VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

文件信息
安全评分 :77
基本信息
MD5:3a81dcd2cdd0ab1b3411714caa3bbd39
文件类型:7z
出品公司:
版本:
壳或编译器信息:
子文件信息:cygwin1.dll / 23c7f511f6eec2154cc471745cc3a822 / DLL
cygiconv-2.dll / d9f1e51f181cab4988cfa5b936f9553a / DLL
rsync.exe / e8c76dfec3c03e44eddff089dd85f489 / EXE
cyggcc_s-1.dll / 6663a80da58e7610d219c0b6d97a5b49 / DLL
cygintl-8.dll / 6482ee64bd6167ba624111303b684c5c / DLL
cygpopt-0.dll / 75cfa1e81ca103b0b753a70e06160c49 / DLL
关键行为
行为描述:修改原系统的EXE文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygwin1.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygiconv-2.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygpopt-0.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygintl-8.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cyggcc_s-1.dll
行为描述:获取User基本信息
详情信息:Level = 3.
进程行为
行为描述:创建本地线程
详情信息:TargetProcess: rsync.exe, InheritedFromPID = 2000, ProcessID = 3396, ThreadID = 3456, StartAddress = 61005320, Parameter = 611B6C40
文件行为
行为描述:修改原系统的EXE文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygwin1.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygiconv-2.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygpopt-0.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygintl-8.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cyggcc_s-1.dll
行为描述:修改文件内容
详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygwin1.dll ---> Offset = 856064
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygiconv-2.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygiconv-2.dll ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygiconv-2.dll ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygiconv-2.dll ---> Offset = 196608
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygiconv-2.dll ---> Offset = 262144
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygpopt-0.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygpopt-0.dll ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygintl-8.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygintl-8.dll ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cyggcc_s-1.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cyggcc_s-1.dll ---> Offset = 65536
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\MACHINE\SOFTWARE\Cygwin\Installations\f92534333ecb00b9
其他行为
行为描述:检测自身是否被调试
详情信息:IsDebuggerPresent
行为描述:创建互斥体
详情信息:tty_list::mutex.0
行为描述:修改后的可执行文件MD5
详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygwin1.dll ---> 23c7f511f6eec2154cc471745cc3a822
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygiconv-2.dll ---> d9f1e51f181cab4988cfa5b936f9553a
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygpopt-0.dll ---> 75cfa1e81ca103b0b753a70e06160c49
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygintl-8.dll ---> 6482ee64bd6167ba624111303b684c5c
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cyggcc_s-1.dll ---> 6663a80da58e7610d219c0b6d97a5b49
行为描述:获取User基本信息
详情信息:Level = 3.
行为描述:调整进程token权限
详情信息:SE_RESTORE_PRIVILEGE
SE_BACKUP_PRIVILEGE
SE_DEBUG_PRIVILEGE
行为描述:修改后的可执行文件签名信息
详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygwin1.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygiconv-2.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygpopt-0.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygintl-8.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cyggcc_s-1.dll(签名验证: 未通过)
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号