| 文件名 | Viltrox Lens_v1.0.7.exe |
| 文件类型 |
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
| 扫描器版本 | 1.0.219.174 |
| 数据库版本 | 2025-07-08 12:00:32 UTC |
恶意软件家族: Heuristic
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
ff4be4cec8a90fb04c490c0719ddba14
|
|
| SHA1 |
5b26ca2b7ded8c38b80dace6cc564d0e84fee6eb
|
|
| SHA256 |
f0521a36934c6c61c579b58cd5ce9cd7383ec237b57ad195dae30e354db07b9b
|
|
| SHA512 |
c415444f9910db6c157ce12d121569fad351407db9f302d08d54322a4bfb58742d99f8f43a033f8f7e2d179ea7cf65b4dbc17c24d78c718194aa3f510695b2e1
|
|
| ImpHash |
2f727a975c44a2925ace416e4a5ad2d8
|
| 图标 |
哈希: 16886c67ad1f91941732c7bb1f9fad31
模糊: e1ae3e429895f0e200f5c527e4e9bc40 dHash: ccb2716971459ecc |
| 映像基址 | 0x00400000 |
| 入口点 | 0x00401480 |
| 编译时间 | 2025-06-17 06:51:38 |
| 校验和 | 0x01f7ba40 (实际: 0x01f7ba40) |
| 操作系统版本 | 4.0 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
| 数字签名 | OK |
| 导入 |
8 库
kernel32, user32, advapi32, oleaut32, ole32, ntdll, SHFolder, shlwapi |
| 导出 | 25 函数 |
| 资源 | 7 资源 |
| 节 | 13 节 |
| CompanyName | LYLens |
| FileDescription | Viltrox Lens PC |
| FileVersion | 1.0.7.0 |
| LegalCopyright | Copyright 漏 2023 |
| OriginalFilename | Viltrox Lens.exe |
| ProductName | Viltrox Lens PC |
| ProductVersion | 1.0.7.0 |
| Translation | 0x0800 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
305,488 bytes | 305,664 bytes | 6.23 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_16BYTES
|
2CA0F0356A82B2942CA47C841E73D12A |
.data |
0x0004c000 |
1,432 bytes | 1,536 bytes | 6.62 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES
|
2D4096F4D53FEDA0D5F08991E9A47B93 |
.rdata |
0x0004d000 |
2,545,120 bytes | 2,545,152 bytes | 7.98 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_32BYTES
|
98828FF54B6DAD5E30D593EF44958C97 |
.eh_fram |
0x002bb000 |
22,940 bytes | 23,040 bytes | 5.06 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES
|
92A10D37DD520F56409CA9D2BE082822 |
.bss |
0x002c1000 |
15,916 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES
|
D41D8CD98F00B204E9800998ECF8427E |
.edata |
0x002c5000 |
774 bytes | 1,024 bytes | 4.23 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES
|
BCFB25DB3BD3A5F0ABC60652CF27BB35 |
.idata |
0x002c6000 |
22,904 bytes | 23,040 bytes | 5.81 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES
|
12CB05FD376525FBC29810F6FF67E1A9 |
.CRT |
0x002cc000 |
52 bytes | 512 bytes | 0.28 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES
|
865D38D25408CFD5FF83AD25F0C04317 |
.tls |
0x002cd000 |
8 bytes | 512 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES
|
BF619EAC0CDF3F68D496EA9344137E8B |
.rsrc |
0x002ce000 |
42,744 bytes | 43,008 bytes | 7.23 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES
|
01AFE7865F03204B1957FAB2D05727C9 |
.reloc |
0x002d9000 |
26,664 bytes | 27,136 bytes | 6.65 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES
|
B068F4464AE662D732E9DDC6E725EEBD |
.enigma1 |
0x002e0000 |
4,096 bytes | 29,716,480 bytes | 7.94 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
C03C3C0E3858D7ED86EFC5CB9F446E7C |
.enigma2 |
0x002e1000 |
307,200 bytes | 307,200 bytes | 5.95 (正常) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
F0A01B8928B21BC018986C0DE0105E50 |
2 检测到高熵(≥7.5)的节 - 可能存在打包/加密
3 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 5 | 41,557 字节 | |
| RT_GROUP_ICON | 1 | 76 字节 | |
| RT_VERSION | 1 | 652 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
OK
按照以下步骤完全从系统中移除威胁
