VirSCAN VirSCAN

1, Můžete nahrát libovolné soubory, ale existuje limit 20Mb na soubor.
2, VirSCAN podporuje dekompresi Rar / Zip, ale musí obsahovat méně než 20 souborů.
3, VirSCAN otestuje komprimované soubory, které jsou chráněné heslem 'infected' nebo 'virus'.

Vyberte jazyk
Zatížení serveru
Server Load

Informace o souboru
Bezpečnostní hodnocení:50
Seznam chování
Základní informace
MD5:6c7d3843a1a59edb1a63a62559a25481
Typ souboru:zip
Produkční společnost:
Verze:
Informace o Shell nebo kompilátoru:
Informace o podsouborech:Edbug.exe / 5c4993f56e5a6af0deb5acb7a0e6dfe1 / EXE
精易编程助手.exe / c5c52d101ccbf5a2d8c29111559cbbf8 / EXE
DiDaGrid.ocx / b4f3df7bcb8b0031629911e5b4f89ee9 / DLL
WebBrowser.exe / 29c976b214c7b4841e362d29f782d08f / EXE
抓包修复.dll / 1168672d4afa05196760a79dca700d5a / DLL
UpDater.exe / bf0bd985484ef5d50ac886fbdce6d2d7 / EXE
sqlite3.dll / d6580cc678d0a80596628cd3cab61ff1 / DLL
bootstrap.css.map / 4ba278e0c420d166e5a0eb71545f9509 / Unknown
bootstrap.css / ad6381ebfa541b55b0152349c6cabf76 / Unknown
bootstrap.min.css / 78e7f91c0c4cca415e0683626aa23925 / Unknown
SkinH_EL.dll / 114054313070472cd1a6d7d28f7c5002 / DLL
bootstrap.js / d5a03d9cca57637f008124916b86b585 / Unknown
glyphicons-halflings-regular.svg / ff423a4251cf2986555523dfe315c42b / Unknown
bootstrap-theme.css.map / c5da8241305bfe7e19919e6e943739eb / Unknown
glyphicons-halflings-regular.ttf / e49d52e74b7689a0727def99da31f3eb / Unknown
bootstrap.min.js / 281cd50dd9f58c5550620fc148a7bc39 / Unknown
gzip.dll / 8b3591965f623b219c0c528153746cab / DLL
glyphicons-halflings-regular.woff / 68ed1dac06bf0409c18ae7bc62889170 / Unknown
bootstrap-theme.css / c64043a3388612233d7eb947918a9bfc / Unknown
klíčová opatření
Popis chování:屏蔽窗口关闭消息
Podrobnosti:hWnd = 0x00020346, Text = 精易网页助手v1.9, ClassName = WTWindow.
Popis chování:直接获取CPU时钟
Podrobnosti:EAX = 0x0a007cc7, EDX = 0x000000ba
EAX = 0x0a007d13, EDX = 0x000000ba
EAX = 0x0a007d5f, EDX = 0x000000ba
EAX = 0x0a007dab, EDX = 0x000000ba
EAX = 0x0a007df7, EDX = 0x000000ba
EAX = 0x0a007e43, EDX = 0x000000ba
EAX = 0x0a007e8f, EDX = 0x000000ba
EAX = 0x0a007edb, EDX = 0x000000ba
EAX = 0x0a007f27, EDX = 0x000000ba
EAX = 0x0a007f73, EDX = 0x000000ba
Popis chování:获取窗口截图信息
Podrobnosti:Foreground window Info: HWND = 0x0001034e, DC = 0x0a010375.
Foreground window Info: HWND = 0x0001034e, DC = 0x01010055.
Foreground window Info: HWND = 0x0001034e, DC = 0x0e010648.
Foreground window Info: HWND = 0x0001034e, DC = 0x01010651.
Foreground window Info: HWND = 0x0001034e, DC = 0x01010654.
