VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

  Main Menu
VirSCAN  HOME VirSCAN  go Virscan.org VirSCAN  Report VirSCAN  Virus report VirSCAN  Behavior report VirSCAN  Help VirSCAN VirSCAN  Submit Bugs VirSCAN  Contact us
  Powered By
a-squared
a-squared
a-squared
 
File information
Safety rating:13
Behavior list
Basic Information
MD5:01c5060cc105375dc46d5cdb14869e15
file type:EXE
Production company:
version:1.1.0.0---1.01
Shell or compiler information:
Key behavior
Behavior description:修改原系统的EXE文件
details:C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE---> Offset = 12378112
C:\WINDOWS\system32\Cmb_Pb_LiveUpdate.exe---> Offset = 401408
Behavior description:跨进程写入数据
details:C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\PersonalBankPortal.exe
C:\%temp%\1446362952.679644.exe
C:\%temp%\1446362952.686499.exe
C:\WINDOWS\system32\taskmgr.exe
C:\%temp%\1446362952.707113.exe
C:\%temp%\1446362952.713966.exe
C:\WINDOWS\system32\patchupdate.exe
C:\WINDOWS\system32\tm.exe
C:\Program Files\Internet Explorer\iexplore.exe
TargetProcess = iexplore.exe, WriteAddress = 0x00e20000, Size = 4096
Behavior description:修改注册表_系统防火墙可信进程列表
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446362962.826895.exe
Behavior description:修改注册表_任务管理器关键属性
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\system\DisableTaskMgr
Behavior description:修改注册表_UAC关键设置
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA
Behavior description:常规加载驱动
details:system32\DRIVERS\ipfltdrv.sys
\??\C:\WINDOWS\system32\drivers\pqomm.sys
Behavior description:创建远程线程
details:C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\PersonalBankPortal.exe
C:\%temp%\1446362953.279182.exe
C:\%temp%\1446362953.286046.exe
C:\WINDOWS\system32\taskmgr.exe
C:\%temp%\1446362953.306618.exe
C:\%temp%\1446362953.313522.exe
C:\WINDOWS\system32\patchupdate.exe
C:\WINDOWS\system32\tm.exe
C:\Program Files\Internet Explorer\iexplore.exe
Behavior description:内存映射方式修改可执行文件
details:\device\harddiskvolume1\program files\microsoft office\office11\winword.exe
\device\harddiskvolume1\windows\system32\notepad.exe
\device\harddiskvolume1\windows\system32\cmb_pb_liveupdate.exe
Behavior description:设置特殊文件属性
details:C:\ftpao.pif
C:\DiskD\wqeevp.exe
C:\DiskX\ayntv.pif
Behavior description:停止系统服务
details:ServiceName = Application Layer Gateway Service
ServiceName = Windows Firewall/Internet Connection Sharing (ICS)
ServiceName = Security Center
Behavior description:尝试连接RootKit驱动设备对象
details:\??\amsint32
Behavior description:写权限映射文件
details:hh8geqpHJTkdns0
purity_control_90833
Local\UrlZonesSM_Administrator
\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winysgxc.exe
\WINDOWS\system32\notepad.exe
\WINDOWS\system32\Cmb_Pb_LiveUpdate.exe
\DiskD\wqeevp.exe
Behavior description:在根目录创建自运行文件
details:C:\autorun.inf
C:\DiskD\autorun.inf
C:\DiskX\autorun.inf
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改注册表_禁用注册表编辑器项
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\system\DisableRegistryTools
Behavior description:创建系统服务
details:[服务已存在]: IPFILTERDRIVER, C:\WINDOWS\system32\drivers\ipfltdrv.sys
[服务创建成功]: amsint32, C:\WINDOWS\system32\drivers\pqomm.sys
Process behavior
Behavior description:跨进程写入数据
details:C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\PersonalBankPortal.exe
C:\%temp%\1446362952.679644.exe
C:\%temp%\1446362952.686499.exe
C:\WINDOWS\system32\taskmgr.exe
C:\%temp%\1446362952.707113.exe
C:\%temp%\1446362952.713966.exe
C:\WINDOWS\system32\patchupdate.exe
C:\WINDOWS\system32\tm.exe
C:\Program Files\Internet Explorer\iexplore.exe
TargetProcess = iexplore.exe, WriteAddress = 0x00e20000, Size = 4096
Behavior description:创建远程线程
details:C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\PersonalBankPortal.exe
C:\%temp%\1446362953.279182.exe
C:\%temp%\1446362953.286046.exe
C:\WINDOWS\system32\taskmgr.exe
C:\%temp%\1446362953.306618.exe
C:\%temp%\1446362953.313522.exe
C:\WINDOWS\system32\patchupdate.exe
C:\WINDOWS\system32\tm.exe
C:\Program Files\Internet Explorer\iexplore.exe
Behavior description:枚举进程
details:N/A
Behavior description:创建进程
details:ImagePath = C:\Program Files\Internet Explorer\IEXPLORE.EXE, CmdLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.yixun.com/
File behavior
Behavior description:修改原系统的EXE文件
details:C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE---> Offset = 12378112
C:\WINDOWS\system32\Cmb_Pb_LiveUpdate.exe---> Offset = 401408
Behavior description:创建可执行文件
details:C:\WINDOWS\system32\drivers\pqomm.sys
C:\ftpao.pif
C:\DiskD\wqeevp.exe
C:\DiskX\ayntv.pif
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\*
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\Program Files\Internet Explorer\IEXPLORE.EXE
FileName = C:\Program Files\Internet Explorer\iexplore.exe
FileName = C:\*
FileName = C:\ANALYZECONTROL\*
FileName = D:\*
FileName = E:\*
FileName = F:\*
Behavior description:内存映射方式修改可执行文件
