Setup it IT DBWQN 2DHPP 7XGRH MKDFW JFK6D 2024 exe (Office Deployment Tool) Office Deployment Tool 文件恶意软件分析

Setup_it-IT_DBWQN-2DHPP-7XGRH-MKDFW-JFK6D_2024.exe (Office_Deployment_Tool) 文件分析

更新于 8 months ago

检查者 Malware Check

Setup_it-IT_DBWQN-2DHPP-7XGRH-MKDFW-JFK6D_2024.exe

哈希类型	值	操作
MD5	1487c175a066a5f5aec5a72ffdd9ae3d
SHA1	ce75d1580d0a6364b0113a61895509a2a364b2b2
SHA256	f9cb255376f334bf2dae9a78136c6268dccf4e167bff93217eeb8b45f7ac49c1
SHA512	7518615e8d533db68c6be794b2a52a78848eb9d168f66ac7ae304f251a556d7f19ba57814df90d9e1b32047ad39326909900c30efe37ce6673a44e50d12d7cf8
ImpHash	aa9f3a2087e12b9bb85387e33424b173

哈希类型

值

操作

MD5

1487c175a066a5f5aec5a72ffdd9ae3d

SHA1

ce75d1580d0a6364b0113a61895509a2a364b2b2

SHA256

f9cb255376f334bf2dae9a78136c6268dccf4e167bff93217eeb8b45f7ac49c1

SHA512

7518615e8d533db68c6be794b2a52a78848eb9d168f66ac7ae304f251a556d7f19ba57814df90d9e1b32047ad39326909900c30efe37ce6673a44e50d12d7cf8

ImpHash

aa9f3a2087e12b9bb85387e33424b173

PE 分析

基本信息

▼

图标	哈希: cf8b3d44cc80ac3d3f5b2c3f6848133a 模糊: 71fcd2e860bbcd562ce257f969072383 dHash: e0c8ccc6c6c6c0e0
映像基址	`0x00400000`
入口点	`0x008ebeb0`
编译时间	2024-03-19 19:35:24
校验和	0x00ccfc7d (实际: 0x00ccfc7d)
操作系统版本	6.0
PEiD 签名	`PE32 executable (console) Intel 80386, for MS Windows`
PDB 路径	`D:\a\_work\1\s\artifacts\obj\coreclr\windows.x86.Release\Corehost.Static\singlefilehost.pdb`
数字签名	An error occurred while validating the countersignature: The root Certum Trusted Network CA 2 lists its extended key usages, but {'time_stamping'} are not present
导入	17 库
导出	5 函数
资源	10 资源
节	8 节

版本信息

▼

Translation	0x0000 0x04b0
CompanyName	Office_Deployment_Tool
FileDescription	Office_Deployment_Tool
FileVersion	1.0.0.0
InternalName	Office_Deployment_Tool.dll
LegalCopyright
OriginalFilename	Office_Deployment_Tool.dll
ProductName	Office_Deployment_Tool
ProductVersion	1.0.0+1985d1889c3f41f18b3edf7274cf3d88ac061d4d
Assembly Version	1.0.0.0

PE 节

▼

名称	虚拟地址	虚拟大小	原始大小	熵	特征	MD5
`.text`	`0x00001000`	5,487,050 bytes	5,487,104 bytes	6.56 (压缩)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`27028F6C227E03E80EDD3FA24FA8760B`
`.CLR_UEF`	`0x0053d000`	68 bytes	512 bytes	0.96 (正常)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`F2B641ED546BF3BC31D08DEC881D9E8C`
`.rdata`	`0x0053e000`	1,281,134 bytes	1,281,536 bytes	5.15 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`C8DF93EE833A4A778AD2DDFF72671A8F`
`.data`	`0x00677000`	80,836 bytes	29,184 bytes	3.81 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`C298453753D5BC98E8D564A93CCED00F`
`.didat`	`0x0068b000`	28 bytes	512 bytes	0.26 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`34950FE11F3A721D87970A33D0128597`
`_RDATA`	`0x0068c000`	69,392 bytes	69,632 bytes	5.36 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`211089D7D672E1712B48C26D0BDC0A1B`
`.rsrc`	`0x0069d000`	1,351,056 bytes	1,351,168 bytes	6.24 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`0140BA018E8A1F17276ED2DD8AF87D00`
`.reloc`	`0x007e7000`	261,920 bytes	262,144 bytes	6.67 (压缩)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`863392D201BA4CD20AC6B106854BDF4F`

熵分析警报

2 检测到较高熵（≥6.5）的节 - 可能存在压缩

资源分析

▼

资源总数: 10 (1,350,288 字节)

