VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
文件信息
安全评分 :81
基本信息
MD5:2ef18e8f9df5a2428ae212c92bcdce86
文件类型:EXE
出品公司:Microsoft Corporation
版本:1.0.100.0---1.0.0100.0 (MSFixit.110613-2113)
壳或编译器信息:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [Overlay] *
子文件信息:Autorun.exe / 37ed3704270cf06440dc8ff3a97f0b76 / EXE
Autorun.resources.dll / ee438ba3d3f7f9eaf6bca1b58934d0bc / DLL
Autorun.resources.dll / ba5244a4f23d2b4fc6b4978653beb7b8 / DLL
Autorun.resources.dll / f8ae693ce900c070fa52673f0626f984 / DLL
Autorun.resources.dll / e5f59dfd05c15462dda0c9d40eca2409 / DLL
Autorun.resources.dll / e49bcd932def4e2696ae297109f0c965 / DLL
Lts.dll / 0bb6bdf5c6b40b753520c9b9cb96747f / DLL
Lts.dll / b1cd3050f7241e4a238f1c08766df4c8 / DLL
autorun.inf / 20dc8596b3f5bd9c89ebd2a455bbde3a / Unknown
关键行为
行为描述:检测自身是否被调试
详情信息:N/A
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述:直接获取CPU时钟
详情信息:N/A
行为描述:获取TickCount值
详情信息:TickCount = 5427812, SleepMilliseconds = 60000.
TickCount = 5427843, SleepMilliseconds = 60000.
TickCount = 5427875, SleepMilliseconds = 60000.
TickCount = 5427890, SleepMilliseconds = 60000.
TickCount = 5428000, SleepMilliseconds = 60000.
TickCount = 5428015, SleepMilliseconds = 60000.
TickCount = 5428046, SleepMilliseconds = 60000.
TickCount = 5428062, SleepMilliseconds = 60000.
TickCount = 5428203, SleepMilliseconds = 60000.
TickCount = 5428234, SleepMilliseconds = 60000.
TickCount = 5428250, SleepMilliseconds = 60000.
TickCount = 5428265, SleepMilliseconds = 60000.
TickCount = 5428281, SleepMilliseconds = 60000.
TickCount = 5428828, SleepMilliseconds = 60000.
TickCount = 5428843, SleepMilliseconds = 60000.
进程行为
行为描述:创建本地线程
详情信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2904, ThreadID = 2944, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2904, ThreadID = 3016, StartAddress = 765E964D, Parameter = 000E63A0
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2904, ThreadID = 3020, StartAddress = 7C949B6F, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2904, ThreadID = 3024, StartAddress = 759D8761, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2904, ThreadID = 3040, StartAddress = 757D4D37, Parameter = 001284D8
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2904, ThreadID = 3048, StartAddress = 757D4D37, Parameter = 0012A788
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2904, ThreadID = 3052, StartAddress = 757D4D37, Parameter = 001335A8
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2904, ThreadID = 3132, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2904, ThreadID = 3136, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: Autorun.exe, InheritedFromPID = 2904, ProcessID = 3152, ThreadID = 3160, StartAddress = 79F0237F, Parameter = 00000000
TargetProcess: Autorun.exe, InheritedFromPID = 2904, ProcessID = 3152, ThreadID = 3164, StartAddress = 79F91FCF, Parameter = 001B0FE8
TargetProcess: Autorun.exe, InheritedFromPID = 2904, ProcessID = 3152, ThreadID = 3168, StartAddress = 765E964D, Parameter = 001C01A0
TargetProcess: Autorun.exe, InheritedFromPID = 2904, ProcessID = 3152, ThreadID = 3172, StartAddress = 7C949B6F, Parameter = 00000000
TargetProcess: Autorun.exe, InheritedFromPID = 2904, ProcessID = 3152, ThreadID = 3176, StartAddress = 759D8761, Parameter = 00000000
TargetProcess: Autorun.exe, InheritedFromPID = 2904, ProcessID = 3152, ThreadID = 3292, StartAddress = 757D4D37, Parameter = 001FE9B0
行为描述:创建新文件进程
详情信息:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FixitCenter_run-Temp\Autorun.exe, CmdLine = /xmlurl "http://go.microsoft.com/fwlink/?LinkId=186417,msxml6_x86.msi" /psurl "http://go.microsoft.com/fwlink/?LinkID=164073,WindowsXP-KB926139-v2-x86-ENU.exe" /clienturl "http://go.microsoft.com/fwlink/?LinkID=186221,fixitcenter_setup_x86.msi"
行为描述:枚举进程
详情信息:N/A
文件行为
行为描述:创建文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\FixitCenter_RunRes.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\de-DE\FixitCenter_runRes.dll.mui