Foreground window Info: HWND = 0x0001034e, DC = 0x04010662.
Foreground window Info: HWND = 0x0001034e, DC = 0x06010649.
Foreground window Info: HWND = 0x0001034e, DC = 0x05010665.
Foreground window Info: HWND = 0x0001034e, DC = 0x04010666.
Foreground window Info: HWND = 0x0001034e, DC = 0x02010672.
Foreground window Info: HWND = 0x0001034e, DC = 0x01010675.
Popis chování:获取TickCount值
Podrobnosti:TickCount = 285046, SleepMilliseconds = 60000.
TickCount = 285062, SleepMilliseconds = 60000.
TickCount = 285140, SleepMilliseconds = 60000.
TickCount = 285171, SleepMilliseconds = 60000.
TickCount = 285187, SleepMilliseconds = 60000.
TickCount = 285218, SleepMilliseconds = 60000.
TickCount = 285234, SleepMilliseconds = 60000.
TickCount = 285250, SleepMilliseconds = 60000.
TickCount = 285265, SleepMilliseconds = 60000.
TickCount = 285328, SleepMilliseconds = 60000.
TickCount = 285343, SleepMilliseconds = 60000.
TickCount = 285453, SleepMilliseconds = 60000.
TickCount = 285468, SleepMilliseconds = 60000.
TickCount = 285828, SleepMilliseconds = 60000.
TickCount = 285843, SleepMilliseconds = 60000.
Chování procesu
Popis chování:创建本地线程
Podrobnosti:TargetProcess: Edbug.exe, InheritedFromPID = 2000, ProcessID = 3956, ThreadID = 4020, StartAddress = 77C0A341, Parameter = 00CF6A30
TargetProcess: Edbug.exe, InheritedFromPID = 2000, ProcessID = 3956, ThreadID = 4032, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: Edbug.exe, InheritedFromPID = 2000, ProcessID = 3956, ThreadID = 4072, StartAddress = 0041E5EC, Parameter = 00000000
TargetProcess: Edbug.exe, InheritedFromPID = 2000, ProcessID = 3956, ThreadID = 4076, StartAddress = 77E56C7D, Parameter = 00219980
TargetProcess: Edbug.exe, InheritedFromPID = 2000, ProcessID = 3956, ThreadID = 4080, StartAddress = 769AE43B, Parameter = 00243D40
Chování souborů
Popis chování:创建文件
Podrobnosti:C:\Documents and Settings\Administrator\Local Settings\Temp\Edbug\Edbug.ini
Popis chování:修改文件内容
Podrobnosti:C:\Documents and Settings\Administrator\Local Settings\Temp\Edbug\Edbug.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\Data\Edbug.ini ---> Offset = 21
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\Data\Config.ini ---> Offset = 278
Popis chování:查找文件
Podrobnosti:FileName =
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\SkinH_EL.dll
FileName = C:\WINDOWS\system32\SkinH_EL.dll
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\Data\cache.txt
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\Important\SkinH_EL.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Edbug\Edbug.ini
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\Data\log_url.ini
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\关键词.txt
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\*.*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\bootstrap\*.*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\bootstrap\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\bootstrap\dist\*.*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\bootstrap\dist\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\bootstrap\dist\css\*.*.*
Chování sítě
Popis chování:连接指定站点
Podrobnosti:WinHttpConnect: ServerName = ww****la, PORT = 80, UserName = , Password = , hSession = 0x027c3100, hConnect = 0x027c3200, Flags = 0x00000000
Popis chování:打开HTTP连接
Podrobnosti:WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x027c3100
Popis chování:建立到一个指定的套接字连接
Podrobnosti:URL: ww****la, IP: **.133.40.**:80, SOCKET = 0x00000218
Popis chování:发送HTTP包
Podrobnosti:POST /check HTTP/1.1 Accept: */* Referer: http://www.motao.la/check Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Content-Type: application/x-www-form-urlencoded Content-Length: 6717 Host: ww****la Connection: Keep-Alive
Popis chování:打开HTTP请求
Podrobnosti:WinHttpOpenRequest: ww****la:80/check, hConnect = 0x027c3200, hRequest = 0x02840000, Verb: POST, Referer: , Flags = 0x00000080
Popis chování:按名称获取主机地址
Podrobnosti:GetAddrInfoW: ww****la
Chování registru
Popis chování:修改注册表
Podrobnosti:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x32(BGR 0)
Další chování
Popis chování:创建互斥体
Podrobnosti:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.IHP
Popis chování:创建事件对象
Podrobnosti:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.IHP.IC
EventName = MSCTF.SendReceiveConection.Event.IHP.IC
Popis chování:打开互斥体
Podrobnosti:ShimCacheMutex
Popis chování:查找指定窗口
Podrobnosti:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Popis chování:窗口信息
Podrobnosti:Pid = 3956, Hwnd=0x10358, Text = 提示:, ClassName = msctls_statusbar32.
