VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

文件信息
安全评分 :75
基本信息
MD5:188db6c4214787a05147643c309b3bce
文件类型:Rar5
出品公司:
版本:
壳或编译器信息:
子文件信息:ipmsg.exe / 5dd1bd26e317d2fc69527b96aa11946f / EXE
ipmsg.chm / 9459731b696146886989d5513dd77446 / Chm
ipcmd.exe / 93e9c17b941a2b4adad9c240ffa8bcc6 / EXE
iptoast.dll / c14c3e1c1ec89677876172f144b8d968 / DLL
说明.txt / 400a9858af863fd9cacdc55a5f7a238a / Unknown
th_sjy 汉化分享博客.url / e447aad072cd35738ddf68156cf87a85 / Unknown
关键行为
行为描述:获取TickCount值
详情信息:TickCount = 281000, SleepMilliseconds = 60000.
TickCount = 281015, SleepMilliseconds = 60000.
TickCount = 281109, SleepMilliseconds = 60000.
TickCount = 281140, SleepMilliseconds = 60000.
TickCount = 281156, SleepMilliseconds = 60000.
TickCount = 281171, SleepMilliseconds = 60000.
TickCount = 281296, SleepMilliseconds = 60000.
TickCount = 281312, SleepMilliseconds = 60000.
TickCount = 281328, SleepMilliseconds = 60000.
TickCount = 281406, SleepMilliseconds = 60000.
TickCount = 281437, SleepMilliseconds = 60000.
TickCount = 281484, SleepMilliseconds = 60000.
TickCount = 281625, SleepMilliseconds = 60000.
TickCount = 281796, SleepMilliseconds = 60000.
TickCount = 281843, SleepMilliseconds = 60000.
进程行为
行为描述:创建本地线程
详情信息:TargetProcess: ipmsg.exe, InheritedFromPID = 2000, ProcessID = 3012, ThreadID = 3024, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: ipmsg.exe, InheritedFromPID = 2000, ProcessID = 3012, ThreadID = 3104, StartAddress = 77E56C7D, Parameter = 0020A988
TargetProcess: ipmsg.exe, InheritedFromPID = 2000, ProcessID = 3012, ThreadID = 3108, StartAddress = 769AE43B, Parameter = 0020D1D8
TargetProcess: ipmsg.exe, InheritedFromPID = 2000, ProcessID = 3012, ThreadID = 3112, StartAddress = 77E56C7D, Parameter = 0020D858
TargetProcess: ipmsg.exe, InheritedFromPID = 2000, ProcessID = 3012, ThreadID = 3192, StartAddress = 719CD33A, Parameter = 00224F98
文件行为
行为描述:创建文件
详情信息:C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fca3ba4c5f684fe21b5f571d6a29b919_dcff734b-bc3f-43cb-8911-9b5d467629cf
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4956cf3f842cbb25b40043ba0e22659_dcff734b-bc3f-43cb-8911-9b5d467629cf
行为描述:修改文件内容
详情信息:C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fca3ba4c5f684fe21b5f571d6a29b919_dcff734b-bc3f-43cb-8911-9b5d467629cf ---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4956cf3f842cbb25b40043ba0e22659_dcff734b-bc3f-43cb-8911-9b5d467629cf ---> Offset = 0
行为描述:查找文件
详情信息:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-*\fca3ba4c5f684fe21b5f571d6a29b919_*
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-*\c4956cf3f842cbb25b40043ba0e22659_*
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\USER\S-*\Software\HSTools\IPMsgEng\LastWnd
\REGISTRY\USER\S-*\Software\HSTools\IPMsgEng\MasterSvr
\REGISTRY\USER\S-*\Software\HSTools\IPMsgEng\DirMode
\REGISTRY\USER\S-*\Software\HSTools\IPMsgEng\Crypt\PrivBlob
\REGISTRY\USER\S-*\Software\HSTools\IPMsgEng\Crypt\PrivEncryptType
\REGISTRY\USER\S-*\Software\HSTools\IPMsgEng\Crypt2\PrivEncryptType
行为描述:删除注册表键
详情信息:\REGISTRY\USER\S-*\Software\HSTools\IPMsgEng\Crypt2\
行为描述:删除注册表键值
详情信息:\REGISTRY\USER\S-*\Software\HSTools\IPMsgEng\DirSpan
其他行为
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
ipmsg_class
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [IPMsg,ipmsg_class]
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [ipmsg_class,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
行为描述:加密数据
详情信息:[CryptEncrypt] Data: 0x0012E300, PlainTextLen: 1024, CipherTextLen: 128, Flags: 0x00000000
[CryptEncrypt] Data: 0x0012E300, PlainTextLen: 1024, CipherTextLen: 256, Flags: 0x00000000
行为描述:获取TickCount值
详情信息:TickCount = 281000, SleepMilliseconds = 60000.
TickCount = 281015, SleepMilliseconds = 60000.
TickCount = 281109, SleepMilliseconds = 60000.
TickCount = 281140, SleepMilliseconds = 60000.
TickCount = 281156, SleepMilliseconds = 60000.
TickCount = 281171, SleepMilliseconds = 60000.
TickCount = 281296, SleepMilliseconds = 60000.
TickCount = 281312, SleepMilliseconds = 60000.
TickCount = 281328, SleepMilliseconds = 60000.
TickCount = 281406, SleepMilliseconds = 60000.
TickCount = 281437, SleepMilliseconds = 60000.
TickCount = 281484, SleepMilliseconds = 60000.
TickCount = 281625, SleepMilliseconds = 60000.
TickCount = 281796, SleepMilliseconds = 60000.
TickCount = 281843, SleepMilliseconds = 60000.
行为描述:生成随机会话密钥或公/私钥对
详情信息:[CryptGenKey] Algorithm: CALG_RSA_KEYX (0x0000a400) Flags: 0x04000001
[CryptGenKey] Algorithm: CALG_RSA_KEYX (0x0000a400) Flags: 0x08000001
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
MSFT.VSA.COM.DISABLE.3012
MSFT.VSA.IEC.STATUS.6c736db0
\INSTALLATION_SECURITY_HOLD
Global\crypt32LogoffEvent
行为描述:调用Sleep函数
详情信息:[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 60000.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 60000.
[5]: MilliSeconds = 60000.
[6]: MilliSeconds = 60000.
[7]: MilliSeconds = 60000.
[8]: MilliSeconds = 60000.
[9]: MilliSeconds = 60000.
[10]: MilliSeconds = 60000.
行为描述:创建事件对象
详情信息:EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
行为描述:打开互斥体
详情信息:ShimCacheMutex
DBWinMutex
行为描述:解密数据
详情信息:[CryptDecrypt] Data: 0x0012E300, CipherTextLen: 128, PlainTextLen: 16, Flags: 0x00000000
[CryptDecrypt] Data: 0x0012E300, CipherTextLen: 256, PlainTextLen: 16, Flags: 0x00000000
行为描述:导入密钥
详情信息:[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x0012E300, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x0012E300, DataLen: 276, Flags: 0x00000000
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号