
|
| 图标 |
哈希: 92c690912f6e70d06938bcbe9c3e5833
模糊: b836b9d2aac33167978d0ccbb6b58398 dHash: f2c3c3f5c5c8e878 |
| 映像基址 | 0x140000000 |
| 入口点 | 0x14005b5e0 |
| 编译时间 | 2050-05-24 02:34:20 |
| 校验和 | 0x000a1295 (实际: 0x000a1295) |
| 操作系统版本 | 10.0 |
| PEiD 签名 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| PDB 路径 | WerFault.pdb |
| 数字签名 | OK |
| 导入 | 72 库 |
| 导出 | 0 函数 |
| 资源 | 18 资源 |
| 节 | 8 节 |
| Microsoft Windows Production PCA 2011 | Microsoft Corporation (US) |
| Microsoft Root Certificate Authority 2010 | Microsoft Corporation (US) |
| CompanyName | Microsoft Corporation |
| FileDescription | Windows Problem Reporting |
| FileVersion | 10.0.22621.2215 (WinBuild.160101.0800) |
| InternalName | WerFault |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | WerFault.exe |
| ProductName | Microsoft® Windows® Operating System |
| ProductVersion | 10.0.22621.2215 |
| Translation | 0x0409 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
384,533 bytes | 385,024 bytes | 6.35 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
C138E22D3634874475AE34A5E39BD809 |
.imrsiv |
0x0005f000 |
4 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.rdata |
0x00060000 |
105,886 bytes | 106,496 bytes | 5.03 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
A93EE000BC1BAD07C164401FE21FC1B8 |
.data |
0x0007a000 |
5,888 bytes | 4,096 bytes | 1.49 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
3001D8032BC2C9F67C7C63195BCEF275 |
.pdata |
0x0007c000 |
11,376 bytes | 12,288 bytes | 5.35 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
1008CA0F46F54A337B59921015309E3A |
.didat |
0x0007f000 |
528 bytes | 4,096 bytes | 0.56 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
BABE0A15581978161DE6988AD6201C93 |
.rsrc |
0x00080000 |
93,944 bytes | 94,208 bytes | 6.97 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
94E385542CA10036A34065270AD909F9 |
.reloc |
0x00097000 |
1,232 bytes | 4,096 bytes | 2.38 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
00996CAF237A3B43DB09FFAF392DE7C1 |
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| MUI | 1 | 248 字节 | |
| WEVT_TEMPLATE | 1 | 13,050 字节 | |
| RT_ICON | 13 | 77,053 字节 | |
| RT_GROUP_ICON | 1 | 188 字节 | |
| RT_VERSION | 1 | 928 字节 | |
| RT_MANIFEST | 1 | 1,388 字节 |
| 主题 |
Microsoft Windows Microsoft Corporation US |
| 颁发者 | Microsoft Windows Production PCA 2011 |
| 序列号 | 1137338010553660565657068218711909620219118613 |
| 主题 |
Microsoft Windows Production PCA 2011 Microsoft Corporation US |
| 颁发者 | Microsoft Root Certificate Authority 2010 |
| 序列号 | 458207203049816025202696 |
OK
Gridinsoft Anti-Malware 拥有更强大的病毒扫描引擎。我们建议使用它来更准确地诊断受感染的系统。这个简短的指南将帮助您安装我们的旗舰产品以进行更准确的诊断:
下载反恶意软件此文件看起来是干净的,但定期的安全维护很重要
