VirSCAN VirSCAN

1, Sie können jede Datei UPLOADEN, aber beachten Sie das 20 MB Limit pro Datei.
2, VirSCAN unterstützt ZIP und RAR mit weniger als 20 Dateien im Archiv
3, VirSCAN unterstützt die Standard Passwörter 'infected' und 'virus' bei Archiven.

Sprache
Server Auslastung
Server Load

Dateiinformationen
Sicherheitsbewertung:78
Verhaltensliste
Verhaltensanalysebericht:         Bericht zum Verhalten der Threatbook-Datei
Grundlegende Informationen
MD5:99da8d3578a211670a318228cce9fb86
Dateityp:EXE
Produktionsfirma:www.startisback.com
Version:9.22.0.0---2.1+
Shell- oder Compiler-Informationen:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Subdateiinformationen:StartIsBackCfg.exe / f85da8af308efec52aa7583a35b6c506 / EXE
StartIsBack64.dll / 25acee1b349e2ce6db28e5d264af0a02 / DLL
StartIsBack32.dll / cb5b775b462913a6c252986495eb69bc / DLL
Windows 7.msstyles / 00bdc71bdaa4cbc13576823c9610d507 / DLL
Shamrock.orb / ef55e07e1a2e47bb2bb749046cd150b2 / DLL
Windows 7.orb / 85328e698e8a74852b4061a683915dc8 / DLL
Plain8.msstyles / a0b56ade201c3611d968eafb3e529942 / DLL
startscreen.exe / 3a36e9ae606ec80d2d0b450f840f3d33 / EXE
StartIsBack_Ei8htOrb_v2_by_PainteR.bmp / 641328c75e6b117545211db22dafcaa0 / Unknown
Plain10.msstyles / 9ff1d98e5f8e69d0fa2e04f63b13f970 / DLL
UpdateCheck.exe / d41d8cd98f00b204e9800998ecf8427e / Unknown
Prozessverhalten
Verhaltensbeschreibung:创建本地线程
Details:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3228, ThreadID = 3240, StartAddress = 77C0A341, Parameter = 009246F8
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3228, ThreadID = 3304, StartAddress = 77C0A341, Parameter = 009246F8
Dateiverhalten
Verhaltensbeschreibung:创建文件
Details:C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\UpdateCheck.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Orbs\Shamrock.orb
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Orbs\StartIsBack_Ei8htOrb_v2_by_PainteR.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Orbs\Windows 7.orb
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Styles\Plain10.msstyles
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Styles\Plain8.msstyles
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Styles\Windows 7.msstyles
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\StartIsBack32.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\StartIsBack64.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\StartIsBackCfg.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\startscreen.exe
Verhaltensbeschreibung:删除文件
Details:C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Orbs\Shamrock.orb
Verhaltensbeschreibung:创建可执行文件
Details:C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Orbs\Shamrock.orb
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Orbs\Windows 7.orb
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Styles\Plain10.msstyles
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Styles\Plain8.msstyles
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Styles\Windows 7.msstyles
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\StartIsBack32.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\StartIsBack64.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\StartIsBackCfg.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\startscreen.exe
Verhaltensbeschreibung:修改文件内容
Details:C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Orbs\Shamrock.orb ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Orbs\StartIsBack_Ei8htOrb_v2_by_PainteR.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Orbs\Windows 7.orb ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Styles\Plain10.msstyles ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Styles\Plain8.msstyles ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Styles\Windows 7.msstyles ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\StartIsBack32.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\StartIsBack32.dll ---> Offset = 131068
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\StartIsBack32.dll ---> Offset = 262136
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\StartIsBack32.dll ---> Offset = 393204
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\StartIsBack64.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\StartIsBack64.dll ---> Offset = 98288
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\StartIsBack64.dll ---> Offset = 229356
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\StartIsBack64.dll ---> Offset = 360424
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\StartIsBack64.dll ---> Offset = 491492
Verhaltensbeschreibung:查找文件
Details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zSC9CBB663
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zSC9CBB663\UpdateCheck.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zSC9CBB663\Orbs\Shamrock.orb
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zSC9CBB663\Orbs\StartIsBack_Ei8htOrb_v2_by_PainteR.bmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zSC9CBB663\Orbs\Windows 7.orb
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zSC9CBB663\Styles\Plain10.msstyles
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zSC9CBB663\Styles\Plain8.msstyles
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zSC9CBB663\Styles\Windows 7.msstyles
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zSC9CBB663\StartIsBack32.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zSC9CBB663\StartIsBack64.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zSC9CBB663\StartIsBackCfg.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zSC9CBB663\startscreen.exe
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
Anderes Verhalten
Verhaltensbeschreibung:创建互斥体
Details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.AKM
Verhaltensbeschreibung:创建事件对象
Details:EventName = MSCTF.SendReceive.Event.AKM.IC
EventName = MSCTF.SendReceiveConection.Event.AKM.IC
Verhaltensbeschreibung:查找指定窗口
Details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Verhaltensbeschreibung:打开事件
Details:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Verhaltensbeschreibung:窗口信息
Details:Pid = 3228, Hwnd=0x20348, Text = 确定, ClassName = Button.
Pid = 3228, Hwnd=0x20344, Text = %1 不是有效的 Win32 应用程序。 , ClassName = Static.
Pid = 3228, Hwnd=0x40342, Text = 7-Zip, ClassName = #32770.
Verhaltensbeschreibung:可执行文件签名信息
Details:C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Orbs\Shamrock.orb(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Orbs\Windows 7.orb(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Styles\Plain10.msstyles(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Styles\Plain8.msstyles(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Styles\Windows 7.msstyles(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\StartIsBack32.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\StartIsBack64.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\StartIsBackCfg.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\startscreen.exe(签名验证: 未通过)
Verhaltensbeschreibung:可执行文件MD5
Details:C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Orbs\Shamrock.orb ---> ef55e07e1a2e47bb2bb749046cd150b2
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Orbs\Windows 7.orb ---> 85328e698e8a74852b4061a683915dc8
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Styles\Plain10.msstyles ---> 9ff1d98e5f8e69d0fa2e04f63b13f970
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Styles\Plain8.msstyles ---> a0b56ade201c3611d968eafb3e529942
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\Styles\Windows 7.msstyles ---> 00bdc71bdaa4cbc13576823c9610d507
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\StartIsBack32.dll ---> cb5b775b462913a6c252986495eb69bc
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\StartIsBack64.dll ---> 25acee1b349e2ce6db28e5d264af0a02
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\StartIsBackCfg.exe ---> f85da8af308efec52aa7583a35b6c506
C:\Documents and Settings\Administrator\Local Settings\Temp\7zSC9CBB663\startscreen.exe ---> 3a36e9ae606ec80d2d0b450f840f3d33
Verhaltensbeschreibung:打开互斥体
Details:ShimCacheMutex
Screenshot ausführen
VirSCAN

Über VirSCAN | Datenschutz | Kontakt | Freundliche Verbindung | VirSCAN unterstützen
Übersetzt von Chris (Austria)
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号