| 文件名 | Arly.exe |
| 文件类型 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 扫描器版本 | 1.0.216.174 |
| 数据库版本 | 2025-05-15 02:00:23 UTC |
恶意软件家族: Kryptik
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
89494f7d3075c544724d1df87332adf5
|
|
| SHA1 |
625d63d9eab84d4c355827a9064bf89813fc7cdc
|
|
| SHA256 |
edc47e009c0a16f73c2993ea14d2f1bacf4023bbe25668db8d7a3e904817a689
|
|
| SHA512 |
2deb714aed91c84a4f642200483f2980cf845da62f615091153169fbc905ab748a09335ef0ecfdb315f0232d2675d28bdb2a161a97c73d52091b41e854136eaa
|
|
| ImpHash |
3e2a6ecfffc5d43a7565ef87874e92c4
|
| 映像基址 | 0x140000000 |
| 入口点 | 0x14002afe8 |
| 编译时间 | 2025-05-11 17:09:05 |
| 校验和 | 0x000bd50a (实际: 0x000bd3fc) |
| 操作系统版本 | 6.0 |
| PEiD 签名 |
PE32+ executable (GUI) x86-64, for MS Windows
|
| 数字签名 | The expected hash does not match the digest in SpcInfo |
| 导入 |
1 库
KERNEL32 |
| 导出 | 0 函数 |
| 资源 | 1 资源 |
| 节 | 11 节 |
| CompanyName | Microsoft Corporation |
| FileDescription | TCP/IP Netstat Command |
| FileVersion | 10.0.19041.1 (WinBuild.160101.0800) |
| InternalName | netstat.exe |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | netstat.exe |
| ProductName | Microsoft® Windows® Operating System |
| ProductVersion | 10.0.19041.1 |
| Translation | 0x0409 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
261,898 bytes | 262,144 bytes | 7.00 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
BDCAFBE799AACC0523FA797F60F7FC36 |
.rdata |
0x00041000 |
50,100 bytes | 50,176 bytes | 4.98 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
F4F0059F121B79ACDDC718CC299862B4 |
.data |
0x0004e000 |
11,752 bytes | 4,096 bytes | 2.68 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D1E8B1E538EB15466E57821B40C99685 |
.pdata |
0x00051000 |
6,936 bytes | 7,168 bytes | 5.39 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
223FFC39A68C0D84C495A09503F514C7 |
.OBM |
0x00053000 |
32,532 bytes | 32,768 bytes | 6.75 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
5180D2C09D907BE6DC4E968CC56571C6 |
.gxfg |
0x0005b000 |
5,232 bytes | 5,632 bytes | 4.85 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
984C1B53081E2E466A5C3C08EFC2697B |
.retplne |
0x0005d000 |
140 bytes | 512 bytes | 1.05 (正常) |
0x00000000
|
8C950F651287CBC1296BCB4E8CD7E990 |
_RDATA |
0x0005e000 |
500 bytes | 512 bytes | 4.22 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
3795A243E7A5ECC896007595FACA93E4 |
.reloc |
0x0005f000 |
1,944 bytes | 2,048 bytes | 5.35 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
4FB0D4C13CDA18FEE1BEA4669EFD339C |
.bss |
0x00060000 |
349,184 bytes | 349,184 bytes | 8.00 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
ACA5D0531939AC1FC6AC6057EFDB6CF9 |
.rsrc |
0x000b6000 |
1,012 bytes | 1,024 bytes | 3.31 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
AE4054FED7D9660E9CED308EDE66F61F |
1 检测到高熵(≥7.5)的节 - 可能存在打包/加密
2 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_VERSION | 1 | 924 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The expected hash does not match the digest in SpcInfo
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
