VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
文件信息
安全评分 :55
基本信息
MD5:7e2871b8d37f12f2954d4e84643b6496
文件类型:EXE
出品公司:
版本:2.1.0.727---2.1.0.727
壳或编译器信息:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [Overlay] *
关键行为
行为描述:直接调用系统关键API
详情信息:Index = 0x000000EA, Name: NtQueryInformationProcess, Instruction Address = 0x00D2FD51
行为描述:获取TickCount值
详情信息:TickCount = 70850, SleepMilliseconds = 100.
TickCount = 70959, SleepMilliseconds = 100.
TickCount = 71068, SleepMilliseconds = 100.
TickCount = 71178, SleepMilliseconds = 100.
TickCount = 71287, SleepMilliseconds = 100.
TickCount = 71396, SleepMilliseconds = 100.
TickCount = 71506, SleepMilliseconds = 100.
TickCount = 71600, SleepMilliseconds = 100.
TickCount = 71615, SleepMilliseconds = 100.
TickCount = 71725, SleepMilliseconds = 100.
TickCount = 71834, SleepMilliseconds = 100.
TickCount = 72600, SleepMilliseconds = 100.
行为描述:直接获取CPU时钟
详情信息:EAX = 0x1265f177, EDX = 0x0000003a
EAX = 0x14edc100, EDX = 0x0000003a
EAX = 0x14edc14c, EDX = 0x0000003a
EAX = 0x66bf98f7, EDX = 0x0000003a
EAX = 0x66bf9943, EDX = 0x0000003a
EAX = 0x79230406, EDX = 0x0000003a
行为描述:VMWare特殊指令检测虚拟机
详情信息:N/A
进程行为
行为描述:枚举进程
详情信息:N/A
网络行为
行为描述:连接指定站点
详情信息:WinHttpConnect: ServerName = ap****cc, PORT = 80, UserName = , Password = , hSession = 0x003f6890, hConnect = 0x0040c270, Flags = 0x00000000
WinHttpConnect: ServerName = rj****om, PORT = 80, UserName = , Password = , hSession = 0x0043e840, hConnect = 0x0041b518, Flags = 0x00000000
WinHttpConnect: ServerName = ap****cc, PORT = 80, UserName = , Password = , hSession = 0x003f6890, hConnect = 0x0041afc0, Flags = 0x00000000
行为描述:打开HTTP连接
详情信息:WinHttpOpen: UserAgent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW32; Trident/5.0), hSession = 0x003f6890
WinHttpOpen: UserAgent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0), hSession = 0x0043e840
行为描述:打开HTTP请求
详情信息:WinHttpOpenRequest: ap****cc:80/api/getlist, hConnect = 0x0040c270, hRequest = 0x004178a0, Verb: POST, Referer: , Flags = 0x00000000
WinHttpOpenRequest: rj****om:80/api.php, hConnect = 0x0041b518, hRequest = 0x0041c868, Verb: POST, Referer: , Flags = 0x00000000
WinHttpOpenRequest: ap****cc:80/api/getlist, hConnect = 0x0041afc0, hRequest = 0x004200c8, Verb: POST, Referer: , Flags = 0x00000000
行为描述:按名称获取主机地址
详情信息:GetAddrInfoW: rj****om
GetAddrInfoW: ap****cc
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Direct3D\MostRecentApplication\Name
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\EnableFileTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\EnableConsoleTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\FileTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\ConsoleTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\MaxFileSize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\FileDirectory
其他行为
行为描述:检测自身是否被调试
详情信息:IsDebuggerPresent
行为描述:创建互斥体
详情信息:RasPbFile
ATL:MemData03EAA-PC
Local\__DDrawExclMode__
Local\__DDrawCheckExclMode__
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,ATL:DLGFrame032E]
行为描述:直接调用系统关键API
详情信息:Index = 0x000000EA, Name: NtQueryInformationProcess, Instruction Address = 0x00D2FD51
行为描述:窗口信息
详情信息:Pid = 2588, Hwnd=0x5016c, Text = 确定, ClassName = Button.
Pid = 2588, Hwnd=0x2017a, Text = 网络链接错误, ClassName = Static.
Pid = 2588, Hwnd=0x301e6, Text = 错误, ClassName = #32770.
行为描述:获取TickCount值
详情信息:TickCount = 70850, SleepMilliseconds = 100.
TickCount = 70959, SleepMilliseconds = 100.
TickCount = 71068, SleepMilliseconds = 100.
TickCount = 71178, SleepMilliseconds = 100.
TickCount = 71287, SleepMilliseconds = 100.
TickCount = 71396, SleepMilliseconds = 100.
TickCount = 71506, SleepMilliseconds = 100.
TickCount = 71600, SleepMilliseconds = 100.
TickCount = 71615, SleepMilliseconds = 100.
TickCount = 71725, SleepMilliseconds = 100.
TickCount = 71834, SleepMilliseconds = 100.
TickCount = 72600, SleepMilliseconds = 100.
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
Global\SvcctrlStartEvent_A3752DX
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
\KernelObjects\MaximumCommitCondition
行为描述:调用Sleep函数
详情信息:[1]: MilliSeconds = 100.
[2]: MilliSeconds = 100.
[3]: MilliSeconds = 100.
[4]: MilliSeconds = 100.
[5]: MilliSeconds = 100.
[6]: MilliSeconds = 100.
[7]: MilliSeconds = 100.
[8]: MilliSeconds = 100.
[9]: MilliSeconds = 100.
[10]: MilliSeconds = 100.
行为描述:直接获取CPU时钟
详情信息:EAX = 0x1265f177, EDX = 0x0000003a
EAX = 0x14edc100, EDX = 0x0000003a
EAX = 0x14edc14c, EDX = 0x0000003a
EAX = 0x66bf98f7, EDX = 0x0000003a
EAX = 0x66bf9943, EDX = 0x0000003a
EAX = 0x79230406, EDX = 0x0000003a
行为描述:VMWare特殊指令检测虚拟机
详情信息:N/A
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号