VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
文件信息
安全评分 :59
基本信息
MD5:a0492490b98a266a8c6c0df8e677de04
文件类型:Nsis
出品公司:Faronics Corporation
版本:8.30.20.4627---8.30.20.4627
壳或编译器信息:
子文件信息:DFStd.exe / big file / EXE
DFTrial.exe / eccb3c90783f73957f44c4df2ad7360f / EXE
ReplaceFile.exe / 4b2ebaaef8ddcf7e7055b6144ae62d06 / EXE
CONDLG32.dll / 632c1b2f753e35a8d123b5238178ce86 / DLL
Faronics_Data_Igloo_README.txt / d734753a8198e84079792f8837302006 / Unknown
[NSIS].nsi / 627584fe1eb42b5752f8725376930b0e / Unknown
Faronics_Data_Igloo.url / c9e3064e81572c12f188646775eb8e0f / Unknown
Data Igloo Benutzerhandbuch.url / a120fba0f516b4652bb7f57dc9ee8f39 / Unknown
Deep Freeze Standard Benutzerhandbuch.url / 44cc280f6869f8a1d28770a752437cd2 / Unknown
Data Igloo User Guide.url / 5954fe160c4533ab2113261d327f2c5f / Unknown
Deep Freeze Standard User Guide.url / 31190415f7a9d269a21678247e007f88 / Unknown
Data Igloo Gui輥a de usuario.url / 5cbe2ad2988d24218bbd497aee44716c / Unknown
Deep Freeze Standard Gui輥a de usuario.url / 632d44c61955f3db1680529fdbf077b4 / Unknown
Data Igloo Manuel de l'utilisateur.url / 872381dc88e9248e51ecd9b8602d3935 / Unknown
Deep Freeze Standard Manuel de l'utilisateur.url / 5c078540122fec4c04685284bc39d691 / Unknown
Data Igloo User Guide.url / 93dff501d597ebdf8141b6c5f267ea2f / Unknown
Deep Freeze Standard User Guide.url / f143037f4cdad5e228840f4c855d8da6 / Unknown
Data Igloo User Guide.url / 25d8067b7f9c836ae1ae6072013de0b5 / Unknown
Deep Freeze Standard User Guide.url / 2654fef42e9d23cee31239c354fe7507 / Unknown
关键行为
行为描述:跨进程写入数据
详情信息:TargetProcess = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tmp~DFStd\DFStd.exe, WriteAddress = 0x00010000, Size = 0x000007c2
TargetProcess = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tmp~DFStd\DFStd.exe, WriteAddress = 0x00020000, Size = 0x00000794
TargetProcess = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tmp~DFStd\DFStd.exe, WriteAddress = 0x7ffde010, Size = 0x00000004
TargetProcess = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tmp~DFStd\DFStd.exe, WriteAddress = 0x7ffde1e8, Size = 0x00000004
行为描述:获取窗口截图信息
详情信息:Foreground window Info: HWND = 0x00000000, DC = 0x160104a3.
行为描述:获取TickCount值
详情信息:TickCount = 551968, SleepMilliseconds = 60000.
TickCount = 552000, SleepMilliseconds = 60000.
TickCount = 552031, SleepMilliseconds = 60000.
TickCount = 552046, SleepMilliseconds = 60000.
TickCount = 552062, SleepMilliseconds = 60000.
TickCount = 552078, SleepMilliseconds = 60000.
TickCount = 552093, SleepMilliseconds = 60000.
TickCount = 552109, SleepMilliseconds = 60000.
TickCount = 552140, SleepMilliseconds = 60000.
TickCount = 552156, SleepMilliseconds = 60000.
TickCount = 552171, SleepMilliseconds = 60000.
TickCount = 552187, SleepMilliseconds = 60000.
TickCount = 552250, SleepMilliseconds = 60000.
TickCount = 552265, SleepMilliseconds = 60000.
