VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
文件信息
安全评分 :33
基本信息
MD5:6aa0820c31da662a4084ff3d4f0084c5
文件类型:EXE
出品公司:
版本:1.0.0.0---1.0.0.0
壳或编译器信息:
关键行为
行为描述:跨进程写入数据
详情信息:TargetProcess = iexplore.exe, WriteAddress = 0x20070000, Size = 53248
TargetProcess = iexplore.exe, WriteAddress = 0x00020000, Size = 563
TargetProcess = iexplore.exe, WriteAddress = 0x00401a25, Size = 12
行为描述:在根目录创建自运行文件
详情信息:C:\DiskX\autorun.inf
行为描述:跨进程写代码段数据
详情信息:C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00401A25, EntryPoint = 0x00401A25
行为描述:设置特殊文件夹属性
详情信息:C:\DiskX\RECYCLER
C:\DiskX\RECYCLER\S-3-6-28-8605507681-2137482215-074266818-2462
行为描述:修改注册表_启动项
详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
进程行为
行为描述:创建进程
详情信息:ImagePath = C:\Program Files\Internet Explorer\IEXPLORE.EXE, CmdLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
行为描述:创建本地线程
详情信息:N/A
行为描述:跨进程写入数据
详情信息:TargetProcess = iexplore.exe, WriteAddress = 0x20070000, Size = 53248
TargetProcess = iexplore.exe, WriteAddress = 0x00020000, Size = 563
TargetProcess = iexplore.exe, WriteAddress = 0x00401a25, Size = 12
行为描述:创建新文件进程
详情信息:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\996ESrv.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\996ESrv.exe
ImagePath = C:\Program Files\Microsoft\DesktopLayer.exe, CmdLine = "C:\Program Files\Microsoft\DesktopLayer.exe"
行为描述:枚举进程
详情信息:N/A
行为描述:跨进程写代码段数据
详情信息:C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00401A25, EntryPoint = 0x00401A25
行为描述:进程退出
详情信息:N/A
文件行为
行为描述:创建文件
详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\996ESrv.exe
C:\Program Files\Microsoft\px3.tmp
C:\Program Files\Microsoft\DesktopLayer.exe
C:\Program Files\Internet Explorer\dmlconf.dat
C:\DiskX\RECYCLER\S-3-6-28-8605507681-2137482215-074266818-2462\CNpxQqPN.exe
行为描述:创建可执行文件
详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\996ESrv.exe
C:\Program Files\Microsoft\DesktopLayer.exe
C:\DiskX\RECYCLER\S-3-6-28-8605507681-2137482215-074266818-2462\CNpxQqPN.exe
行为描述:覆盖已有文件
详情信息:C:\Program Files\Microsoft\px3.tmp
C:\Program Files\Internet Explorer\dmlconf.dat
行为描述:查找文件
详情信息:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\996ESrv.exe
FileName = C:\Program Files\Internet Explorer\IEXPLORE.EXE
FileName = C:\Program Files\Internet Explorer\iexplore.exe
FileName = C:\*.*
FileName = C:\222c25ed\*.*
FileName = C:\222c25ed\IE8-Setup-Full\*.*
FileName = C:\222c25ed\IE8-Setup-Full\log\*.*
FileName = C:\AnalyzeControl\*.*
FileName = C:\DiskD\*.*
FileName = C:\DiskX\*.*
行为描述:内存映射方式修改可执行文件
详情信息:\device\harddiskvolume1\documents and settings\administrator\application data\sogouexplorer\extension\com.sogou.snaptaker\0.4.2\npprintscreen.dll
行为描述:删除文件
详情信息:C:\Program Files\Microsoft\px3.tmp
行为描述:修改原系统的可执行文件
详情信息:C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\npprintscreen.dll---> Offset = 376832
行为描述:在根目录创建自运行文件
详情信息:C:\DiskX\autorun.inf
行为描述:设置特殊文件夹属性
详情信息:C:\DiskX\RECYCLER
C:\DiskX\RECYCLER\S-3-6-28-8605507681-2137482215-074266818-2462
行为描述:修改文件内容
详情信息:C:\Program Files\Microsoft\px3.tmp---> Offset = 0
C:\Program Files\Internet Explorer\dmlconf.dat---> Offset = 0
C:\DiskX\autorun.inf---> Offset = 5652
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\backgroundpage.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\backgroundpage.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\popup.html---> Offset = 39547
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.1\backgroundpage.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.share\0.0.0.1\backgroundpage.html---> Offset = 5201
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\background.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\callback.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\pop.html---> Offset = 12867
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\signin.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\ translate.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\backgroundpage.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\google_translate.html---> Offset = 0
行为描述:修改新生成的可执行文件
详情信息:C:\DiskX\RECYCLER\S-3-6-28-8605507681-2137482215-074266818-2462\CNpxQqPN.exe---> Offset = 53248
C:\Documents and Settings\Administrator\Local Settings\%temp%\996ESrv.exe---> Offset = 53248
网络行为
行为描述:建立到一个指定的套接字连接
详情信息:219.133.40.1:80
219.133.40.1:443
行为描述:按名称获取主机地址
详情信息:google.com
fget-career.com
注册表行为
行为描述:修改注册表_启动项
详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
其他行为
行为描述:创建互斥体
详情信息:KyUffThOkYwRRtgPP
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MFF
行为描述:创建事件对象
详情信息:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.MFF.IC
EventName = MSCTF.SendReceiveConection.Event.MFF.IC
行为描述:修改后的可执行文件MD5
详情信息:C:\DiskX\RECYCLER\S-3-6-28-8605507681-2137482215-074266818-2462\CNpxQqPN.exe ---> 07c4c1da2908c6bc7cabcc01019c8cbe
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\npprintscreen.dll ---> ee2c15c8fbbaeca4762bf68dea5087b4
C:\Documents and Settings\Administrator\Local Settings\%temp%\996ESrv.exe ---> 07c4c1da2908c6bc7cabcc01019c8cbe
行为描述:窗口信息
详情信息:Pid = 416, Hwnd=0x202d8, Text = 产生源码, ClassName = Button.
Pid = 416, Hwnd=0x202d6, Text = 复制到剪切板, ClassName = Button.
Pid = 416, Hwnd=0x302dc, Text = 类模块源码, ClassName = Button(CheckBox).
Pid = 416, Hwnd=0x302bc, Text = 类名或ID:, ClassName = Afx:1150000:b:10011:1900015:0.
Pid = 416, Hwnd=0x202a8, Text = COM对象, ClassName = WTWindow.
行为描述:修改后的可执行文件签名信息
详情信息:C:\DiskX\RECYCLER\S-3-6-28-8605507681-2137482215-074266818-2462\CNpxQqPN.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\npprintscreen.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996ESrv.exe(签名验证: 未通过)
行为描述:可执行文件签名信息
详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\996ESrv.exe(签名验证: 未通过)
C:\Program Files\Microsoft\DesktopLayer.exe(签名验证: 未通过)
C:\DiskX\RECYCLER\S-3-6-28-8605507681-2137482215-074266818-2462\CNpxQqPN.exe(签名验证: 未通过)
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [<,AfxWnd42s]
[Window,Class] = [>,AfxWnd42s]
行为描述:可执行文件MD5
详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\996ESrv.exe ---> ff5e1f27193ce51eec318714ef038bef
C:\Program Files\Microsoft\DesktopLayer.exe ---> ff5e1f27193ce51eec318714ef038bef
C:\DiskX\RECYCLER\S-3-6-28-8605507681-2137482215-074266818-2462\CNpxQqPN.exe ---> ff5e1f27193ce51eec318714ef038bef
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号