VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
文件信息
安全评分 :72
基本信息
MD5:43f10d01bd03d69330445e1f95dd8bd6
文件类型:EXE
出品公司:
版本:
壳或编译器信息:PACKER:PE+(64)
关键行为
行为描述:设置启动项
详情信息:C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\importantupdates.vbs
行为描述:获取TickCount值
详情信息:TickCount = 753207, SleepMilliseconds = 4.
TickCount = 753222, SleepMilliseconds = 4.
TickCount = 753254, SleepMilliseconds = 4.
行为描述:修改注册表_启动项
详情信息:\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\importantupdates
进程行为
行为描述:创建新文件进程
详情信息:[0x000002f8]ImagePath = C:\Users\Administrator\AppData\Roaming\importantupdates\data.exe, CmdLine = C:\Users\Administrator\AppData\Roaming\importantupdates\data.exe
[0x00000950]ImagePath = C:\Users\Administrator\AppData\Roaming\importantupdates\importantupdates.exe, CmdLine = C:\Users\Administrator\AppData\Roaming\importantupdates\importantupdates.exe
[0x000002e4]ImagePath = C:\Users\Administrator\AppData\Roaming\importantupdates\data.exe, CmdLine = C:\Users\Administrator\AppData\Roaming\importantupdates\data.exe
行为描述:创建本地线程
详情信息:ProcessId = 2384, ThreadId = 2084.
文件行为
行为描述:创建文件
详情信息:C:\Users\Administrator\AppData\Roaming\importantupdates\importantupdates.exe
C:\Users\Administrator\AppData\Roaming\importantupdates\data.exe
C:\Users\Administrator\AppData\Roaming\importantupdates\license.txt
行为描述:创建可执行文件
详情信息:C:\Users\Administrator\AppData\Roaming\importantupdates\importantupdates.exe
C:\Users\Administrator\AppData\Roaming\importantupdates\data.exe
行为描述:修改脚本文件
详情信息:C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\importantupdates.vbs ---> Offset = 0
行为描述:覆盖已有文件
详情信息:C:\Users\Administrator\AppData\Roaming\importantupdates\importantupdates.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\importantupdates.vbs
行为描述:复制文件
详情信息:C:\Users\Administrator\AppData\Local\%temp%\****.exe ---> C:\Users\Administrator\AppData\Roaming\importantupdates\importantupdates.exe
行为描述:设置启动项
详情信息:C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\importantupdates.vbs
行为描述:修改文件内容
详情信息:C:\Users\Administrator\AppData\Roaming\importantupdates\importantupdates.exe ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\importantupdates\importantupdates.exe ---> Offset = 1048576
C:\Users\Administrator\AppData\Roaming\importantupdates\importantupdates.exe ---> Offset = 2097152
C:\Users\Administrator\AppData\Roaming\importantupdates\importantupdates.exe ---> Offset = 3145728
C:\Users\Administrator\AppData\Roaming\importantupdates\importantupdates.exe ---> Offset = 4194304
C:\Users\Administrator\AppData\Roaming\importantupdates\importantupdates.exe ---> Offset = 9105408
C:\Users\Administrator\AppData\Roaming\importantupdates\data.exe ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\importantupdates\license.txt ---> Offset = 0
网络行为
行为描述:建立到一个指定的套接字连接
详情信息:URL: ww****om, IP: **.133.40.**:128, SOCKET = 0x00000190
行为描述:按名称获取主机地址
详情信息:GetAddrInfoW: ww****om
注册表行为
行为描述:修改注册表_启动项
详情信息:\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\importantupdates
其他行为
行为描述:创建互斥体
详情信息:importantupdates_01
windowsupdates_01
行为描述:获取TickCount值
详情信息:TickCount = 753207, SleepMilliseconds = 4.
TickCount = 753222, SleepMilliseconds = 4.
TickCount = 753254, SleepMilliseconds = 4.
行为描述:可执行文件签名信息
详情信息:C:\Users\Administrator\AppData\Roaming\importantupdates\importantupdates.exe(签名验证: 未通过)
C:\Users\Administrator\AppData\Roaming\importantupdates\data.exe(签名验证: 未通过)
行为描述:调用Sleep函数
详情信息:[1]: MilliSeconds = 3000.
[1]: MilliSeconds = 4.
[2]: MilliSeconds = 0.
[3]: MilliSeconds = 0.
[4]: MilliSeconds = 0.
[5]: MilliSeconds = 0.
[6]: MilliSeconds = 0.
[7]: MilliSeconds = 0.
[8]: MilliSeconds = 0.
[9]: MilliSeconds = 0.
[10]: MilliSeconds = 0.
行为描述:可执行文件MD5
详情信息:C:\Users\Administrator\AppData\Roaming\importantupdates\importantupdates.exe ---> 文件过大!
C:\Users\Administrator\AppData\Roaming\importantupdates\data.exe ---> 文件过大!
行为描述:打开互斥体
详情信息:Local\ShimViewer
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号