TickCount = 552281, SleepMilliseconds = 60000.
进程行为
行为描述:跨进程写入数据
详情信息:TargetProcess = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tmp~DFStd\DFStd.exe, WriteAddress = 0x00010000, Size = 0x000007c2
TargetProcess = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tmp~DFStd\DFStd.exe, WriteAddress = 0x00020000, Size = 0x00000794
TargetProcess = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tmp~DFStd\DFStd.exe, WriteAddress = 0x7ffde010, Size = 0x00000004
TargetProcess = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tmp~DFStd\DFStd.exe, WriteAddress = 0x7ffde1e8, Size = 0x00000004
行为描述:创建新文件进程
详情信息:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tmp~DFStd\DFStd.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tmp~DFStd\DFStd.exe
行为描述:创建本地线程
详情信息:TargetProcess: DFStd.exe, InheritedFromPID = 1772, ProcessID = 2076, ThreadID = 2108, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: DFStd.exe, InheritedFromPID = 1772, ProcessID = 2076, ThreadID = 2148, StartAddress = 77E56C7D, Parameter = 001BC5C8
TargetProcess: DFStd.exe, InheritedFromPID = 1772, ProcessID = 2076, ThreadID = 2152, StartAddress = 769AE43B, Parameter = 001BEF50
TargetProcess: DFStd.exe, InheritedFromPID = 1772, ProcessID = 2076, ThreadID = 2156, StartAddress = 77E56C7D, Parameter = 001BF7F0
文件行为
行为描述:创建文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nswA.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\Deutsch\Data Igloo Benutzerhandbuch.url
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\Deutsch\Deep Freeze Standard Benutzerhandbuch.url
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\English\Data Igloo User Guide.url
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\English\Deep Freeze Standard User Guide.url
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\Espanol\Data Igloo Gui輥a de usuario.url
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\Espanol\Deep Freeze Standard Gui輥a de usuario.url
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\Francais\Data Igloo Manuel de l"utilisateur.url
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\Francais\Deep Freeze Standard Manuel de l"utilisateur.url
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\Japanese\Data Igloo User Guide.url
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\Japanese\Deep Freeze Standard User Guide.url
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\Simplified Chinese\Data Igloo User Guide.url
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\Simplified Chinese\Deep Freeze Standard User Guide.url
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\Faronics_Data_Igloo.url
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\Faronics_Data_Igloo_README.txt
行为描述:删除文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nswA.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\DF5B.tmp
行为描述:创建可执行文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\CONDLG32.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\DFTrial.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\ReplaceFile.exe
行为描述:修改文件内容
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\Deutsch\Data Igloo Benutzerhandbuch.url ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\Deutsch\Deep Freeze Standard Benutzerhandbuch.url ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\English\Data Igloo User Guide.url ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\English\Deep Freeze Standard User Guide.url ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\Espanol\Data Igloo Gui輥a de usuario.url ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\Espanol\Deep Freeze Standard Gui輥a de usuario.url ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\Francais\Data Igloo Manuel de l"utilisateur.url ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\Francais\Deep Freeze Standard Manuel de l"utilisateur.url ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\Japanese\Data Igloo User Guide.url ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\Japanese\Deep Freeze Standard User Guide.url ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\Simplified Chinese\Data Igloo User Guide.url ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\Simplified Chinese\Deep Freeze Standard User Guide.url ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\Faronics_Data_Igloo.url ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\Faronics_Data_Igloo_README.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\CONDLG32.dll ---> Offset = 0
行为描述:查找文件
详情信息:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tmp~DFStd\DFStd.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tmp~DFStd\DFStd.zh-CN
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tmp~DFStd\DFStd.zh-Hans
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tmp~DFStd\DFStd.zh
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tmp~DFStd\DFStd.CHS
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tmp~DFStd\DFStd.CH
其他行为
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.ACI
行为描述:创建事件对象
详情信息:EventName = Global\crypt32LogoffEvent
EventName = MSCTF.SendReceive.Event.ACI.IC
EventName = MSCTF.SendReceiveConection.Event.ACI.IC
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述:窗口信息
详情信息:Pid = 2076, Hwnd=0x102f6, Text = 使用评估版, ClassName = TCheckBox.
