VirSCAN VirSCAN

1, Můžete nahrát libovolné soubory, ale existuje limit 20Mb na soubor.
2, VirSCAN podporuje dekompresi Rar / Zip, ale musí obsahovat méně než 20 souborů.
3, VirSCAN otestuje komprimované soubory, které jsou chráněné heslem 'infected' nebo 'virus'.

Vyberte jazyk
Zatížení serveru
Server Load

Informace o souboru
Bezpečnostní hodnocení:76
Seznam chování
Základní informace
MD5:5106c03011f3cba62def3a6516abd95d
Typ souboru:Microsoft Office PPT(ppt)文档
Produkční společnost:
Verze:
Informace o Shell nebo kompilátoru:
Chování souborů
Popis chování:创建文件
Podrobnosti:C:\Users\Administrator\AppData\Local\Temp\~DF6C64729C8264E6E2.TMP
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A2374C77.emf
C:\Users\Administrator\AppData\Roaming\Microsoft\Office\%temp%\****.LNK
C:\Users\Administrator\AppData\Roaming\Microsoft\Office\%temp%.LNK
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BCE54C0C.emf
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\611DA49D.emf
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D16CE9FA.emf
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E12B7DB3.emf
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9C5B418.emf
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DB23B539.emf
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D95E9E6.emf
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\434484AF.emf
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AC6F76E4.wmf
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C74BE195.wmf
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6248D292.wmf
Popis chování:覆盖已有文件
Podrobnosti:C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Users\Administrator\AppData\Roaming\Microsoft\PowerPoint\PPT11.pcb
C:\Users\Administrator\AppData\Roaming\Microsoft\Office\PowerP11.pip
Popis chování:查找文件
Podrobnosti:FileName = C:\Program Files\Common Files\Microsoft Shared\office11
FileName = C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll
FileName = C:\Program Files\Common Files\Microsoft Shared\office11\*.*
FileName = C:\Program Files
FileName = C:\Program Files\Microsoft Office
FileName = C:\Users\Administrator\AppData\Local\%temp%\****.ppt
FileName = C:\Users\Administrator
FileName = C:\Program Files\Microsoft Office\OFFICE11
FileName = C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
Popis chování:删除文件
Podrobnosti:C:\Users\Administrator\AppData\Local\Temp\~DF6C64729C8264E6E2.TMP
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\43F9BD8D.emf
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\EAD6FCBC.wmf
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4BF0C3E7.wmf
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D0DDCFFE.wmf
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FD9005B1.wmf
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3BC8E070.wmf
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\91DADD6B.wmf
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6248D292.wmf
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C74BE195.wmf
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AC6F76E4.wmf
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\434484AF.emf
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D95E9E6.emf
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DB23B539.emf
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9C5B418.emf
Popis chování:复制文件
Podrobnosti:C:\PROGRA~2\MICROS~1\OFFICE\DATA\OPA11.BAK ---> C:\PROGRA~2\MICROS~1\OFFICE\DATA\opa11.dat
Popis chování:修改文件内容
Podrobnosti:C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A2374C77.emf ---> Offset = 0
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A2374C77.emf ---> Offset = 8192
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A2374C77.emf ---> Offset = 16384
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A2374C77.emf ---> Offset = 24576
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A2374C77.emf ---> Offset = 32768
C:\Users\Administrator\AppData\Roaming\Microsoft\Office\%temp%\****.LNK ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\index.dat ---> Offset = 124
C:\Users\Administrator\AppData\Roaming\Microsoft\Office\%temp%.LNK ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\index.dat ---> Offset = 60
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BCE54C0C.emf ---> Offset = 0
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BCE54C0C.emf ---> Offset = 8192
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\611DA49D.emf ---> Offset = 0
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\611DA49D.emf ---> Offset = 8192
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D16CE9FA.emf ---> Offset = 0
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D16CE9FA.emf ---> Offset = 8192
Chování registru
Popis chování:修改注册表
