VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
文件信息
安全评分 :78
基本信息
MD5:f6f704a633e6be622f0c4f341838429e
文件类型:zip
出品公司:
版本:
壳或编译器信息:
子文件信息:6.jpg / 7ec2c4288037b34a5daf6decd767d1ad / Unknown
8.jpg / ad784281b131ccfa254279bc13d560bd / Unknown
5.jpg / 8d16ccc165741d71dfa8d61bb0c0749f / Unknown
2.jpg / 63f6d180b1fe88deca01b600655fc5a9 / Unknown
3.jpg / 7e314809c0d66784abc24f20bf8abc0c / Unknown
7.jpg / 6a368ccd53391404fddbea4a8f15aaf9 / Unknown
jquery-2.1.0.min.js / 5ca7582261c421482436dfdf3af9bffe / Unknown
jquery.layout-1.3.0.min.js / fe4e566ec208c2062b26c96b47f3a507 / Unknown
jquery-ui.tabs_layout.min.js / c64207200589af620f7a2f7c1de03e70 / Unknown
messages.json / f886233b7a02c26671521c603eeb0044 / Unknown
messages.json / 8ff2bbb8fcae337c3e2a24f16f8d54c0 / Unknown
messages.json / 71da215afd01720bfef4058941b1219d / Unknown
slick.gridc.js / 88f10828c735c0db1f052748b1031136 / Unknown
finish.ogg / 551da1c8dac42949c60888c13f5143d5 / Unknown
jquery-ui.draggable_slide.min.js / 4ebf50e1f7762d9e87597be11ad95af6 / Unknown
4.jpg / 5b51fad7670c2baf8eeb5bea602997e0 / Unknown
messages.json / aaebd5cbeccf4944036fc1dd0a7f45b2 / Unknown
verified_contents.json / c5607a7d1c42556259a0ec726597fa80 / Unknown
jquery-ui.sortable.min.js / 423467fa120316a4dc069712817389e7 / Unknown
关键行为
行为描述:获取窗口截图信息
详情信息:Foreground window Info: HWND = 0x00000000, DC = 0xae0102cf.
进程行为
行为描述:创建本地线程
详情信息:TargetProcess: wscript.exe, InheritedFromPID = 1944, ProcessID = 3064, ThreadID = 3076, StartAddress = 01002FD4, Parameter = 008E44A8
TargetProcess: wscript.exe, InheritedFromPID = 1944, ProcessID = 3064, ThreadID = 3080, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: wscript.exe, InheritedFromPID = 1944, ProcessID = 3064, ThreadID = 3084, StartAddress = 765E964D, Parameter = 001C1A70
TargetProcess: wscript.exe, InheritedFromPID = 1944, ProcessID = 3064, ThreadID = 3092, StartAddress = 77E56C7D, Parameter = 001BBCA0
TargetProcess: wscript.exe, InheritedFromPID = 1944, ProcessID = 3064, ThreadID = 3096, StartAddress = 769AE43B, Parameter = 001A83E8
文件行为
行为描述:查找文件
详情信息:FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\pop
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\pop\pop_list.js
其他行为
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
行为描述:打开事件
详情信息:MSFT.VSA.COM.DISABLE.3064
MSFT.VSA.IEC.STATUS.6c736db0
Global\crypt32LogoffEvent
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000054
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000054
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
行为描述:窗口信息
详情信息:Pid = 3064, Hwnd=0xa03b0, Text = 确定, ClassName = Button.
Pid = 3064, Hwnd=0x2102bc, Text = 脚本: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\pop\pop_list.js 行: 2 字符: 1 错误: "jQuery" 未定义 代码: 800A1391 源: Microsoft JScript 运行时错误 , ClassName = Static.
Pid = 3064, Hwnd=0x70380, Text = Windows Script Host, ClassName = #32770.
行为描述:获取窗口截图信息
详情信息:Foreground window Info: HWND = 0x00000000, DC = 0xae0102cf.
行为描述:打开互斥体
详情信息:ShimCacheMutex
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号