VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
文件信息
安全评分 :79
基本信息
MD5:58ca3dff743828367f214338013d3e89
文件类型:EXE
出品公司:
版本:1.0.0.0---1.00
壳或编译器信息:COMPILER:Microsoft Visual Basic 5.0 / 6.0 [Overlay]
关键行为
行为描述:获取TickCount值
详情信息:TickCount = 279109, SleepMilliseconds = 60000.
TickCount = 279125, SleepMilliseconds = 60000.
TickCount = 279140, SleepMilliseconds = 60000.
TickCount = 279156, SleepMilliseconds = 60000.
TickCount = 279187, SleepMilliseconds = 60000.
TickCount = 279203, SleepMilliseconds = 60000.
TickCount = 279250, SleepMilliseconds = 60000.
TickCount = 279296, SleepMilliseconds = 60000.
TickCount = 279328, SleepMilliseconds = 60000.
TickCount = 279343, SleepMilliseconds = 60000.
TickCount = 279359, SleepMilliseconds = 60000.
TickCount = 279375, SleepMilliseconds = 60000.
TickCount = 279390, SleepMilliseconds = 60000.
TickCount = 279406, SleepMilliseconds = 60000.
TickCount = 279421, SleepMilliseconds = 60000.
进程行为
行为描述:创建本地线程
详情信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2632, ThreadID = 2644, StartAddress = 77C0A341, Parameter = 003F5DA8
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2632, ThreadID = 2648, StartAddress = 77C0A341, Parameter = 003F5DA8
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2632, ThreadID = 2652, StartAddress = 071238B3, Parameter = 003F8CD8
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2632, ThreadID = 2656, StartAddress = 071238B3, Parameter = 003F8E28
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2632, ThreadID = 2660, StartAddress = 071238B3, Parameter = 003F9050
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2632, ThreadID = 2664, StartAddress = 071238B3, Parameter = 003F9AB0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2632, ThreadID = 2668, StartAddress = 071238B3, Parameter = 003F9C00
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2632, ThreadID = 2672, StartAddress = 071238B3, Parameter = 003F9D50
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2632, ThreadID = 2776, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2632, ThreadID = 2780, StartAddress = 7C93059A, Parameter = 001DBD68
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2632, ThreadID = 2784, StartAddress = 7C949B6F, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2632, ThreadID = 2788, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2632, ThreadID = 2816, StartAddress = 77E56C7D, Parameter = 001CBC28
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2632, ThreadID = 2820, StartAddress = 769AE43B, Parameter = 001DBFC8
文件行为
行为描述:创建文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML.bak
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML.done
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
行为描述:覆盖已有文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML
行为描述:查找文件
详情信息:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
行为描述:删除文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML.done
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML.bak
行为描述:复制文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML.bak ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML
行为描述:修改文件内容
详情信息:C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML.bak ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML ---> Offset = 38
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
\REGISTRY\USER\S-*\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
\REGISTRY\USER\S-*\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
\REGISTRY\USER\S-*\Software\Microsoft\Windows Media\WMSDK\Namespace\LocalBase
\REGISTRY\USER\S-*\Software\Microsoft\Windows Media\WMSDK\Namespace\DTDFile
\REGISTRY\USER\S-*\Software\Microsoft\Windows Media\WMSDK\Namespace\LocalDelta
\REGISTRY\USER\S-*\Software\Microsoft\Windows Media\WMSDK\Namespace\RemoteDelta
\REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\MMS\ProxyStyle
\REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\MMS\ProxyName
\REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\MMS\ProxyPort
\REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\MMS\ProxyBypass
\REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\MMS\ProxyExclude
\REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP\ProxyStyle
\REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP\ProxyName
\REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP\ProxyPort
行为描述:删除注册表键值
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\DWFileTreeRoot
行为描述:删除注册表键
详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\
其他行为
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
行为描述:创建事件对象
详情信息:EventName = DINPUTWINMM
EventName = {A8A62B01-F319-453C-9F2A-7F98F5577FC9}
EventName = Global\userenv: User Profile setup event
行为描述:获取TickCount值
详情信息:TickCount = 279109, SleepMilliseconds = 60000.
TickCount = 279125, SleepMilliseconds = 60000.
TickCount = 279140, SleepMilliseconds = 60000.
TickCount = 279156, SleepMilliseconds = 60000.
TickCount = 279187, SleepMilliseconds = 60000.
TickCount = 279203, SleepMilliseconds = 60000.
TickCount = 279250, SleepMilliseconds = 60000.
TickCount = 279296, SleepMilliseconds = 60000.
TickCount = 279328, SleepMilliseconds = 60000.
TickCount = 279343, SleepMilliseconds = 60000.
TickCount = 279359, SleepMilliseconds = 60000.
TickCount = 279375, SleepMilliseconds = 60000.
TickCount = 279390, SleepMilliseconds = 60000.
TickCount = 279406, SleepMilliseconds = 60000.
TickCount = 279421, SleepMilliseconds = 60000.
行为描述:获取光标位置
详情信息:CursorPos = (80,18468), SleepMilliseconds = 60000.
CursorPos = (6373,26501), SleepMilliseconds = 60000.
CursorPos = (19208,15725), SleepMilliseconds = 60000.
CursorPos = (11517,29359), SleepMilliseconds = 60000.
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
WMPPERF_APP_END_OF_LAUNCH
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
MSFT.VSA.COM.DISABLE.2632
MSFT.VSA.IEC.STATUS.6c736db0
行为描述:调用Sleep函数
详情信息:[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 0.
[3]: MilliSeconds = 0.
[4]: MilliSeconds = 0.
[5]: MilliSeconds = 0.
[6]: MilliSeconds = 0.
[7]: MilliSeconds = 0.
[8]: MilliSeconds = 0.
[9]: MilliSeconds = 0.
[10]: MilliSeconds = 0.
行为描述:打开互斥体
详情信息:ShimCacheMutex
MutexToProtectNamespace
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号