| 文件名 | vendetta_loader.exe |
| 文件类型 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.216.174 |
| 数据库版本 | 2025-05-04 21:00:15 UTC |
我们的扫描器未检测到威胁
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
7c19acd1bc2a7c2fa533fc3e83b94401
|
|
| SHA1 |
4255114fbe615598bfa371e124f737a641fa6c7e
|
|
| SHA256 |
e9287812fc6e98899cebbd5b7e80891510a696cc04e58ef3e3e08351ea19ccc8
|
|
| SHA512 |
1e874b900ccee0ecf32d7a5778f4277fc6da908c130ed0c9a2c695c80a00b912fb0ab72660ba25bc426ba639d0340db0c6ee46dc0549316a6e35e3c5dc29cf59
|
|
| ImpHash |
88f70fb82598484a7ce88eef6418418b
|
| 映像基址 | 0x140000000 |
| 入口点 | 0x1400010f6 |
| 编译时间 | 2025-05-04 15:33:27 |
| 校验和 | 0x004b3914 (实际: 0x0168a4b4) |
| 操作系统版本 | 4.0 |
| PEiD 签名 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 数字签名 | No valid SignedData structure was found. |
| 导入 |
7 库
kernel32, oleaut32, user32, advapi32, ole32, ntdll, shlwapi |
| 导出 | 0 函数 |
| 资源 | 0 资源 |
| 节 | 22 节 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
2,007,304 bytes | 2,007,552 bytes | 6.11 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
A49ABA9F47DC1A383F63666F46451070 |
.data |
0x001ec000 |
18,736 bytes | 18,944 bytes | 1.65 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
9C565A05657676F58340EE3FE04C92D5 |
.rdata |
0x001f1000 |
305,200 bytes | 305,664 bytes | 5.82 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
1A471F4CEBF182A2AFDCEFD099E83D07 |
/4 |
0x0023c000 |
4 bytes | 512 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
BF619EAC0CDF3F68D496EA9344137E8B |
.pdata |
0x0023d000 |
94,296 bytes | 94,720 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
E219B62ECB1A0420337D49F823983AD2 |
.xdata |
0x00255000 |
118,460 bytes | 118,784 bytes | 4.71 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
2BE6AFB28CFA7190E6AA53721AF54710 |
.bss |
0x00272000 |
42,576 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.idata |
0x0027d000 |
13,876 bytes | 14,336 bytes | 4.66 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
6A11708F04CB6A96FEA5D5F0DD9DBE05 |
.CRT |
0x00281000 |
104 bytes | 512 bytes | 0.41 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
F5F693576681134C92696942C0774DCC |
.tls |
0x00282000 |
16 bytes | 512 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
BF619EAC0CDF3F68D496EA9344137E8B |
.reloc |
0x00283000 |
7,988 bytes | 8,192 bytes | 5.42 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
7C81347BCE2C7CED166E34E52EFC0525 |
/14 |
0x00285000 |
208 bytes | 512 bytes | 0.87 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
B722B2FD2E1EAAAE31BFEE2794B8BEE2 |
/29 |
0x00286000 |
18,536 bytes | 18,944 bytes | 5.83 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
39E8CDCAB08C7F37AC9019464386928C |
/41 |
0x0028b000 |
2,313 bytes | 2,560 bytes | 4.65 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
5554909C58CA9A9EA6A5B19593B7E300 |
/55 |
0x0028c000 |
2,422 bytes | 2,560 bytes | 4.81 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
8F06A836E1AA20E3D8C750A52CCCCB55 |
/67 |
0x0028d000 |
1,168 bytes | 1,536 bytes | 3.16 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
95BA820019A2738B5DC131AF8BC9B286 |
/80 |
0x0028e000 |
209 bytes | 512 bytes | 2.90 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
44574CAA58589002596A11BF741F67C8 |
/91 |
0x0028f000 |
1,138 bytes | 1,536 bytes | 4.19 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
03DDD647864B417B64C7D4B6553E3D35 |
/107 |
0x00290000 |
2,216 bytes | 2,560 bytes | 4.20 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
3E03D66F652E17F7F5B521D3A0D9F31D |
/123 |
0x00291000 |
246 bytes | 512 bytes | 2.35 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
16FD0BFD33F7CF809177204DF742BCC6 |
.enigma1 |
0x00292000 |
4,096 bytes | 17,891,328 bytes | 6.57 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
9E46B5E37BC9B104995E0BB19FE023DC |
.enigma2 |
0x00293000 |
835,584 bytes | 835,584 bytes | 5.67 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
F1DBD63BC236372EAF96DCA81A75DF22 |
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
No valid SignedData structure was found.
建议: 验证文件来源并确保它来自可信的发布者.
Gridinsoft Anti-Malware 拥有更强大的病毒扫描引擎。我们建议使用它来更准确地诊断受感染的系统。这个简短的指南将帮助您安装我们的旗舰产品以进行更准确的诊断:
下载反恶意软件此文件看起来是干净的,但定期的安全维护很重要
保持无恶意软件:使用 Gridinsoft 反恶意软件 保护您的 PC
Gridinsoft 反恶意软件正是如此——提供强大、用户友好的解决方案,让您安心,并不断更新以应对最新威胁。由网络安全专家设计,它提供实时保护和轻松删除恶意软件。这不仅仅是检测威胁;它是通过不间断的安全来增强您的数字生活。试一试,体验无忧浏览的感觉!