Pid = 3956, Hwnd=0x10368, Text = 日记记录, ClassName = WTWindow.
Pid = 3956, Hwnd=0x103e2, Text = 提交cookie, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3956, Hwnd=0x103e0, Text = 提交协议头, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3956, Hwnd=0x103de, Text = 提交数据, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3956, Hwnd=0x103dc, Text = 选择文件, ClassName = Button.
Pid = 3956, Hwnd=0x103d4, Text = 提交方法, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3956, Hwnd=0x103d0, Text = 文本提交, ClassName = ComboBox.
Pid = 3956, Hwnd=0x103ce, Text = 导入文件后提交栏右键选择提交文件即可提交指定路径的文件, ClassName = Edit.
Pid = 3956, Hwnd=0x103cc, Text = 自动解码, ClassName = Button(CheckBox).
Pid = 3956, Hwnd=0x103ca, Text = 禁止重定向, ClassName = Button(CheckBox).
Pid = 3956, Hwnd=0x103c8, Text = 记录日记, ClassName = Button(CheckBox).
Pid = 3956, Hwnd=0x103c6, Text = 显示提示, ClassName = Button(CheckBox).
Pid = 3956, Hwnd=0x103b4, Text = GBK, ClassName = ComboBox.
Pid = 3956, Hwnd=0x103a6, Text = 从返回cookies查找, ClassName = ComboBox.
Popis chování:获取TickCount值
Podrobnosti:TickCount = 285046, SleepMilliseconds = 60000.
TickCount = 285062, SleepMilliseconds = 60000.
TickCount = 285140, SleepMilliseconds = 60000.
TickCount = 285171, SleepMilliseconds = 60000.
TickCount = 285187, SleepMilliseconds = 60000.
TickCount = 285218, SleepMilliseconds = 60000.
TickCount = 285234, SleepMilliseconds = 60000.
TickCount = 285250, SleepMilliseconds = 60000.
TickCount = 285265, SleepMilliseconds = 60000.
TickCount = 285328, SleepMilliseconds = 60000.
TickCount = 285343, SleepMilliseconds = 60000.
TickCount = 285453, SleepMilliseconds = 60000.
TickCount = 285468, SleepMilliseconds = 60000.
TickCount = 285828, SleepMilliseconds = 60000.
TickCount = 285843, SleepMilliseconds = 60000.
Popis chování:获取光标位置
Podrobnosti:CursorPos = (80,18468), SleepMilliseconds = 60000.
CursorPos = (6373,26501), SleepMilliseconds = 60000.
CursorPos = (19208,15725), SleepMilliseconds = 60000.
CursorPos = (11517,29359), SleepMilliseconds = 60000.
CursorPos = (27001,24465), SleepMilliseconds = 60000.
CursorPos = (5744,28146), SleepMilliseconds = 60000.
