| 文件名 | co.exe |
| 文件类型 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 扫描器版本 | 1.0.154.174 |
| 数据库版本 | 2024-01-08 18:01:56 UTC |
恶意软件家族: InstallCore
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
55405f31f66e14569d3bd34d65e7e388
|
|
| SHA1 |
265910ac6a7769f3068fc969e40def3c75b78f3c
|
|
| SHA256 |
e4786e76380f0cb6f1d1a1ca67774d518114951fa9d59b8ffdb8550991f110a6
|
|
| SHA512 |
a213df1a3cf839d162e88b508c6e943cfebecc2dc6205129a4a509b7d4e23f2820e35b0d2a59597acfff81b53b1dc120a78f851ea78313c3a632879e935d91ca
|
|
| ImpHash |
5e78adb8cb4d0d5c058e95fd1db4ce38
|
| 图标 |
哈希: 5771b0fae29f38cac49fcbccd914d4c2
模糊: b7621093455d12c52d863db1873a2897 dHash: f0f0bed4d4d4f0f0 |
| 映像基址 | 0x00400000 |
| 入口点 | 0x00b75e44 |
| 编译时间 | 2023-11-28 14:47:36 |
| 校验和 | 0x014eb41d (实际: 0x014eb41d) |
| 操作系统版本 | 5.1 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| PDB 路径 | D:\develop\BitComet_2.05\app\Release_unicode\GUI_BitComet_wx.pdb |
| 数字签名 | An error occurred while validating the countersignature: The root Certum Trusted Network CA 2� lists its extended key usages, but {(1, 3, 6, 1, 5, 5, 7, 3, 8)} are not present |
| 导入 | 21 库 |
| 导出 | 0 函数 |
| 资源 | 154 资源 |
| 节 | 7 节 |
| Certum Trusted Network CA | Unizeto Technologies S.A. (PL) |
| Certum Timestamping 2021 CA | Asseco Data Systems S.A. (PL) |
| Certum Trusted Network CA 2 | Asseco Data Systems S.A. (PL) |
| Certum Trusted Network CA 2 | Asseco Data Systems S.A. (PL) |
| Certum Code Signing 2021 CA | Xing Wang (CN) |
| CompanyName | www.BitComet.com |
| FileDescription | BitComet - a BitTorrent Client |
| FileVersion | 2.05 |
| InternalName | BitComet.exe |
| LegalCopyright | Copyright(C) 2003-2023 All Rights Reserved. |
| ProductName | BitComet |
| ProductVersion | 2.05 |
| Translation | 0x0409 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
13,449,140 bytes | 13,449,216 bytes | 6.68 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
31CEEE5C9F493BA9FF2663884F512088 |
.rdata |
0x00cd5000 |
4,637,346 bytes | 4,637,696 bytes | 5.60 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
CCDFCFA57437E09A073621EFC050269B |
.data |
0x01142000 |
1,730,628 bytes | 416,256 bytes | 5.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
265C08EAE1B3F6B305B464554CB32F87 |
.detourc |
0x012e9000 |
4,544 bytes | 4,608 bytes | 3.97 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
13E08E8819E5FDA11776A799C7CAA563 |
.detourd |
0x012eb000 |
12 bytes | 512 bytes | 0.07 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
15D7BD12D01A5E1CC9BCFDA0DF81F640 |
.rsrc |
0x012ec000 |
2,278,712 bytes | 2,278,912 bytes | 7.94 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
07494C1A69326723E7ED9AEECA154FBD |
.reloc |
0x01519000 |
1,100,768 bytes | 1,100,800 bytes | 6.53 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
449789C29B3E24AA5249139169ED1AF5 |
1 检测到高熵(≥7.5)的节 - 可能存在打包/加密
2 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| DLL | 1 | 2,560 字节 | |
| MHT | 3 | 74,651 字节 | |
| PNG | 87 | 1,673,127 字节 | |
| ZIP | 7 | 321,401 字节 | |
| RT_ICON | 36 | 171,173 字节 | |
| RT_GROUP_ICON | 6 | 540 字节 | |
| RT_VERSION | 1 | 720 字节 | |
| RT_HTML | 12 | 22,213 字节 | |
| RT_MANIFEST | 1 | 794 字节 |
| 主题 |
Certum Trusted Network CA 2 Unizeto Technologies S.A. PL |
| 颁发者 | Certum Trusted Network CA |
| 序列号 | 36831864946870993744187066625231351079 |
| 主题 |
Certum Timestamp 2023 Asseco Data Systems S.A. PL |
| 颁发者 | Certum Timestamping 2021 CA |
| 序列号 | 12990091761336652031772869827997649713 |
| 主题 |
Certum Code Signing 2021 CA Asseco Data Systems S.A. PL |
| 颁发者 | Certum Trusted Network CA 2 |
| 序列号 | 204220824695607667577196483744657304121 |
| 主题 |
Certum Timestamping 2021 CA Asseco Data Systems S.A. PL |
| 颁发者 | Certum Trusted Network CA 2 |
| 序列号 | 308377848162979334299411899320923366791 |
| 主题 |
Xing Wang Xing Wang CN |
| 颁发者 | Certum Code Signing 2021 CA |
| 序列号 | 142540952136945333859675369454265582376 |
An error occurred while validating the countersignature: The root Certum Trusted Network CA 2� lists its extended key usages, but {(1, 3, 6, 1, 5, 5, 7, 3, 8)} are not present
建议: 验证文件来源并确保它来自可信的发布者.
Gridinsoft 能够识别并消除 Adware.Win32.InstallCore.vl!c,无需用户进一步干预。
下载反恶意软件按照以下步骤完全从系统中移除威胁
