VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
文件信息
安全评分 :80
基本信息
MD5:30976639ee3181fafaafc1e06092a3c7
文件类型:EXE
出品公司:Hamrick Software
版本:9.5.71.0---9.5.71
壳或编译器信息:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [Overlay] *
子文件信息:lan_en.txt / 374b5717c78e3a54c6935fd6516202f3 / Unknown
lan_el.txt / 663a084c2f8644689a539bd013ff5148 / Unknown
关键行为
行为描述:跨进程写入数据
详情信息:TargetProcess = C:\Program Files\VueScan\vuescan.exe, WriteAddress = 0x00050000, Size = 0x000005dc TargetPID = 0x00000d80
TargetProcess = C:\Program Files\VueScan\vuescan.exe, WriteAddress = 0x7ffdf1e8, Size = 0x00000004 TargetPID = 0x00000d80
TargetProcess = C:\Program Files\VueScan\vuescan.exe, WriteAddress = 0x00060000, Size = 0x00000020 TargetPID = 0x00000d80
TargetProcess = C:\Program Files\VueScan\vuescan.exe, WriteAddress = 0x00060020, Size = 0x00000034 TargetPID = 0x00000d80
TargetProcess = C:\Program Files\VueScan\vuescan.exe, WriteAddress = 0x7ffdf238, Size = 0x00000004 TargetPID = 0x00000d80
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\VueScan\dpinst32.exe, WriteAddress = 0x00050000, Size = 0x000005dc TargetPID = 0x00000b70
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\VueScan\dpinst32.exe, WriteAddress = 0x7ffdd1e8, Size = 0x00000004 TargetPID = 0x00000b70
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\VueScan\dpinst32.exe, WriteAddress = 0x00060000, Size = 0x00000020 TargetPID = 0x00000b70
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\VueScan\dpinst32.exe, WriteAddress = 0x00060020, Size = 0x00000034 TargetPID = 0x00000b70
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\VueScan\dpinst32.exe, WriteAddress = 0x7ffdd238, Size = 0x00000004 TargetPID = 0x00000b70
行为描述:直接获取CPU时钟
详情信息:EAX = 0x76f51a2a, EDX = 0x00000077
EAX = 0x8195e743, EDX = 0x00000077
EAX = 0x841db6cc, EDX = 0x00000077
EAX = 0xf8050b40, EDX = 0x00000078
EAX = 0xfff2d929, EDX = 0x00000078
EAX = 0xfff2d975, EDX = 0x00000078
EAX = 0xfff2d9c1, EDX = 0x00000078
EAX = 0x052da87a, EDX = 0x00000079
行为描述:在桌面创建文件
详情信息:C:\Users\Public\Desktop\VueScan x32.lnk
进程行为
行为描述:隐藏窗口创建进程
详情信息:ImagePath = C:\Users\ADMINI~1\AppData\Local\Temp\VueScan\dpinst32.exe, CmdLine = dpinst /sw /sa /path "C:\Users\ADMINI~1\AppData\Local\Temp\VueScan"
行为描述:跨进程写入数据
详情信息:TargetProcess = C:\Program Files\VueScan\vuescan.exe, WriteAddress = 0x00050000, Size = 0x000005dc TargetPID = 0x00000d80
TargetProcess = C:\Program Files\VueScan\vuescan.exe, WriteAddress = 0x7ffdf1e8, Size = 0x00000004 TargetPID = 0x00000d80
TargetProcess = C:\Program Files\VueScan\vuescan.exe, WriteAddress = 0x00060000, Size = 0x00000020 TargetPID = 0x00000d80
TargetProcess = C:\Program Files\VueScan\vuescan.exe, WriteAddress = 0x00060020, Size = 0x00000034 TargetPID = 0x00000d80
TargetProcess = C:\Program Files\VueScan\vuescan.exe, WriteAddress = 0x7ffdf238, Size = 0x00000004 TargetPID = 0x00000d80
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\VueScan\dpinst32.exe, WriteAddress = 0x00050000, Size = 0x000005dc TargetPID = 0x00000b70
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\VueScan\dpinst32.exe, WriteAddress = 0x7ffdd1e8, Size = 0x00000004 TargetPID = 0x00000b70
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\VueScan\dpinst32.exe, WriteAddress = 0x00060000, Size = 0x00000020 TargetPID = 0x00000b70
