VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

文件信息
安全评分 :77
基本信息
MD5:07c39c9775a030ca688f016cd1dc9000
文件类型:7z
出品公司:游侠网
版本:1.0.5.32---1.0.5.32
壳或编译器信息:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [Overlay]
子文件信息:upx_c_fe9460f1dumpFile / 2b7507a3d41de7879c1209fedc60ed36 / EXE
ali213box.dll / 0e4a90a8be93441ee8e5847a5d2e30bf / DLL
ali213_box.exe / big file / EXE
关键行为
行为描述:写权限映射文件
详情信息:CiceroSharedMemDefaultS-*
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.MEJ..ICDIH
MSCTF.MarshalInterface.FileMap.MEJ.B.ICDIH
MSCTF.MarshalInterface.FileMap.MEJ.C.ICDIH
MSCTF.MarshalInterface.FileMap.MEJ.D.ICDIH
MSCTF.MarshalInterface.FileMap.MEJ.E.ICDIH
MSCTF.MarshalInterface.FileMap.MEJ.F.HFDIH
MSCTF.MarshalInterface.FileMap.MEJ.G.HFDIH
\WINDOWS\system32\zh-cn\ieframe.dll.mui
MSCTF.Shared.SFM.MEJ
Local\C:_Documents and Settings_Administrator_IECompatCache_index.dat_16384
Local\!PrivacIE!SharedMem!Counter
MSCTF.MarshalInterface.FileMap.EMO..MDEKH
\WINDOWS\system32\zh-cn\mshtml.dll.mui
行为描述:在桌面创建快捷方式
详情信息:C:\Documents and Settings\Administrator\桌面\游侠云盒.lnk
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IECompatCache
行为描述:按名称获取主机地址
详情信息:api.ali213.net
nui8gcldcwwm9aujb3bb.5mz8cfvwxevxz4tf0pyp.com
box.ali213.net
f09er35s9ur4zpzxh1da.2yoje9871xlsls8e0th5.com
127.0.0.1
router.bittorrent.com
router.utorrent.com
router.bitcomet.com
box.update.ali213.net
进程行为
行为描述:创建新文件进程
详情信息:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\511C6BAF-309F-478A-8AF9-999A1771832D-alibox\ali213_box.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\511C6BAF-309F-478A-8AF9-999A1771832D-alibox\ali213_box.exe" /downloadinstall 2007205873 2135634250
ImagePath = D:\Program Files\ali213\ali213_box\ali213_box.exe, CmdLine = "D:\Program Files\ali213\ali213_box\ali213_box.exe"
行为描述:枚举进程
详情信息:N/A
文件行为
行为描述:在系统敏感位置(如开始菜单等)释放链接或快捷方式
详情信息:C:\Documents and Settings\Administrator\「开始」菜单\程序\游侠软件\游侠云盒\游侠云盒.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\游侠软件\游侠云盒\卸载.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\游侠软件\游侠云盒\官方网站.url
行为描述:创建可执行文件
详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\511C6BAF-309F-478A-8AF9-999A1771832D-alibox\ali213_box.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\511C6BAF-309F-478A-8AF9-999A1771832D-alibox\ali213box.dll
C:\DiskD\Program Files\ali213\ali213_box\ali213_box.exe
C:\DiskD\Program Files\ali213\ali213_box\ali213box.dll
行为描述:查找文件
详情信息:FileName = C:\*.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\511C6BAF-309F-478A-8AF9-999A1771832D-alibox
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\511C6BAF-309F-478A-8AF9-999A1771832D-alibox\ali213_box.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\511C6BAF-309F-478A-8AF9-999A1771832D-alibox\ali213box.dll
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445494145.357770.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\511C6BAF-309F-478A-8AF9-999A1771832D-alibox\*.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
行为描述:在桌面创建快捷方式
详情信息:C:\Documents and Settings\Administrator\桌面\游侠云盒.lnk
行为描述:写权限映射文件
详情信息:CiceroSharedMemDefaultS-*
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.MEJ..ICDIH
MSCTF.MarshalInterface.FileMap.MEJ.B.ICDIH
MSCTF.MarshalInterface.FileMap.MEJ.C.ICDIH
MSCTF.MarshalInterface.FileMap.MEJ.D.ICDIH
MSCTF.MarshalInterface.FileMap.MEJ.E.ICDIH
MSCTF.MarshalInterface.FileMap.MEJ.F.HFDIH
MSCTF.MarshalInterface.FileMap.MEJ.G.HFDIH
\WINDOWS\system32\zh-cn\ieframe.dll.mui
MSCTF.Shared.SFM.MEJ
Local\C:_Documents and Settings_Administrator_IECompatCache_index.dat_16384
Local\!PrivacIE!SharedMem!Counter
MSCTF.MarshalInterface.FileMap.EMO..MDEKH
