Steam exe (Universal Recoil | 8code) Universal Recoil

Steam (3).exe (Universal Recoil | 8code) 文件分析

更新于 2 days ago

检查者 Malware Check

Steam (3).exe

哈希类型	值	操作
MD5	adb105db71c8828a0ec754179a81de67
SHA1	5f026d904a14c6b8fef773205ad436fafd4f60c5
SHA256	deb6b31c028660694503c2945e8944e99bc1d6e8e6d022677e6a565dceb8c44e
SHA512	4408bcabeeb36b6910c5ec8c1de8a1c5c31154330196a8530881f74fc100f9148bdc0ff0829f00a28303650d61d53e4bd7eed5bf51e0ed2f6181a3ca838b7033
ImpHash	cd0ef78c99733c5ed97ed0f267505821

哈希类型

值

操作

MD5

adb105db71c8828a0ec754179a81de67

SHA1

5f026d904a14c6b8fef773205ad436fafd4f60c5

SHA256

deb6b31c028660694503c2945e8944e99bc1d6e8e6d022677e6a565dceb8c44e

SHA512

4408bcabeeb36b6910c5ec8c1de8a1c5c31154330196a8530881f74fc100f9148bdc0ff0829f00a28303650d61d53e4bd7eed5bf51e0ed2f6181a3ca838b7033

ImpHash

cd0ef78c99733c5ed97ed0f267505821

PE 分析

基本信息

▼

图标	哈希: 3d5777299b04011936575bf4bcfdf03d 模糊: b3656f7d88ea358a224b234785ad42d2 dHash: 38e4e4d3f3bcd8f0
映像基址	`0x00400000`
入口点	`0x006843f8`
编译时间	2024-05-23 08:08:50
校验和	0x003443ce (实际: 0x003443ce)
操作系统版本	6.0
PEiD 签名	`PE32 executable (GUI) Intel 80386, for MS Windows`
数字签名	No valid SignedData structure was found.
导入	12 库
导出	2 函数
资源	83 资源
节	11 节

版本信息

▼

CompanyName	Universal Recoil \| 8code
FileDescription	Universal Recoil \| 8code
FileVersion	1.0.0.0
LegalCopyright	Universal Recoil \| 8code
ProductVersion	1.0.0.0
Translation	0x0409 0x04e4

PE 节

▼

名称	虚拟地址	虚拟大小	原始大小	熵	特征	MD5
`.text`	`0x00001000`	2,622,160 bytes	2,622,464 bytes	6.49 (正常)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`D8053C603EFD766341CDB9C116B46097`
`.itext`	`0x00282000`	9,384 bytes	9,728 bytes	6.06 (正常)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`868D212CBBBB1F38A2CE4B60C54F1D73`
`.data`	`0x00285000`	40,684 bytes	40,960 bytes	6.23 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`17255FEC253A81DB51F0CEE5490C67B3`
`.bss`	`0x0028f000`	108,988 bytes	0 bytes	0.00 (正常)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.idata`	`0x002aa000`	13,302 bytes	13,312 bytes	5.27 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`A6405B1FA67A0D8A555D02FB5025CD33`
`.didata`	`0x002ae000`	3,250 bytes	3,584 bytes	4.12 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`BCEAD9396D80D3F90D9CA34808CDBC31`
`.edata`	`0x002af000`	113 bytes	512 bytes	1.36 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`D39734BCED09939DD957EB89FAD52FFD`
`.tls`	`0x002b0000`	84 bytes	0 bytes	0.00 (正常)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.rdata`	`0x002b1000`	93 bytes	512 bytes	1.34 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`57FB40E47AB3300AFF255B1304A42B82`
`.reloc`	`0x002b2000`	224,688 bytes	224,768 bytes	6.72 (压缩)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`C88C4BD187CC60973E782729473E188D`
`.rsrc`	`0x002e9000`	448,482 bytes	448,512 bytes	6.85 (压缩)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`518B60D21CBB5843F57A197B9B853A43`

熵分析警报

2 检测到较高熵（≥6.5）的节 - 可能存在压缩

资源分析

▼

资源总数: 83 (443,432 字节)

资源类型	数量	总大小	百分比
VCLSTYLE	1	94,575 字节	21.3%
RT_CURSOR	8	2,464 字节	0.6%
RT_BITMAP	2	304 字节	0.1%
RT_ICON	6	121,524 字节	27.4%
RT_STRING	28	25,964 字节	5.9%
RT_RCDATA	27	196,261 字节	44.3%
RT_GROUP_CURSOR	8	160 字节	0%
RT_GROUP_ICON	1	90 字节	0%
RT_VERSION	1	584 字节	0.1%
RT_MANIFEST	1	1,506 字节	0.3%

证书链分析

▼

证书 Information

描述	Universal Recoil \| 8code
文件版本	1.0.0.0
版权	Universal Recoil \| 8code

✓ 此文件已进行数字签名，证书链已验证。

签名确保文件的完整性和发布者的真实性。
时间戳证明签名的应用时间。

证书验证状态

No valid SignedData structure was found.

建议: 验证文件来源并确保它来自可信的发布者.

发表评论

文件名	Steam (3).exe
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
扫描器版本	1.0.220.174
数据库版本	2025-07-14 02:00:17 UTC

Steam (3).exe (Universal Recoil | 8code) 文件分析

技术分析

干净文件

扫描另一个文件

文件识别