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\VueScan\dpinst32.exe, WriteAddress = 0x00060020, Size = 0x00000034 TargetPID = 0x00000b70
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\VueScan\dpinst32.exe, WriteAddress = 0x7ffdd238, Size = 0x00000004 TargetPID = 0x00000b70
行为描述:创建新文件进程
详情信息:[0x00000d80]ImagePath = C:\Program Files\VueScan\vuescan.exe, CmdLine = vuescan.exe /install
[0x00000b70]ImagePath = C:\Users\ADMINI~1\AppData\Local\Temp\VueScan\dpinst32.exe, CmdLine = dpinst /sw /sa /path "C:\Users\ADMINI~1\AppData\Local\Temp\VueScan"
文件行为
行为描述:创建文件
详情信息:C:\Program Files\VueScan\vuescan.exe.tmp
C:\Users\Administrator\AppData\Local\Temp\Cab38B9.tmp
C:\Users\Administrator\AppData\Local\Temp\Tar38BA.tmp
C:\Users\Administrator\AppData\Local\Temp\VUE3BE8.tmp
C:\Users\Administrator\AppData\Local\Temp\VUE3BF8.tmp
C:\ProgramData\Microsoft\Windows\Start Menu\VueScan x32.lnk
C:\Users\Administrator\AppData\Local\Temp\VUE3EA9.tmp
C:\Users\Administrator\AppData\Local\Temp\VueScan\vuetw32.ds
C:\Windows\twain_32\vuescan.ds
C:\Users\Administrator\AppData\Local\Temp\VUE41D6.tmp
C:\Users\Administrator\AppData\Local\Temp\VueScan\scadrv60.inf
C:\Users\Administrator\AppData\Local\Temp\VUE41F7.tmp
C:\Users\Administrator\AppData\Local\Temp\VueScan\scadrv60.cat
C:\Users\Administrator\AppData\Local\Temp\VUE4265.tmp
C:\Users\Administrator\AppData\Local\Temp\VueScan\dpinst32.exe
行为描述:创建可执行文件
详情信息:C:\Program Files\VueScan\vuescan.exe.tmp
C:\Users\Administrator\AppData\Local\Temp\VueScan\vuetw32.ds
C:\Users\Administrator\AppData\Local\Temp\VUE3EA9.tmp
C:\Windows\twain_32\vuescan.ds
C:\Users\Administrator\AppData\Local\Temp\VueScan\dpinst32.exe
C:\Users\Administrator\AppData\Local\Temp\VUE4265.tmp
行为描述:覆盖已有文件
详情信息:C:\Users\Administrator\AppData\Local\Temp\Cab38B9.tmp
C:\Users\Administrator\AppData\Local\Temp\Tar38BA.tmp
行为描述:查找文件
详情信息:FileName = C:\Program Files\VueScan
FileName = C:\Program Files\VueScan\vuescan.exe
FileName = C:\Program Files\VueScan\*.*
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\*
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\*
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\*
FileName = C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EE44ECA143B76F2B9F2A5AA75B5D1EC6_*
FileName = C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA4458E7366E94A3C3A9C1FE548B6D21_*
FileName = C:\Users
FileName = C:\Users\ADMINI~1
FileName = C:\Users\ADMINI~1\AppData
FileName = C:\Users\ADMINI~1\AppData\Local
FileName = C:\Users\ADMINI~1\AppData\Local\Temp
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\Cab38B9.tmp
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\Tar38BA.tmp
行为描述:复制文件
详情信息:C:\Users\ADMINI~1\AppData\Local\Temp\VueScan\vuetw32.ds ---> C:\Windows\twain_32\vuescan.ds
行为描述:删除文件
详情信息:C:\Users\Administrator\AppData\Local\Temp\Cab38B9.tmp
C:\Users\Administrator\AppData\Local\Temp\Tar38BA.tmp
C:\Users\Administrator\AppData\Local\Temp\VUE3BE8.tmp
C:\Users\Administrator\AppData\Local\Temp\VUE3BF8.tmp
C:\Users\Administrator\AppData\Local\Temp\VUE3EA9.tmp
C:\Users\Administrator\AppData\Local\Temp\VUE41D6.tmp
C:\Users\Administrator\AppData\Local\Temp\VUE41F7.tmp
C:\Users\Administrator\AppData\Local\Temp\VUE4265.tmp
C:\Users\Administrator\AppData\Local\Microsoft\Windows\WER\ERC\statecache.lock