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\es-ES\FixitCenter_runRes.dll.mui
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\fr-FR\FixitCenter_runRes.dll.mui
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\ja-JP\FixitCenter_runRes.dll.mui
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\zh-CN\FixitCenter_runRes.dll.mui
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\autorun.inf
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\Autorun.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\lts.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\de\Autorun.resources.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\es\Autorun.resources.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\fr\Autorun.resources.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\ja\Autorun.resources.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\zh-CHS\Autorun.resources.dll
行为描述:创建可执行文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\FixitCenter_RunRes.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\de-DE\FixitCenter_runRes.dll.mui
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\es-ES\FixitCenter_runRes.dll.mui
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\fr-FR\FixitCenter_runRes.dll.mui
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\ja-JP\FixitCenter_runRes.dll.mui
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\zh-CN\FixitCenter_runRes.dll.mui
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\Autorun.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\lts.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\de\Autorun.resources.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\es\Autorun.resources.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\fr\Autorun.resources.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\ja\Autorun.resources.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\zh-CHS\Autorun.resources.dll
行为描述:覆盖已有文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
行为描述:查找文件
详情信息:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates\*
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs\*
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs\*
FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\WINDOWS\Microsoft.NET\Framework\\*
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述:修改文件内容
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\FixitCenter_RunRes.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\de-DE\FixitCenter_runRes.dll.mui ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\es-ES\FixitCenter_runRes.dll.mui ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\es-ES\FixitCenter_runRes.dll.mui ---> Offset = 2464
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\fr-FR\FixitCenter_runRes.dll.mui ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\ja-JP\FixitCenter_runRes.dll.mui ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\ja-JP\FixitCenter_runRes.dll.mui ---> Offset = 7488
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\zh-CN\FixitCenter_runRes.dll.mui ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\autorun.inf ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\Autorun.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\Autorun.exe ---> Offset = 30871
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\Autorun.exe ---> Offset = 63639
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\Autorun.exe ---> Offset = 96407
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\Autorun.exe ---> Offset = 129175
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\lts.dll ---> Offset = 0
网络行为
行为描述:连接指定站点
详情信息:WinHttpConnect: ServerName = cr****om, PORT = 80, UserName = , Password = , hSession = 0x00fe2000, hConnect = 0x00fe2100, Flags = 0x00000000
WinHttpConnect: ServerName = cr****om, PORT = 80, UserName = , Password = , hSession = 0x03b72000, hConnect = 0x03b72100, Flags = 0x00000000
WinHttpConnect: ServerName = su****om, PORT = 443, UserName = , Password = , hSession = 0x03b73000, hConnect = 0x03b73100, Flags = 0x00000000