\WINDOWS\system32\zh-cn\mshtml.dll.mui
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IECompatCache
行为描述:修改文件内容
详情信息:C:\DiskD\aliBoxGames\desktop.ini---> Offset = 0
C:\DiskD\aliBoxGames\desktop.ini---> Offset = 148
C:\DiskD\aliBoxGames\desktop.ini---> Offset = 161
C:\DiskD\Program Files\ali213\ali213_box\ico\uninstall.ico---> Offset = 0
C:\Documents and Settings\Administrator\「开始」菜单\程序\游侠软件\游侠云盒\游侠云盒.lnk---> Offset = 0
C:\Documents and Settings\Administrator\桌面\游侠云盒.lnk---> Offset = 0
C:\Documents and Settings\Administrator\「开始」菜单\程序\游侠软件\游侠云盒\卸载.lnk---> Offset = 0
C:\Documents and Settings\Administrator\「开始」菜单\程序\游侠软件\游侠云盒\官方网站.url---> Offset = 0
C:\Documents and Settings\Administrator\「开始」菜单\程序\游侠软件\游侠云盒\官方网站.url---> Offset = 48
C:\Documents and Settings\Administrator\Local Settings\Application Data\ali213box\registry2.db-journal---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\ali213box\registry2.db-journal---> Offset = 516
C:\Documents and Settings\Administrator\Local Settings\Application Data\ali213box\registry2.db---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]---> Offset = 0
网络行为
行为描述:连接指定站点
详情信息:InternetConnectA: ServerName = box.ali213.net, PORT = 80
行为描述:发送一个已连接的套接字数据
详情信息:SOCKET = 0x000002a4, TotalSize = 151, Offset = 0, ReadSize = 151.
SOCKET = 0x00000578, TotalSize = 110, Offset = 0, ReadSize = 110.
行为描述:建立到一个指定的套接字连接
详情信息:110.110.110.110:80
127.0.0.1:1035
行为描述:打开HTTP请求
详情信息:HttpOpenRequestA: box.ali213.net:80/game-box/tj.html, hConnect = 0x00000434
行为描述:按名称获取主机地址
详情信息:api.ali213.net
nui8gcldcwwm9aujb3bb.5mz8cfvwxevxz4tf0pyp.com
box.ali213.net
f09er35s9ur4zpzxh1da.2yoje9871xlsls8e0th5.com
127.0.0.1
router.bittorrent.com
router.utorrent.com
router.bitcomet.com
box.update.ali213.net
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\511C6BAF-309F-478A-8AF9-999A1771832D-alibox\ali213_box.exe
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
\REGISTRY\USER\S-*\Software\ali213\ali213_box\Name
\REGISTRY\USER\S-*\Software\ali213\ali213_box\Version
\REGISTRY\USER\S-*\Software\ali213\ali213_box\ExePath
\REGISTRY\USER\S-*\Software\ali213\ali213_box\InstallExePath
\REGISTRY\USER\S-*\Software\ali213\ali213_box\Path
\REGISTRY\USER\S-*\Software\ali213\ali213_box\InstallPath
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\App Paths\ali213_box.exe\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Uninstall\ali213_box\DisplayName
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Uninstall\ali213_box\DisplayIcon
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Uninstall\ali213_box\DisplayVersion
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Uninstall\ali213_box\InstallLocation
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Uninstall\ali213_box\UninstallString
行为描述:删除注册表键
详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW
行为描述:修改注册表_URL协议关联
详情信息:\REGISTRY\USER\S-*_CLASSES\alibox\URL Protocol
行为描述:删除注册表键值_IE连接设置
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
行为描述:删除注册表键值
详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\DWFileTreeRoot
其他行为
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [shell embedding,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
行为描述:打开HTTP连接
详情信息:Mozilla/4.0
行为描述:窗口信息
详情信息:Pid = 2372, Hwnd=0x202a6, Text = 正在准备下载游戏......, ClassName = AAU_FORM[TID:2380].
Pid = 3776, Hwnd=0x302dc, Text = 游侠云盒, ClassName = FRM_ALI213BOX_MAIN[TID:3780].
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
oleacc-msaa-loaded
MSCTF.Shared.MUTEX.ELH
{A79F2403-D111-48EE-AF93-06236A292ACB}ALIBOX.mutex
RasPbFile
MSCTF.Shared.MUTEX.MEJ
行为描述:获取系统权限
详情信息:SE_DEBUG_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号