C:\Users\Administrator\AppData\Local\Temp\{38fda049-328f-508c-3cc3-e92a22883e22}\SET6651.tmp
C:\Users\Administrator\AppData\Local\Temp\{38fda049-328f-508c-3cc3-e92a22883e22}\SET6902.tmp
C:\Windows\SoftwareDistribution\Download\49cea37ed490e5126ec9450fc2dd5116\cbshandler\state
C:\Windows\SoftwareDistribution\Download\49cea37ed490e5126ec9450fc2dd5116\Windows6.1-KB2999226-x86.cab
行为描述:在桌面创建文件
详情信息:C:\Users\Public\Desktop\VueScan x32.lnk
行为描述:重命名文件
详情信息:C:\Program Files\VueScan\vuescan.exe.tmp ---> C:\Program Files\VueScan\vuescan.exe
C:\Users\Administrator\AppData\Local\Temp\{38fda049-328f-508c-3cc3-e92a22883e22}\SET6651.tmp ---> C:\Users\ADMINI~1\AppData\Local\Temp\{38fda049-328f-508c-3cc3-e92a22883e22}\scadrv60.cat
C:\Users\Administrator\AppData\Local\Temp\{38fda049-328f-508c-3cc3-e92a22883e22}\SET6902.tmp ---> C:\Users\ADMINI~1\AppData\Local\Temp\{38fda049-328f-508c-3cc3-e92a22883e22}\scadrv60.inf
行为描述:修改文件内容
详情信息:C:\Program Files\VueScan\vuescan.exe.tmp ---> Offset = 0
C:\Program Files\VueScan\vuescan.exe.tmp ---> Offset = 20480
C:\Program Files\VueScan\vuescan.exe.tmp ---> Offset = 24576
C:\Program Files\VueScan\vuescan.exe.tmp ---> Offset = 32768
C:\Program Files\VueScan\vuescan.exe.tmp ---> Offset = 49152
C:\Users\Administrator\AppData\Local\Temp\Cab38B9.tmp ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\Tar38BA.tmp ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\Tar38BA.tmp ---> Offset = 32768
C:\Users\Administrator\AppData\Local\Temp\Tar38BA.tmp ---> Offset = 65536
C:\Users\Administrator\AppData\Local\Temp\Tar38BA.tmp ---> Offset = 98304
C:\Users\Administrator\AppData\Local\Temp\VUE3BE8.tmp ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\VUE3BE8.tmp ---> Offset = 24576
C:\Users\Administrator\AppData\Local\Temp\VUE3BE8.tmp ---> Offset = 28672
C:\Users\Administrator\AppData\Local\Temp\VUE3BE8.tmp ---> Offset = 32768
C:\Users\Administrator\AppData\Local\Temp\VUE3BE8.tmp ---> Offset = 36864
网络行为
行为描述:连接指定站点
详情信息:WinHttpConnect: ServerName = oc****om, PORT = 80, UserName = , Password = , hSession = 0x004db640, hConnect = 0x042f6ad8, Flags = 0x00000000
WinHttpConnect: ServerName = cr****om, PORT = 80, UserName = , Password = , hSession = 0x042fb840, hConnect = 0x042f9380, Flags = 0x00000000
WinHttpConnect: ServerName = cr****om, PORT = 80, UserName = , Password = , hSession = 0x004df940, hConnect = 0x04302dc8, Flags = 0x00000000
WinHttpConnect: ServerName = oc****om, PORT = 80, UserName = , Password = , hSession = 0x004d9cd0, hConnect = 0x042f9570, Flags = 0x00000000
WinHttpConnect: ServerName = cr****om, PORT = 80, UserName = , Password = , hSession = 0x042f6f38, hConnect = 0x042f9348, Flags = 0x00000000
WinHttpConnect: ServerName = cr****om, PORT = 80, UserName = , Password = , hSession = 0x042f6f38, hConnect = 0x042f9480, Flags = 0x00000000
行为描述:打开HTTP连接
详情信息:WinHttpOpen: UserAgent: Microsoft-CryptoAPI/6.1, hSession = 0x004db640
WinHttpOpen: UserAgent: Microsoft-CryptoAPI/6.1, hSession = 0x042fb840
WinHttpOpen: UserAgent: Microsoft-CryptoAPI/6.1, hSession = 0x004df940
WinHttpOpen: UserAgent: Microsoft-CryptoAPI/6.1, hSession = 0x004d9cd0
WinHttpOpen: UserAgent: Microsoft-CryptoAPI/6.1, hSession = 0x042f6f38
行为描述:建立到一个指定的套接字连接
详情信息:URL: st****om, IP: **.133.40.**:80, SOCKET = 0x000003c0
URL: st****om, IP: **.133.40.**:80, SOCKET = 0x00000400
