| 文件名 | FMediaLibraryView.dll |
| 文件类型 |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.181.174 |
| 数据库版本 | 2024-07-07 00:00:24 UTC |
恶意软件家族: Packed
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
9c95bb879b15e54eff514aa2b022f445
|
|
| SHA1 |
9e9c943c3dd7178f1071ad775ab92e0bf22c0854
|
|
| SHA256 |
ed94dad0e2dd00be12d8d8053006e38587c59f836937adba12b039c3c28f600b
|
|
| SHA512 |
a635d932c3a903973c71f202427f9c795ad2f57b1ee6000d2bb8579c91d3cb4e2f8918e627dc190d22815411704f791ab5c36da530c5c0a57b9730de9298a490
|
|
| ImpHash |
a96a5ebb1bb01ec4667a7500db07343e
|
| 图标 |
哈希: a4c09c4859e5ebf0c25d5741e4dcf096
模糊: f3a8cd694b22d7e9f267a395d00d9ba9 dHash: c69a727219ccb2b2 |
| 映像基址 | 0x180000000 |
| 入口点 | 0x180e81058 |
| 编译时间 | 2024-05-13 06:37:38 |
| 校验和 | 0x007e564e (实际: 0x007e564e) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
| 数字签名 | The PE file does not contain a certificate table. |
| 导入 | 32 库 |
| 导出 | 1774 函数 |
| 资源 | 12 资源 |
| 节 | 13 节 |
| CompanyName | Wondershare |
| FileDescription | FMediaLibraryView |
| FileVersion | 13, 3, 12, 7152 |
| InternalName | FMediaLibraryView |
| LegalCopyright | Copyright (c) 2020-2024 Wondershare. All rights reserved. |
| OriginalFilename | FMediaLibraryView |
| ProductName | FMediaLibraryView |
| ProductVersion | 13.3.12.7152 |
| Translation | 0x0804 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
|
0x00001000 |
3,847,337 bytes | 1,261,568 bytes | 7.99 (打包/加密) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
5A128DD0A5F192DAFAC914C597F0C172 |
|
0x003ad000 |
1,827,788 bytes | 463,872 bytes | 7.95 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
C3D28D05392E0DDD0E991A973CEE7501 |
|
0x0056c000 |
104,928 bytes | 23,040 bytes | 7.95 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
E423EBFAB94BD1E83F0BAD20164F4569 |
|
0x00586000 |
226,152 bytes | 141,312 bytes | 7.75 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
B04F852F3C797DF60178C6C9FB2DF274 |
|
0x005be000 |
196,416 bytes | 55,808 bytes | 7.95 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
BF520A3A21FC55916DD72F9F5CA93E5A |
|
0x005ee000 |
50,904 bytes | 19,968 bytes | 7.50 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
5F5C734270A86CF7D170AF531D06E31C |
.edata |
0x005fb000 |
130,560 bytes | 130,560 bytes | 5.66 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
B6A4173DC774F018CC542D71866ADB89 |
.idata |
0x0061b000 |
4,096 bytes | 3,072 bytes | 4.66 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
B49F11F6824341354A0A2E70D0DC4303 |
.tls |
0x0061c000 |
4,096 bytes | 512 bytes | 0.28 (正常) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
F1F66AD376A0EE6E48829000D1CBB256 |
.rsrc |
0x0061d000 |
196,608 bytes | 196,608 bytes | 5.95 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
B1FE636C0EB048750C5AF4AF70F989CC |
.themida |
0x0064d000 |
8,601,600 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.boot |
0x00e81000 |
5,921,792 bytes | 5,921,792 bytes | 7.95 (打包/加密) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
37CC54F3C4692F18E2B71272D18CE0E3 |
.reloc |
0x01427000 |
4,096 bytes | 16 bytes | 2.47 (正常) |
IMAGE_SCN_MEM_READ
|
912E040113ADC71A247B5129D8D1D633 |
7 检测到高熵(≥7.5)的节 - 可能存在打包/加密
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 9 | 194,325 字节 | |
| RT_GROUP_ICON | 1 | 132 字节 | |
| RT_VERSION | 1 | 844 字节 | |
| RT_MANIFEST | 1 | 381 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The PE file does not contain a certificate table.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