资源类型	数量	总大小	百分比
RT_ICON	4	82,656 字节	6.1%
RT_RCDATA	3	1,266,152 字节	93.8%
RT_GROUP_ICON	1	62 字节	0%
RT_VERSION	1	928 字节	0.1%
RT_MANIFEST	1	490 字节	0%

证书链分析

▼

证书 Information

产品	Office_Deployment_Tool
描述	Office_Deployment_Tool
文件版本	1.0.0.0
原始名称	Office_Deployment_Tool.dll
签名日期	11:18 AM 11/29/2024 (385 天前)
验证状态	Signed
签名者	AGM Software OÜ; Certum Extended Validation Code Signing 2021 CA; Certum Trusted Network CA 2; Certum Trusted Network CA
副签名者	Certum Timestamp 2023; Certum Timestamping 2021 CA; Certum Trusted Network CA 2; Certum Trusted Network CA
内部名称	Office_Deployment_Tool.dll

证书链摘要

.NET DAC #1 主要

有效期: 2024-01-11 20:05:37 → 2025-01-10 20:05:37

签名算法: sha256RSA

序列号: 33 00 00 05 63 7E FC 35 2E 2D 23 08 E3 00 00 00 00 05 63

Microsoft Code Signing PCA 2010 #2 链

有效期: 2010-07-06 20:40:17 → 2025-07-06 20:50:17

签名算法: sha256RSA

序列号: 61 0C 52 4C 00 00 00 00 00 03

Microsoft Time-Stamp Service #3 链

有效期: 2023-10-12 19:06:59 → 2025-01-10 19:06:59

签名算法: sha256RSA

序列号: 33 00 00 01 DA 8E D5 C9 5A 00 D1 11 B1 00 01 00 00 01 DA

Microsoft Time-Stamp PCA 2010 #4 链

有效期: 2021-09-30 18:22:25 → 2030-09-30 18:32:25

签名算法: sha256RSA

序列号: 33 00 00 00 15 C5 E7 6B 9E 02 9B 49 99 00 00 00 00 00 15

Certum Trusted Network CA 2 #5 链

有效期: 2021-05-31 06:43:06 → 2029-09-17 06:43:06

签名算法: sha384RSA

序列号: 1B B5 8F 25 2A DF 23 00 49 28 C9 AE 3D 7E ED 27

Certum Timestamp 2023 #6 链

有效期: 2023-11-02 08:32:23 → 2034-10-30 08:32:23

签名算法: sha384RSA

序列号: 09 C5 CC F8 BB 66 7D 71 37 AA C1 59 80 06 CB 31

Certum Timestamping 2021 CA #7 链

有效期: 2021-05-19 05:32:07 → 2036-05-18 05:32:07

签名算法: sha384RSA

序列号: E7 FF 69 C7 3B 35 CE 4B 91 26 D8 74 7C 68 A5 87

Certum Extended Validation Code Signing 2021 CA #8 链

有效期: 2021-05-19 05:32:13 → 2036-05-18 05:32:13

签名算法: sha384RSA

序列号: BB F0 CC B5 B7 B8 31 FD 21 AE 32 77 8A E4 0C 89

AGM Software OÜ #9 链

有效期: 2024-05-17 12:08:57 → 2025-05-17 12:08:56

签名算法: sha256RSA

序列号: 04 51 56 00 AF 94 B0 95 1F B6 28 12 AD D4 70 B6

✓ 此文件已进行数字签名，证书链已验证。

签名确保文件的完整性和发布者的真实性。
时间戳证明签名的应用时间。

证书验证状态

An error occurred while validating the countersignature: The root Certum Trusted Network CA 2 lists its extended key usages, but {'time_stamping'} are not present

建议: 验证文件来源并确保它来自可信的发布者.

发表评论

文件名	Setup_it-IT_DBWQN-2DHPP-7XGRH-MKDFW-JFK6D_2024.exe
文件类型	PE32 executable (console) Intel 80386, for MS Windows
扫描器版本	1.0.214.174
数据库版本	2025-04-22 23:00:27 UTC

Setup_it-IT_DBWQN-2DHPP-7XGRH-MKDFW-JFK6D_2024.exe (Office_Deployment_Tool) 文件分析

技术分析

干净文件

扫描另一个文件

文件识别

PE 分析

基本信息

版本信息

PE 节

熵分析警报

资源分析

证书链分析

证书 Information

证书链摘要

证书验证状态

记住：这是在线病毒扫描器的结果

保护您的系统

发表评论

Gridinsoft Anti-Malware