details:\device\harddiskvolume1\program files\microsoft office\office11\winword.exe
\device\harddiskvolume1\windows\system32\notepad.exe
\device\harddiskvolume1\windows\system32\cmb_pb_liveupdate.exe
Behavior description:设置特殊文件属性
details:C:\ftpao.pif
C:\DiskD\wqeevp.exe
C:\DiskX\ayntv.pif
Behavior description:写权限映射文件
details:hh8geqpHJTkdns0
purity_control_90833
Local\UrlZonesSM_Administrator
\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winysgxc.exe
\WINDOWS\system32\notepad.exe
\WINDOWS\system32\Cmb_Pb_LiveUpdate.exe
\DiskD\wqeevp.exe
Behavior description:在根目录创建自运行文件
details:C:\autorun.inf
C:\DiskD\autorun.inf
C:\DiskX\autorun.inf
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\WINDOWS\system.ini---> Offset = 231
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincafj.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyaiyjm.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winievm.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winokaiov.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winibhfh.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dyqj.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqdyudv.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jckjl.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winohtxm.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cprp.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fevpuk.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\vrxec.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincwqxyp.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxqis.exe---> Offset = 0
Network behavior
Behavior description:联网打开网址
details:InternetOpenUrlA: http://businecessity.com/logo.gif?77320=1952896 hInternet = 0x000005a8
InternetOpenUrlA: http://al-somow.com/images/logo.gif?7762b=1467009 hInternet = 0x000005ac
InternetOpenUrlA: http://amnisure.com.tr/images/logo.gif?77715=2935422 hInternet = 0x000005ac
InternetOpenUrlA: http://bhagavatirannade.org/logo.gif?777f0=4894560 hInternet = 0x000005ac
InternetOpenUrlA: http://ankara-cambalkon.net/images/logo.gif?7793b=2938722 hInternet = 0x000005a4
InternetOpenUrlA: http://aocuoikhanhlinh.vn/images/logo.gif?77a54=1960272 hInternet = 0x000005a4
InternetOpenUrlA: http://yeni.antalyahilal.com/logo.gif?10a23d=2180218 hInternet = 0x0000069c
InternetOpenUrlA: http://arimaexim.com/logo.gif?77bd8=2942736 hInternet = 0x0000069c
InternetOpenUrlA: http://businecessity.com/logo.gif?7a7ec=2508620 hInternet = 0x000005ac
InternetOpenUrlA: http://al-somow.com/images/logo.gif?78108=983568 hInternet = 0x0000059c
InternetOpenUrlA: http://amnisure.com.tr/images/logo.gif?78224=2460340 hInternet = 0x0000059c
InternetOpenUrlA: http://bhagavatirannade.org/logo.gif?785d0=4437072 hInternet = 0x0000059c
InternetOpenUrlA: http://ankara-cambalkon.net/images/logo.gif?782fc=492284 hInternet = 0x0000059c
InternetOpenUrlA: http://aocuoikhanhlinh.vn/images/logo.gif?78398=3939520 hInternet = 0x0000059c
InternetOpenUrlA: http://yeni.antalyahilal.com/logo.gif?7abc4=1005448 hInternet = 0x000005a8
Behavior description:下载文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincafj.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyaiyjm.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winievm.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winokaiov.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winibhfh.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dyqj.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqdyudv.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jckjl.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winohtxm.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cprp.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fevpuk.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\vrxec.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincwqxyp.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxqis.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hjdnrk.exe
Behavior description:读取网络文件
details:hFile = 0x000005a8, BytesToRead =1024, BytesRead = 1024.
hFile = 0x000005ac, BytesToRead =1024, BytesRead = 1024.
hFile = 0x000005a4, BytesToRead =1024, BytesRead = 1024.
hFile = 0x0000069c, BytesToRead =1024, BytesRead = 1024.
hFile = 0x0000059c, BytesToRead =1024, BytesRead = 1024.
hFile = 0x000005a0, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000594, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000598, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000574, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000520, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000538, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000510, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000500, BytesToRead =1024, BytesRead = 1024.
hFile = 0x000004f0, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000534, BytesToRead =1024, BytesRead = 1024.