行为描述:发送HTTP包
详情信息:GET /vuescan_version.txt HTTP/1.1 Host: st****om Connection: keep-alive
GET /v1/submit?EventName=Install&InstallTime=1505343531&VueScanVersion=VueScan%209%20x32%20(9.5.71)&EventTime=1505343534&Platform=Windows HTTP/1.1 Host: st****om Connection: keep-alive
行为描述:打开HTTP请求
详情信息:WinHttpOpenRequest: oc****om:80/mfewtzbnmeswstajbgurdgmcgguabbt3xl4lqlxdrdm9p665tw442vrsuqqureuir%2fssy4ixlvglp6chnfntya8cea%2bosqyv1wcgvif2%2fcxsbb0%3d, hConnect = 0x042f6ad8, hRequest = 0x042f6bc0, Verb: GET, Referer: , Flags = 0x00000000
WinHttpOpenRequest: cr****om:80/digicertassuredidrootca.crl, hConnect = 0x042f9380, hRequest = 0x042f68a0, Verb: GET, Referer: , Flags = 0x00000000
WinHttpOpenRequest: cr****om:80/digicertassuredidrootca.crl, hConnect = 0x04302dc8, hRequest = 0x042f9380, Verb: GET, Referer: , Flags = 0x00000000
WinHttpOpenRequest: oc****om:80/mfewtzbnmeswstajbgurdgmcgguabbsyagvy3tfizdnoybzvspfzmsem0wque2jokaraf75jeuhlp9an90wpnticea41gauoblzsfqqkki7kt8o%3d, hConnect = 0x042f9570, hRequest = 0x042ff678, Verb: GET, Referer: , Flags = 0x00000000
WinHttpOpenRequest: cr****om:80/assured-cs-g1.crl, hConnect = 0x042f9348, hRequest = 0x042f9430, Verb: GET, Referer: , Flags = 0x00000000
WinHttpOpenRequest: cr****om:80/assured-cs-g1.crl, hConnect = 0x042f9480, hRequest = 0x042ff678, Verb: GET, Referer: , Flags = 0x00000000
行为描述:按名称获取主机地址
详情信息:GetAddrInfoW: oc****om
GetAddrInfoW: cr****om
GetAddrInfoW: st****om
注册表行为
行为描述:删除注册表键
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts\
行为描述:删除注册表键值
详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\AccountDomainSid
行为描述:修改注册表
详情信息:\REGISTRY\USER\S-*\Software\VueScan\path\
\REGISTRY\MACHINE\SOFTWARE\VueScan\path\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VueScan x32\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VueScan x32\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VueScan x32\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-*\RefCount
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\zbavgbe\DD.rkr
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.101\CheckSetting
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.103\CheckSetting
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.100\CheckSetting
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.102\CheckSetting
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.100\CheckSetting
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0\CheckSetting
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts\C:\ProgramData\Microsoft\Windows\Start Menu\VueScan x32.lnk
\REGISTRY\MACHINE\SYSTEM\Setup\SetupapiLogStatus\setupapi.dev.log
其他行为
行为描述:检测自身是否被调试
详情信息:IsDebuggerPresent
行为描述:创建互斥体
详情信息:Global\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwReaderRefs
Global\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex
Global\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:thumbcache_32.db!dfMaintainer
Global\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer
Global\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer
Global\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1024.db!dfMaintainer
Global\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer
Global\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!ThumbnailCacheInit
Global\DPINST_LOG_SCROLLER_MUTEX