WinHttpConnect: ServerName = su****om, PORT = 443, UserName = , Password = , hSession = 0x03b73000, hConnect = 0x03b73200, Flags = 0x00000000
WinHttpConnect: ServerName = su****om, PORT = 443, UserName = , Password = , hSession = 0x03b73000, hConnect = 0x03b73400, Flags = 0x00000000
WinHttpConnect: ServerName = cr****om, PORT = 80, UserName = , Password = , hSession = 0x041c0000, hConnect = 0x041c0100, Flags = 0x00000000
行为描述:打开HTTP连接
详情信息:WinHttpOpen: UserAgent: Microsoft-CryptoAPI/5.131.2600.5512, hSession = 0x00fe2000
WinHttpOpen: UserAgent: Microsoft-CryptoAPI/5.131.2600.5512, hSession = 0x03b72000
WinHttpOpen: UserAgent: PQOSoapClient, hSession = 0x03b73000
WinHttpOpen: UserAgent: Microsoft-CryptoAPI/5.131.2600.5512, hSession = 0x041c0000
行为描述:建立到一个指定的套接字连接
详情信息:URL: w****., IP: **.133.40.**:80, SOCKET = 0x000004ec
URL: w****., IP: **.133.40.**:80, SOCKET = 0x000004e4
URL: cr****om, IP: **.133.40.**:80, SOCKET = 0x000004e8
URL: w****., IP: **.133.40.**:80, SOCKET = 0x00000594
URL: w****., IP: **.133.40.**:80, SOCKET = 0x000004e8
URL: cr****om, IP: **.133.40.**:80, SOCKET = 0x00000594
URL: w****., IP: **.133.40.**:80, SOCKET = 0x00000370
URL: w****., IP: **.133.40.**:80, SOCKET = 0x00000378
URL: cr****om, IP: **.133.40.**:80, SOCKET = 0x00000374
URL: w****., IP: **.133.40.**:80, SOCKET = 0x000002c8
URL: w****., IP: **.133.40.**:80, SOCKET = 0x000003f0
URL: su****om, IP: **.133.40.**:443, SOCKET = 0x000003e4
URL: su****om, IP: **.133.40.**:443, SOCKET = 0x0000044c
URL: su****om, IP: **.133.40.**:443, SOCKET = 0x0000045c
URL: w****., IP: **.133.40.**:80, SOCKET = 0x0000049c
行为描述:发送HTTP包
详情信息:GET /wpad.dat HTTP/1.1 Accept: */* User-Agent: Microsoft-CryptoAPI/5.131.2600.5512 Host: **.133.40.** Connection: Keep-Alive
GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1 Accept: */* User-Agent: Microsoft-CryptoAPI/5.131.2600.5512 Host: cr****om Connection: Keep-Alive Cache-Control: no-cache Pragma: no-cache
GET /pki/crl/products/CodeSigPCA.crl HTTP/1.1 Accept: */* User-Agent: Microsoft-CryptoAPI/5.131.2600.5512 Host: cr****om Connection: Keep-Alive Cache-Control: no-cache Pragma: no-cache
GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1 Accept: */* User-Agent: Microsoft-CryptoAPI/5.131.2600.5512 Host: cr****om Connection: Keep-Alive Cache-Control: no-cache Pragma: no-cache
GET /wpad.dat HTTP/1.1 Accept: */* User-Agent: PQOSoapClient Host: **.133.40.** Connection: Keep-Alive
行为描述:打开HTTP请求
详情信息:WinHttpOpenRequest: cr****om:80/pki/crl/products/microsoftrootcert.crl, hConnect = 0x00fe2100, hRequest = 0x01620000, Verb: GET, Referer: , Flags = 0x00000100
WinHttpOpenRequest: cr****om:80/pki/crl/products/codesigpca.crl, hConnect = 0x00fe2100, hRequest = 0x01620000, Verb: GET, Referer: , Flags = 0x00000100
WinHttpOpenRequest: cr****om:80/pki/crl/products/microsofttimestamppca.crl, hConnect = 0x00fe2100, hRequest = 0x01620000, Verb: GET, Referer: , Flags = 0x00000100
WinHttpOpenRequest: cr****om:80/pki/crl/products/microsoftrootcert.crl, hConnect = 0x03b72100, hRequest = 0x03be0000, Verb: GET, Referer: , Flags = 0x00000100
WinHttpOpenRequest: cr****om:80/pki/crl/products/codesigpca.crl, hConnect = 0x03b72100, hRequest = 0x03be0000, Verb: GET, Referer: , Flags = 0x00000100
WinHttpOpenRequest: su****om:443/lts/default.aspx, hConnect = 0x03b73100, hRequest = 0x03be0000, Verb: POST, Referer: , Flags = 0x00800000
WinHttpOpenRequest: su****om:443/lts/default.aspx, hConnect = 0x03b73200, hRequest = 0x03be0000, Verb: POST, Referer: , Flags = 0x00800000
WinHttpOpenRequest: su****om:443/lts/default.aspx, hConnect = 0x03b73400, hRequest = 0x03be0000, Verb: POST, Referer: , Flags = 0x00800000
WinHttpOpenRequest: cr****om:80/pki/crl/products/microsoftrootcert.crl, hConnect = 0x041c0100, hRequest = 0x041f0000, Verb: GET, Referer: , Flags = 0x00000100
WinHttpOpenRequest: cr****om:80/pki/crl/products/codesigpca.crl, hConnect = 0x041c0100, hRequest = 0x041f0000, Verb: GET, Referer: , Flags = 0x00000100
行为描述:按名称获取主机地址
详情信息:gethostbyname: w****.