Registry behavior
Behavior description:修改注册表_Explorer文件显示相关属性
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
Behavior description:修改注册表_任务管理器关键属性
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\system\DisableTaskMgr
Behavior description:删除注册表键_安全模式启动项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\AppMgmt
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\Base
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\Boot Bus Extender
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\Boot file system
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\CryptSvc
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\DcomLaunch
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\dmadmin
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\dmboot.sys
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\dmio.sys
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\dmload.sys
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\dmserver
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\EventLog
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\File system
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\Filter
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\Netlogon
Behavior description:修改注册表_UAC关键设置
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA
Behavior description:删除注册表键值_安全模式启动项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\AlternateShell
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\GlobalUserOffline
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\-993627007\1768776769
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\-993627007\-757413758
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\-993627007\1011363011
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\-993627007\-1514827516
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\-993627007\253949253
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\-993627007\-503464505
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\A1_0
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\A2_0
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\A3_0
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\A4_0
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\A1_1
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\A2_1
Behavior description:修改注册表_系统防火墙可信进程列表
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446362962.826895.exe
Behavior description:修改注册表_安全中心相关属性
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\UacDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\AntiVirusOverride
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\AntiVirusDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\FirewallDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\FirewallOverride
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\UpdatesDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\UacDisableNotify
Behavior description:修改注册表_禁用注册表编辑器项
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\system\DisableRegistryTools
Other behavior
Behavior description:创建互斥体
details:uxJLpe1m
smss.exeM_532_
csrss.exeM_588_
winlogon.exeM_612_
services.exeM_656_
lsass.exeM_668_
33oxservice.exeM_828_
33acthlp.exeM_840_
svchost.exeM_880_
svchost.exeM_944_
svchost.exeM_984_
svchost.exeM_1068_
svchost.exeM_1100_
spoolsv.exeM_1240_
33upgradehelper.exeM_1504_
Behavior description:常规加载驱动
details:system32\DRIVERS\ipfltdrv.sys
\??\C:\WINDOWS\system32\drivers\pqomm.sys
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [TXGuiFoundation,QQ2013]
NtUserFindWindowEx: [Class,Window] = [CTXOPConntion_Class,OP_2269840561]
Behavior description:启动系统服务
details:[服务启动成功]: , IP Traffic Filter Driver, system32\DRIVERS\ipfltdrv.sys
[服务启动成功]: , amsint32, \??\C:\WINDOWS\system32\drivers\pqomm.sys
Behavior description:获取系统权限
details:SE_DEBUG_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
Behavior description:搜索kernel32.dll基地址
details:Instruction Address = 0x0040d17e
Behavior description:枚举窗口
details:N/A
Behavior description:停止系统服务
details:ServiceName = Application Layer Gateway Service
ServiceName = Windows Firewall/Internet Connection Sharing (ICS)
ServiceName = Security Center
Behavior description:尝试连接RootKit驱动设备对象
details:\??\amsint32
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 1024.
[2]: MilliSeconds = 300000.
[3]: MilliSeconds = 180000.
[4]: MilliSeconds = 10240.
[5]: MilliSeconds = -1.
[6]: MilliSeconds = 10000.
[7]: MilliSeconds = -1.
[8]: MilliSeconds = 180000.
[9]: MilliSeconds = 1024.
[10]: MilliSeconds = 4096.
Behavior description:获取TickCount值
details:TickCount = 484887, SleepMilliseconds = 12.
TickCount = 484918, SleepMilliseconds = 12.
TickCount = 484949, SleepMilliseconds = 12.
TickCount = 484965, SleepMilliseconds = 12.
TickCount = 664968, SleepMilliseconds = 180000.
TickCount = 485240, SleepMilliseconds = 256.
TickCount = 485256, SleepMilliseconds = 256.
TickCount = 485271, SleepMilliseconds = 256.
TickCount = 485287, SleepMilliseconds = 256.
TickCount = 485302, SleepMilliseconds = 256.
TickCount = 485318, SleepMilliseconds = 256.
TickCount = 485334, SleepMilliseconds = 256.
TickCount = 485349, SleepMilliseconds = 256.
TickCount = 485381, SleepMilliseconds = 256.
TickCount = 485396, SleepMilliseconds = 256.
Behavior description:创建系统服务
details:[服务已存在]: IPFILTERDRIVER, C:\WINDOWS\system32\drivers\ipfltdrv.sys
[服务创建成功]: amsint32, C:\WINDOWS\system32\drivers\pqomm.sys
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

 pol

京公网安备 11010802020746号