VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
文件信息
安全评分 :75
基本信息
MD5:5b1cd6680e416f73fef3a3247187e27f
文件类型:Rar
出品公司:
版本:
壳或编译器信息:COMPILER:Microsoft Visual C# / Basic .NET
子文件信息:FireStealer Builder.exe / 039525f2a833f1a33f71263f39d52dd6 / EXE
stub.exe / b47bfdc9e9feaef2f5b68c35aecf4cd5 / EXE
关键行为
行为描述:直接获取CPU时钟
详情信息:EAX = 0x35e62cb0, EDX = 0x000000b5
EAX = 0x35e62cfc, EDX = 0x000000b5
EAX = 0x3b20fbb5, EDX = 0x000000b5
EAX = 0x3b20fc01, EDX = 0x000000b5
EAX = 0x3da8cb8a, EDX = 0x000000b5
EAX = 0x52bf357d, EDX = 0x000000b5
EAX = 0x52bf35c9, EDX = 0x000000b5
EAX = 0x5d6002e2, EDX = 0x000000b5
EAX = 0x5d60032e, EDX = 0x000000b5
行为描述:获取TickCount值
详情信息:TickCount = 241691, SleepMilliseconds = 20.
TickCount = 241707, SleepMilliseconds = 20.
TickCount = 241723, SleepMilliseconds = 20.
进程行为
行为描述:创建本地线程
详情信息:TargetProcess: stub.exe, InheritedFromPID = 2000, ProcessID = 2616, ThreadID = 2628, StartAddress = 79F0237F, Parameter = 00000000
TargetProcess: stub.exe, InheritedFromPID = 2000, ProcessID = 2616, ThreadID = 2632, StartAddress = 79F91FCF, Parameter = 001A53B0
TargetProcess: stub.exe, InheritedFromPID = 2000, ProcessID = 2616, ThreadID = 2664, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: stub.exe, InheritedFromPID = 2000, ProcessID = 2616, ThreadID = 3200, StartAddress = 79FDA29C, Parameter = 00000000
TargetProcess: stub.exe, InheritedFromPID = 2000, ProcessID = 2616, ThreadID = 3204, StartAddress = 77E56C7D, Parameter = 001D2A70
TargetProcess: stub.exe, InheritedFromPID = 2000, ProcessID = 2616, ThreadID = 3208, StartAddress = 769AE43B, Parameter = 001D20C8
文件行为
行为描述:覆盖已有文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
行为描述:查找文件
详情信息:FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\WINDOWS\Microsoft.NET\Framework\\*
FileName = C:\WINDOWS
FileName = C:\WINDOWS\WinSxS
FileName = C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
FileName = C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\stub.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\stub.INI
FileName = C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
其他行为
行为描述:检测自身是否被调试
详情信息:IsDebuggerPresent
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.MDK
行为描述:创建事件对象
详情信息:EventName = Global\CorDBIPCSetupSyncEvent_2616
EventName = MSCTF.SendReceive.Event.MDK.IC
EventName = MSCTF.SendReceiveConection.Event.MDK.IC
行为描述:打开互斥体
详情信息:ShimCacheMutex
Global\CLR_CASOFF_MUTEX
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述:打开事件
详情信息:Global\CLR_PerfMon_StartEnumEvent
\KernelObjects\LowMemoryCondition
HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
MSFT.VSA.COM.DISABLE.2616
MSFT.VSA.IEC.STATUS.6c736db0
行为描述:获取TickCount值
详情信息:TickCount = 241691, SleepMilliseconds = 20.
TickCount = 241707, SleepMilliseconds = 20.
TickCount = 241723, SleepMilliseconds = 20.
行为描述:窗口信息
详情信息:Pid = 2616, Hwnd=0x10350, Text = FirePassword (Ver 2.6) : Firefox Username & Password List Decryptor by Nagareshwar Y Talekar For latest version visit http://www.SecurityXploded.com. ****** Excluded Host List ******* ******** Saved Host list with username/pass, ClassName = WindowsForms10.EDIT.app.0.378734a.
Pid = 2616, Hwnd=0x30348, Text = , ClassName = WindowsForms10.Window.8.app.0.378734a.
Pid = 2616, Hwnd=0x10354, Text = Unhandled exception has occurred in your application. If you click Continue, the application will ignore this error and attempt to continue. If you click Quit, the application will close immediately. Index was outside the bounds of the array., ClassName = WindowsForms10.STATIC.app.0.378734a.
Pid = 2616, Hwnd=0x1035c, Text = &Details, ClassName = WindowsForms10.BUTTON.app.0.378734a.
Pid = 2616, Hwnd=0x1035e, Text = &Continue, ClassName = WindowsForms10.BUTTON.app.0.378734a.
Pid = 2616, Hwnd=0x10360, Text = &Quit, ClassName = WindowsForms10.BUTTON.app.0.378734a.
Pid = 2616, Hwnd=0x10362, Text = See the end of this message for details on invoking just-in-time (JIT) debugging instead of this dialog box. ************** Exception Text ************** System.IndexOutOfRangeException: Index was outside the bounds of the array. at stub.Form1.Form1, ClassName = WindowsForms10.EDIT.app.0.378734a.
Pid = 2616, Hwnd=0x10356, Text = Microsoft .NET Framework, ClassName = WindowsForms10.Window.8.app.0.378734a.
行为描述:调用Sleep函数
详情信息:[1]: MilliSeconds = -1.
[2]: MilliSeconds = 20.
行为描述:直接获取CPU时钟
详情信息:EAX = 0x35e62cb0, EDX = 0x000000b5
EAX = 0x35e62cfc, EDX = 0x000000b5
EAX = 0x3b20fbb5, EDX = 0x000000b5
EAX = 0x3b20fc01, EDX = 0x000000b5
EAX = 0x3da8cb8a, EDX = 0x000000b5
EAX = 0x52bf357d, EDX = 0x000000b5
EAX = 0x52bf35c9, EDX = 0x000000b5
EAX = 0x5d6002e2, EDX = 0x000000b5
EAX = 0x5d60032e, EDX = 0x000000b5
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号