行为描述:打开互斥体
详情信息:Local\MSCTF.Asm.MutexDefault1
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [wxWindowClassNR,VueScan 9 x32 (9.5.71)]
NtUserFindWindowEx: [Class,Window] = [HPPhotoSmartPhotoScannerMediaDetectUtility,]
NtUserFindWindowEx: [Class,Window] = [BlinkMainWndClass1234567890,]
NtUserFindWindowEx: [Class,Window] = [NikonFrescoSource,]
NtUserFindWindowEx: [Class,Window] = [NikonScan2,]
NtUserFindWindowEx: [Class,Window] = [,Dimage Scan Dual]
NtUserFindWindowEx: [Class,Window] = [,Dimage Scan Multi]
NtUserFindWindowEx: [Class,Window] = [,Dimage Scan Speed]
NtUserFindWindowEx: [Class,Window] = [,Dimage Scan Elite]
NtUserFindWindowEx: [Class,Window] = [,MiraPhoto]
NtUserFindWindowEx: [Class,Window] = [,HP PhotoSmart S20 Scanner]
NtUserFindWindowEx: [Class,Window] = [,HP PhotoSmart Photo Scanner]
NtUserFindWindowEx: [Class,Window] = [#32770,QuickScan Plus (Plustek OpticFilm 135)]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [SystemTray_Main,]
行为描述:调整进程token权限
详情信息:SE_AUDIT_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
SE_ASSIGNPRIMARYTOKEN_PRIVILEGE
SE_RESTORE_PRIVILEGE
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
Global\SvcctrlStartEvent_A3752DX
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
\KernelObjects\MaximumCommitCondition
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
{A1965210-3A9D-4bca-822B-433645B3F5A2}
行为描述:导入密钥
详情信息:[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x004B9DA0, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x004B7790, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x004DA750, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x04302BF8, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x042FE4D0, DataLen: 532, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x042FE2C0, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x042F9508, DataLen: 276, Flags: 0x00000000
行为描述:可执行文件签名信息
详情信息:C:\Program Files\VueScan\vuescan.exe.tmp(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\VueScan\vuetw32.ds(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\VUE3EA9.tmp(签名验证: 未通过)
C:\Windows\twain_32\vuescan.ds(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\VueScan\dpinst32.exe(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\VUE4265.tmp(签名验证: 未通过)
行为描述:可执行文件MD5
详情信息:C:\Program Files\VueScan\vuescan.exe.tmp ---> 文件过大!
C:\Users\Administrator\AppData\Local\Temp\VueScan\vuetw32.ds ---> 51baec3a485481dda7c42639489aefda
C:\Users\Administrator\AppData\Local\Temp\VUE3EA9.tmp ---> 51baec3a485481dda7c42639489aefda
C:\Windows\twain_32\vuescan.ds ---> 51baec3a485481dda7c42639489aefda
C:\Users\Administrator\AppData\Local\Temp\VueScan\dpinst32.exe ---> b8e045209bae19c6c0a16c29f77a7767
C:\Users\Administrator\AppData\Local\Temp\VUE4265.tmp ---> b8e045209bae19c6c0a16c29f77a7767
行为描述:直接获取CPU时钟
详情信息:EAX = 0x76f51a2a, EDX = 0x00000077
EAX = 0x8195e743, EDX = 0x00000077
EAX = 0x841db6cc, EDX = 0x00000077
EAX = 0xf8050b40, EDX = 0x00000078
EAX = 0xfff2d929, EDX = 0x00000078
EAX = 0xfff2d975, EDX = 0x00000078
EAX = 0xfff2d9c1, EDX = 0x00000078
EAX = 0x052da87a, EDX = 0x00000079
行为描述:加载新释放的文件
详情信息:Image: C:\Program Files\VueScan\vuescan.exe.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\VueScan\dpinst32.exe.
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号