GetAddrInfoW: cr****om
GetAddrInfoW: su****om
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
行为描述:删除注册表键值
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
其他行为
行为描述:检测自身是否被调试
详情信息:N/A
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
RasPbFile
Global\067C9EA5-970E-41b2-B024-52F0B2EE4E29
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Global\FICBootstrapper
MSCTF.Shared.MUTEX.ELH
行为描述:创建事件对象
详情信息:EventName = Global\crypt32LogoffEvent
EventName = Global\userenv: User Profile setup event
EventName = DINPUTWINMM
EventName = Global\CorDBIPCSetupSyncEvent_3152
行为描述:直接获取CPU时钟
详情信息:N/A
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
行为描述:窗口信息
详情信息:Pid = 3152, Hwnd=0x1040e, Text = 隐私声明, ClassName = WindowsForms10.STATIC.app.0.33c0d9d.
Pid = 3152, Hwnd=0x10412, Text = 下一步, ClassName = WindowsForms10.BUTTON.app.0.33c0d9d.
Pid = 3152, Hwnd=0x10414, Text = 取消, ClassName = WindowsForms10.BUTTON.app.0.33c0d9d.
Pid = 3152, Hwnd=0x10416, Text = 我接受本许可协议中的条款, ClassName = WindowsForms10.BUTTON.app.0.33c0d9d.
Pid = 3152, Hwnd=0x1040a, Text = MICROSOFT软件许可条款 MICROSOFT FIX IT CENTER NONE 本许可条款是 Microsoft Corporation(或您所在地的 Microsoft Corporation 关联公, ClassName = WindowsForms10.RichEdit20W.app.0.33c0d9d.
Pid = 3152, Hwnd=0x10418, Text = 请阅读并接受以下软件许可条款, ClassName = WindowsForms10.STATIC.app.0.33c0d9d.
Pid = 3152, Hwnd=0x10400, Text = Microsoft Fix it Center 安装程序, ClassName = WindowsForms10.Window.8.app.0.33c0d9d.
行为描述:获取TickCount值
详情信息:TickCount = 5427812, SleepMilliseconds = 60000.
TickCount = 5427843, SleepMilliseconds = 60000.
TickCount = 5427875, SleepMilliseconds = 60000.
TickCount = 5427890, SleepMilliseconds = 60000.
TickCount = 5428000, SleepMilliseconds = 60000.
TickCount = 5428015, SleepMilliseconds = 60000.
TickCount = 5428046, SleepMilliseconds = 60000.
TickCount = 5428062, SleepMilliseconds = 60000.
TickCount = 5428203, SleepMilliseconds = 60000.
TickCount = 5428234, SleepMilliseconds = 60000.
TickCount = 5428250, SleepMilliseconds = 60000.
TickCount = 5428265, SleepMilliseconds = 60000.