CursorPos = (23320,16828), SleepMilliseconds = 60000.
CursorPos = (10000,492), SleepMilliseconds = 60000.
CursorPos = (3034,11943), SleepMilliseconds = 60000.
CursorPos = (4866,5437), SleepMilliseconds = 60000.
CursorPos = (32430,14605), SleepMilliseconds = 60000.
CursorPos = (3941,154), SleepMilliseconds = 60000.
CursorPos = (331,12383), SleepMilliseconds = 60000.
CursorPos = (17460,18717), SleepMilliseconds = 60000.
CursorPos = (19757,19896), SleepMilliseconds = 60000.
Popis chování:屏蔽窗口关闭消息
Podrobnosti:hWnd = 0x00020346, Text = 精易网页助手v1.9, ClassName = WTWindow.
Popis chování:打开事件
Podrobnosti:HookSwitchHookEnabledEvent
MSFT.VSA.COM.DISABLE.3956
MSFT.VSA.IEC.STATUS.6c736db0
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Popis chování:获取窗口截图信息
Podrobnosti:Foreground window Info: HWND = 0x0001034e, DC = 0x0a010375.
Foreground window Info: HWND = 0x0001034e, DC = 0x01010055.
Foreground window Info: HWND = 0x0001034e, DC = 0x0e010648.
Foreground window Info: HWND = 0x0001034e, DC = 0x01010651.
Foreground window Info: HWND = 0x0001034e, DC = 0x01010654.
Foreground window Info: HWND = 0x0001034e, DC = 0x04010662.
Foreground window Info: HWND = 0x0001034e, DC = 0x06010649.
Foreground window Info: HWND = 0x0001034e, DC = 0x05010665.
Foreground window Info: HWND = 0x0001034e, DC = 0x04010666.
Foreground window Info: HWND = 0x0001034e, DC = 0x02010672.
Foreground window Info: HWND = 0x0001034e, DC = 0x01010675.
Popis chování:调用Sleep函数
Podrobnosti:[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 0.
[3]: MilliSeconds = 250.
Popis chování:隐藏指定窗口
Podrobnosti:[Window,Class] = [<,AfxWnd42s]
[Window,Class] = [>,AfxWnd42s]
[Window,Class] = [,_EL_ShapeBox]
[Window,Class] = [,_EL_Timer]
[Window,Class] = [,ComboLBox]
[Window,Class] = [标签,_EL_Label]
[Window,Class] = [,Edit]
[Window,Class] = [XML路径:,Afx:400000:b:10011:1900015:0]
[Window,Class] = [取文本,Button]
[Window,Class] = [XML属性名:,Afx:400000:b:10011:1900015:0]
[Window,Class] = [JSON路径:,Afx:400000:b:10011:1900015:0]
[Window,Class] = [检索结果,Afx:400000:b:10011:1900015:0]
[Window,Class] = [查找,Button]
[Window,Class] = [—,Afx:400000:b:10011:1900015:0]
[Window,Class] = [检索,Afx:400000:b:10011:1900015:0]
Popis chování:直接获取CPU时钟
Podrobnosti:EAX = 0x0a007cc7, EDX = 0x000000ba
EAX = 0x0a007d13, EDX = 0x000000ba
EAX = 0x0a007d5f, EDX = 0x000000ba
EAX = 0x0a007dab, EDX = 0x000000ba
EAX = 0x0a007df7, EDX = 0x000000ba
EAX = 0x0a007e43, EDX = 0x000000ba
EAX = 0x0a007e8f, EDX = 0x000000ba
EAX = 0x0a007edb, EDX = 0x000000ba
EAX = 0x0a007f27, EDX = 0x000000ba
EAX = 0x0a007f73, EDX = 0x000000ba
Spustit snímek obrazovky
VirSCAN

O VirSCAN | Ochrana soukromí | Kontakt | Přátelský odkaz | Pomozte VirSCAN
Překlad strongy
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号