WebDiscover 4 71 2 exe PUP WebDiscoverBrowser 文件恶意软件分析: 0920cabed581f67af0e9ffa40da894e5

WebDiscover-4.71.2.exe PUP WebDiscoverBrowser 分析

更新于 1 year ago

检查者 Malaware Check

WebDiscover-4.71.2.exe

哈希类型	值	操作
MD5	0920cabed581f67af0e9ffa40da894e5
SHA1	9c0cb259c9e80996ed9d6f8316646398f0eebb71
SHA256	e9fff117c0a0f4cfe7126d613e19e6c2e4b6101f5b93a72c0f20740a415655d7
SHA512	222107843114d1ed36e69ff363e632827a07e37471b3c789c2dee84a9fdb7208b6a70f12f1c050f2931c97ce90082d648dac5e44763945a3b152fb3d0bab0a58
ImpHash	5a594319a0d69dbc452e748bcf05892e

哈希类型

值

操作

MD5

0920cabed581f67af0e9ffa40da894e5

SHA1

9c0cb259c9e80996ed9d6f8316646398f0eebb71

SHA256

e9fff117c0a0f4cfe7126d613e19e6c2e4b6101f5b93a72c0f20740a415655d7

SHA512

222107843114d1ed36e69ff363e632827a07e37471b3c789c2dee84a9fdb7208b6a70f12f1c050f2931c97ce90082d648dac5e44763945a3b152fb3d0bab0a58

ImpHash

5a594319a0d69dbc452e748bcf05892e

PE 分析

基本信息

▼

图标	哈希: 63727609154e66acfb8a5c5823542694 模糊: fb1615510f76c5bcacb80612622493d7 dHash: f0f0e8cdcdecf0f0
映像基址	`0x00400000`
入口点	`0x004b5eec`
编译时间	2020-05-21 05:56:23
校验和	0x03a814f3 (实际: 0x03a814f3)
操作系统版本	6.0
PEiD 签名	`PE32 executable (GUI) Intel 80386, for MS Windows`
数字签名	Chain verification from CN=WEBDISCOVER MEDIA, O=WEBDISCOVER MEDIA, L=Victoria, ST=British Columbia, C=CA (serial:11722363034421067546445672440083655041, sha1:b2e2fefbfb0b0da5c37ae87f5c562c05e30b0522) failed: The path could not be validated because the end-entity certificate expired 2021-04-11 23:59:59Z
导入	7 库 kernel32, comctl32, version, user32, oleaut32, netapi32, advapi32
导出	3 函数
资源	24 资源
节	10 节

数字签名

▼

Symantec Class 3 SHA256 Code Signing CA	WEBDISCOVER MEDIA (CA)
VeriSign Class 3 Public Primary Certification Authority - G5	Symantec Corporation (US)

版本信息

▼

CompanyName	WebDiscover Media
FileDescription	WebDiscover Browser Setup
FileVersion	4.71.2
LegalCopyright	Copyright WebDiscover Media. All rights reserved.
OriginalFileName
ProductName	WebDiscover Browser
OriginalFilename	WebDiscover-4.71.2.exe
ProductVersion	4.71.2
Translation	0x0000 0x04b0

PE 节

▼

名称	虚拟地址	虚拟大小	原始大小	熵	特征	MD5
`.text`	`0x00001000`	734,724 bytes	735,232 bytes	6.35 (正常)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`364BC619A502D7F0A97ABA31E34B82D2`
`.itext`	`0x000b5000`	5,764 bytes	6,144 bytes	5.97 (正常)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`282B489EAC439B258C98EC516C03C2CD`
`.data`	`0x000b7000`	14,244 bytes	14,336 bytes	5.04 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`342785CF6BA6DE905CA393413E77B906`
`.bss`	`0x000bb000`	28,064 bytes	0 bytes	0.00 (正常)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.idata`	`0x000c2000`	3,894 bytes	4,096 bytes	4.90 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`A73D686F1E8B9BB06EC767721135E397`
`.didata`	`0x000c3000`	420 bytes	512 bytes	2.76 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`41B8CE23DD243D14BEEBC71771885C89`
`.edata`	`0x000c4000`	154 bytes	512 bytes	1.87 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`43F8D31E224BBD887C839F21E694B898`
`.tls`	`0x000c5000`	24 bytes	0 bytes	0.00 (正常)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.rdata`	`0x000c6000`	93 bytes	512 bytes	1.38 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`8F2F090ACD9622C88A6A852E72F94E96`
`.rsrc`	`0x000c7000`	122,246 bytes	122,368 bytes	3.18 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`0549DDB120949F4060241C1E5F7BEB74`

资源分析

▼

资源总数: 24 (120,876 字节)

资源类型	数量	总大小	百分比
RT_ICON	7	108,694 字节	89.9%
RT_STRING	11	8,040 字节	6.7%
RT_RCDATA	3	768 字节	0.6%
RT_GROUP_ICON	1	104 字节	0.1%
RT_VERSION	1	1,440 字节	1.2%
RT_MANIFEST	1	1,830 字节	1.5%

证书链分析

▼

证书 #1

主题	WEBDISCOVER MEDIA WEBDISCOVER MEDIA CA
颁发者	Symantec Class 3 SHA256 Code Signing CA
序列号	`11722363034421067546445672440083655041`

证书 #2

主题	Symantec Class 3 SHA256 Code Signing CA Symantec Corporation US
颁发者	VeriSign Class 3 Public Primary Certification Authority - G5
序列号	`81710363848389238104995526639509734954`

证书验证状态

Chain verification from CN=WEBDISCOVER MEDIA, O=WEBDISCOVER MEDIA, L=Victoria, ST=British Columbia, C=CA (serial:11722363034421067546445672440083655041, sha1:b2e2fefbfb0b0da5c37ae87f5c562c05e30b0522) failed: The path could not be validated because the end-entity certificate expired 2021-04-11 23:59:59Z

建议: 验证文件来源并确保它来自可信的发布者.

发表评论

文件名	WebDiscover-4.71.2.exe
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
扫描器版本	1.0.139.174
数据库版本	2023-09-15 12:03:27 UTC

WebDiscover-4.71.2.exe PUP WebDiscoverBrowser 分析

技术分析

PUP.Win32.WebDiscoverBrowser.dd!c

扫描另一个文件

文件识别