VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

文件信息
安全评分 :84
基本信息
MD5:1e2b789f311d68aefd1159aa7e0e32d0
文件类型:EXE
出品公司:AirInstaller
版本:2.0.4.99---2.0.4.99
壳或编译器信息:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [Overlay]
子文件信息:upx_c_b8a8dceedumpFile / 56742232af498facd09e24ce3e880718 / EXE
关键行为
行为描述:写权限映射文件
详情信息:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.IBE..HHEHH
MSCTF.MarshalInterface.FileMap.IBE.B.HHEHH
MSCTF.MarshalInterface.FileMap.IBE.C.HHEHH
MSCTF.MarshalInterface.FileMap.IBE.D.HHEHH
MSCTF.MarshalInterface.FileMap.IBE.E.HHEHH
MSCTF.MarshalInterface.FileMap.IBE.F.HIEHH
MSCTF.MarshalInterface.FileMap.IBE.G.HIEHH
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
进程行为
行为描述:枚举进程
详情信息:N/A
文件行为
行为描述:写权限映射文件
详情信息:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.IBE..HHEHH
MSCTF.MarshalInterface.FileMap.IBE.B.HHEHH
MSCTF.MarshalInterface.FileMap.IBE.C.HHEHH
MSCTF.MarshalInterface.FileMap.IBE.D.HHEHH
MSCTF.MarshalInterface.FileMap.IBE.E.HHEHH
MSCTF.MarshalInterface.FileMap.IBE.F.HIEHH
MSCTF.MarshalInterface.FileMap.IBE.G.HIEHH
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
网络行为
行为描述:联网打开网址
详情信息:InternetOpenUrlA: http://trk.airinstaller.com/get/log/?c=9c7ecf90-9f41-11e3-8e46-06699e7734cc&d=2.0.1.6&o= &r=&s=7fb396e829c27fc629c27fc6&t=179 hInternet = 0x00000620
InternetOpenUrlA: http://trk.airinstaller.com/get/log_level/?bundle=5pzjmonb hInternet = 0x0000061c
行为描述:读取网络文件
详情信息:hFile = 0x0000061c, BytesToRead =4095, BytesRead = 4095.
hFile = 0x00000620, BytesToRead =4095, BytesRead = 4095.
其他行为
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
行为描述:创建互斥体
详情信息:oleacc-msaa-loaded
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
AirInstaller-Admin
INSTALLER-238EA140-C13E-31F2-E1C5-106067709672
MSCTF.Shared.MUTEX.ELH
行为描述:获取TickCount值
详情信息:TickCount = 488520, SleepMilliseconds = 130.
TickCount = 488536, SleepMilliseconds = 130.
TickCount = 488551, SleepMilliseconds = 130.
TickCount = 488567, SleepMilliseconds = 130.
TickCount = 488583, SleepMilliseconds = 130.
TickCount = 488598, SleepMilliseconds = 130.
TickCount = 488614, SleepMilliseconds = 130.
TickCount = 488630, SleepMilliseconds = 130.
TickCount = 488645, SleepMilliseconds = 130.
TickCount = 488661, SleepMilliseconds = 130.
TickCount = 488676, SleepMilliseconds = 130.
TickCount = 488848, SleepMilliseconds = 130.
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号