Podrobnosti:\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\PowerPoint\Resiliency\StartupItems\9
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\PowerPoint\MTTT
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\PowerPoint\Resiliency\StartupItems\e
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4080110900063D11C8EF10054038389C\Usage\PPTFiles
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493450-5A91-11CF-8700-00AA0060263B}\TypeLib\Version
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493442-5A91-11CF-8700-00AA0060263B}\TypeLib\Version
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493451-5A91-11CF-8700-00AA0060263B}\TypeLib\Version
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493452-5A91-11CF-8700-00AA0060263B}\TypeLib\Version
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493453-5A91-11CF-8700-00AA0060263B}\TypeLib\Version
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493454-5A91-11CF-8700-00AA0060263B}\TypeLib\Version
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493455-5A91-11CF-8700-00AA0060263B}\TypeLib\Version
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493456-5A91-11CF-8700-00AA0060263B}\TypeLib\Version
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493457-5A91-11CF-8700-00AA0060263B}\TypeLib\Version
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493458-5A91-11CF-8700-00AA0060263B}\TypeLib\Version
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493459-5A91-11CF-8700-00AA0060263B}\TypeLib\Version
Popis chování:删除注册表键值
Podrobnosti:\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\PowerPoint\Resiliency\StartupItems\e
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\PowerPoint\Resiliency\StartupItems\a
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\PowerPoint\Resiliency\StartupItems\i 
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\PowerPoint\Resiliency\StartupItems\9
\REGISTRY\USER\S-*\Software\Microsoft\Office\Common\Assistant\CurrAsstState
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\PowerPoint\MTTT
Popis chování:删除注册表键
Podrobnosti:\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\PowerPoint\Resiliency\StartupItems\
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\PowerPoint\Resiliency\
Další chování
Popis chování:检测自身是否被调试
Podrobnosti:IsDebuggerPresent
Popis chování:创建互斥体
Podrobnosti:Local\Mutex_MSOSharedMem
Local\Mso97SharedDg19211105606Mutex
Local\Mso97SharedDg20321105606Mutex
DBWinMutex
Global\MTX_MSO_Formal1_S-*
Global\MTX_MSO_AdHoc1_S-*
Local\Mso97SharedDg19521105606Mutex
Local\Mso97SharedDg19531105606Mutex
Local\Mso97SharedDg19541105606Mutex
Local\SqmSysTray
OfficeAssistantStateMutex
Popis chování:创建事件对象
Podrobnosti:EventName = Local\PP11Running_S-*
EventName = OleDfRoot2E398C38851210D5
EventName = OleDfRoot914E2CFB55F46661
EventName = OleDfRoot8A3047797F01C7B7
Popis chování:查找指定窗口
Podrobnosti:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [MSOBALLOON,]
NtUserFindWindowEx: [Class,Window] = [MsoHelp11,]
NtUserFindWindowEx: [Class,Window] = [AgentAnim,]
Popis chování:窗口信息
Podrobnosti:Pid = 2888, Hwnd=0x101c4, Text = MsoDockTop, ClassName = MsoCommandBarDock.
Pid = 2888, Hwnd=0x1020c, Text = 审阅, ClassName = MsoCommandBar.
Pid = 2888, Hwnd=0x101ce, Text = 格式, ClassName = MsoCommandBar.
Pid = 2888, Hwnd=0x101cc, Text = 常用, ClassName = MsoCommandBar.
Pid = 2888, Hwnd=0x101ca, Text = 菜单栏, ClassName = MsoCommandBar.
Pid = 2888, Hwnd=0x101c8, Text = MsoDockBottom, ClassName = MsoCommandBarDock.
Pid = 2888, Hwnd=0x101d0, Text = 绘图, ClassName = MsoCommandBar.
Pid = 2888, Hwnd=0x101d2, Text = b70c, ClassName = mdiClass.
Pid = 2888, Hwnd=0x101b0, Text = Microsoft PowerPoint - [b70c], ClassName = PP11FrameClass.
Popis chování:打开事件
Podrobnosti:Local\PP11Running_S-*
\KernelObjects\MaximumCommitCondition
Local\MSCTF.AsmCacheReady.Default1
Global\TermSrvReadyEvent
MSFT.VSA.COM.DISABLE.2888
MSFT.VSA.IEC.STATUS.6c736db0
Global\ShutdownMSIDLLv327680.498156650
Global\RestartMSIDLLv327680.498156650
Local\MSCTF.CtfActivated.Default1
Popis chování:隐藏指定窗口
Podrobnosti:[Window,Class] = [,ThunderRT6Main]
[Window,Class] = [,UserControl]
[Window,Class] = [,DummyClass]
[Window,Class] = [b70c,mdiClass]
[Window,Class] = [Microsoft PowerPoint,PP11FrameClass]
Popis chování:打开互斥体
Podrobnosti:Local\Mutex_MSOSharedMem
Local\MSCTF.Asm.MutexDefault1
Local\Mso97SharedDg19211105606Mutex
Local\Mso97SharedDg20321105606Mutex
Local\MU_ACBPIDS08
Global\MTX_MSO_Formal1_S-*
Global\MTX_MSO_AdHoc1_S-*
Local\Mso97SharedDg19521105606Mutex
Local\Mso97SharedDg19531105606Mutex
Local\Mso97SharedDg19541105606Mutex
Local\SqmSysTray
OfficeAssistantStateMutex
Spustit snímek obrazovky
VirSCAN

O VirSCAN | Ochrana soukromí | Kontakt | Přátelský odkaz | Pomozte VirSCAN
Překlad strongy
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号