TickCount = 5428281, SleepMilliseconds = 60000.
TickCount = 5428828, SleepMilliseconds = 60000.
TickCount = 5428843, SleepMilliseconds = 60000.
行为描述:调整进程token权限
详情信息:SE_DEBUG_PRIVILEGE
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
Global\crypt32LogoffEvent
Global\userenv: Machine Group Policy has been applied
userenv: User Group Policy has been applied
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
\INSTALLATION_SECURITY_HOLD
Global\SvcctrlStartEvent_A3752DX
Global\CLR_PerfMon_StartEnumEvent
\KernelObjects\LowMemoryCondition
MSFT.VSA.COM.DISABLE.3152
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007B4.00000000.0000003F
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.0000003F
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
行为描述:可执行文件签名信息
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\FixitCenter_RunRes.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\de-DE\FixitCenter_runRes.dll.mui(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\es-ES\FixitCenter_runRes.dll.mui(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\fr-FR\FixitCenter_runRes.dll.mui(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\ja-JP\FixitCenter_runRes.dll.mui(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\zh-CN\FixitCenter_runRes.dll.mui(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\Autorun.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\lts.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\de\Autorun.resources.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\es\Autorun.resources.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\fr\Autorun.resources.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\ja\Autorun.resources.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\zh-CHS\Autorun.resources.dll(签名验证: 通过)
行为描述:调用Sleep函数
详情信息:[1]: MilliSeconds = 60000.
行为描述:获取光标位置
详情信息:CursorPos = (71,18468), SleepMilliseconds = 60000.
CursorPos = (6364,26501), SleepMilliseconds = 60000.
CursorPos = (19199,15725), SleepMilliseconds = 60000.
CursorPos = (11508,29359), SleepMilliseconds = 60000.
CursorPos = (26992,24465), SleepMilliseconds = 60000.
CursorPos = (5735,28146), SleepMilliseconds = 60000.
行为描述:可执行文件MD5
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\FixitCenter_RunRes.dll ---> 0110ecb03f46fe8bdacc2bcc6e709256
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\de-DE\FixitCenter_runRes.dll.mui ---> 791e7feedec152a109ee66ce47e2c750
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\es-ES\FixitCenter_runRes.dll.mui ---> c7306199eb5a0d3e2217398aae6024e3
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\fr-FR\FixitCenter_runRes.dll.mui ---> 5b21a918b537223819aae7a7c337b3a6
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\ja-JP\FixitCenter_runRes.dll.mui ---> 6f6b888f77892dfa578ddd9eb3b6d6f2
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_RunRes-Temp\zh-CN\FixitCenter_runRes.dll.mui ---> eaa0060d48c619d1aefbc79ae3bf1e4b
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\Autorun.exe ---> 37ed3704270cf06440dc8ff3a97f0b76
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\lts.dll ---> b1cd3050f7241e4a238f1c08766df4c8
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\de\Autorun.resources.dll ---> ee438ba3d3f7f9eaf6bca1b58934d0bc
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\es\Autorun.resources.dll ---> ba5244a4f23d2b4fc6b4978653beb7b8
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\fr\Autorun.resources.dll ---> f8ae693ce900c070fa52673f0626f984
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\ja\Autorun.resources.dll ---> e5f59dfd05c15462dda0c9d40eca2409
C:\Documents and Settings\Administrator\Local Settings\Temp\FixitCenter_run-Temp\zh-CHS\Autorun.resources.dll ---> e49bcd932def4e2696ae297109f0c965
行为描述:打开互斥体
详情信息:RasPbFile
ShimCacheMutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!IETld!Mutex
Global\CLR_CASOFF_MUTEX
Global\FICBootstrapper
Global\MicrosoftATS
Global\febba207-813b-4d82-940e-5cd83c99ae43
Global\_FixItCenter_mutex
行为描述:加载新释放的文件
详情信息:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FixitCenter_run-Temp\lts.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FixitCenter_run-Temp\zh-CHS\Autorun.resources.dll.
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号