Pid = 2076, Hwnd=0x202c6, Text = 可见, ClassName = TComboBox.
Pid = 2076, Hwnd=0x102ec, Text = C:, ClassName = TComboBox.
Pid = 2076, Hwnd=0x202c8, Text = GB, ClassName = TComboBox.
Pid = 2076, Hwnd=0x102ea, Text = 1, ClassName = TEdit.
Pid = 2076, Hwnd=0x102e6, Text = E:, ClassName = TComboBox.
Pid = 2076, Hwnd=0x102e4, Text = 创建 ThawSpace 解冻空间, ClassName = TCheckBox.
Pid = 2076, Hwnd=0x102e2, Text = IEEE 1394 (FireWire), ClassName = TCheckBox.
Pid = 2076, Hwnd=0x3015a, Text = USB, ClassName = TCheckBox.
Pid = 2076, Hwnd=0x160142, Text = 保持新发现的硬盘驱动器为 Thawed 解冻状态。, ClassName = TCheckBox.
Pid = 2076, Hwnd=0x102e0, Text = 打印(&P), ClassName = TButton.
Pid = 2076, Hwnd=0x102de, Text = 复制(&O), ClassName = TButton.
Pid = 2076, Hwnd=0x202d2, Text = 稍后激活, ClassName = TRadioButton.
Pid = 2076, Hwnd=0x202d0, Text = 在线激活, ClassName = TRadioButton.
Pid = 2076, Hwnd=0x302b6, Text = 离线激活, ClassName = TRadioButton.
行为描述:获取TickCount值
详情信息:TickCount = 551968, SleepMilliseconds = 60000.
TickCount = 552000, SleepMilliseconds = 60000.
TickCount = 552031, SleepMilliseconds = 60000.
TickCount = 552046, SleepMilliseconds = 60000.
TickCount = 552062, SleepMilliseconds = 60000.
TickCount = 552078, SleepMilliseconds = 60000.
TickCount = 552093, SleepMilliseconds = 60000.
TickCount = 552109, SleepMilliseconds = 60000.
TickCount = 552140, SleepMilliseconds = 60000.
TickCount = 552156, SleepMilliseconds = 60000.
TickCount = 552171, SleepMilliseconds = 60000.
TickCount = 552187, SleepMilliseconds = 60000.
TickCount = 552250, SleepMilliseconds = 60000.
TickCount = 552265, SleepMilliseconds = 60000.
TickCount = 552281, SleepMilliseconds = 60000.
行为描述:调整进程token权限
详情信息:SE_LOAD_DRIVER_PRIVILEGE
行为描述:枚举窗口
详情信息:N/A
行为描述:获取窗口截图信息
详情信息:Foreground window Info: HWND = 0x00000000, DC = 0x160104a3.
行为描述:可执行文件签名信息
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\CONDLG32.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\DFTrial.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\ReplaceFile.exe(签名验证: 未通过)
行为描述:调用Sleep函数
详情信息:[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 60000.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 60000.
[5]: MilliSeconds = 60000.
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,ComboLBox]
行为描述:可执行文件MD5
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\CONDLG32.dll ---> 632c1b2f753e35a8d123b5238178ce86
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\DFTrial.exe ---> eccb3c90783f73957f44c4df2ad7360f
C:\Documents and Settings\Administrator\Local Settings\Temp\Tmp~DFStd\ReplaceFile.exe ---> 4b2ebaaef8ddcf7e7055b6144ae62d06
行为描述:加载新释放的文件
详情信息:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tmp~DFStd\CONDLG32.dll.
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号