| 文件名 | Wicked R6.exe |
| 文件类型 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 扫描器版本 | 1.0.217.174 |
| 数据库版本 | 2025-05-25 01:00:12 UTC |
恶意软件家族: Generic
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
05c831bea2a1c04324d15eed2f9aa68c
|
|
| SHA1 |
55d41535a978b3cfc08ea22dca74d819c1f9f6fa
|
|
| SHA256 |
eb38c3cc6776c389442b5d3f91b2ef5e16e067a2b4a0c6503d52c651f3317926
|
|
| SHA512 |
1d1dc780b15efb48b28468798abe3318007966331b2c28629d031c7276559b8c8b8ea379d716986b8973f8a0691894c7fb89b06956059648b71d58d5c3594a65
|
|
| ImpHash |
4328f7206db519cd4e82283211d98e83
|
| 图标 |
哈希: 6bad5f9739f3152aeeff9984c0c7edb5
模糊: 02796805747ac4fb48e9f9fbc21422ea dHash: 69ccaa96cccccc71 |
| 映像基址 | 0x00400000 |
| 入口点 | 0x013f6058 |
| 编译时间 | 2025-04-25 21:12:30 |
| 校验和 | 0x00dad1a0 (实际: 0x00dad1a0) |
| 操作系统版本 | 4.0 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 数字签名 | No valid SignedData structure was found. |
| 导入 |
2 库
kernel32, mscoree |
| 导出 | 0 函数 |
| 资源 | 9 资源 |
| 节 | 7 节 |
| Translation | 0x0000 0x04b0 |
| FileDescription | |
| FileVersion | 1.0.0.0 |
| InternalName | Done.exe |
| LegalCopyright | |
| OriginalFilename | Done.exe |
| ProductVersion | 1.0.0.0 |
| Assembly Version | 1.0.0.0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
|
0x00002000 |
10,764,288 bytes | 10,763,776 bytes | 8.00 (打包/加密) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
D337B23C81509950035DF1861C76B7CF |
|
0x00a46000 |
103,224 bytes | 5,120 bytes | 7.78 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
32BEBC0EE226F31578FEF73B69C1EE38 |
|
0x00a60000 |
12 bytes | 512 bytes | 1.54 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
BCECE59EDF8E86216B07C6E7EF0A0239 |
.idata |
0x00a62000 |
8,192 bytes | 512 bytes | 1.14 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
789E034E4DD64A4C880473D8E5D267B8 |
.rsrc |
0x00a64000 |
103,424 bytes | 103,424 bytes | 5.26 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
3DB21710D9B1C7250DC481C4E08A538B |
.themida |
0x00a7e000 |
5,734,400 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.boot |
0x00ff6000 |
3,435,520 bytes | 3,435,520 bytes | 7.96 (打包/加密) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
10104A5E0C6885D0A7552510B05E0D13 |
3 检测到高熵(≥7.5)的节 - 可能存在打包/加密
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 6 | 101,524 字节 | |
| RT_GROUP_ICON | 1 | 90 字节 | |
| RT_VERSION | 1 | 572 字节 | |
| RT_MANIFEST | 1 | 490 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
No valid SignedData structure was found.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
