VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

文件信息
安全评分 :77
基本信息
MD5:42c6c913199b60bb069db984f4e62cee
文件类型:EXE
出品公司:www.shuax.com
版本:6.2.3.0---6.2.3
壳或编译器信息:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation *
关键行为
行为描述:设置特殊文件夹属性
详情信息:C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
行为描述:直接获取CPU时钟
详情信息:EAX = 0x9dde65cc, EDX = 0x00000280
文件行为
行为描述:创建文件
详情信息:C:\Users\Administrator\AppData\Local\%temp%\detect
行为描述:设置特殊文件夹属性
详情信息:C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
行为描述:删除文件
详情信息:C:\Users\Administrator\AppData\Local\%temp%\detect
行为描述:查找文件
详情信息:FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\*
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\*
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\*
FileName = C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk
FileName = C:\ProgramData\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\Windows\system32\Ras\*.pbk
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\Network\Connections\Pbk\*.pbk
网络行为
行为描述:连接指定站点
详情信息:InternetConnectA: ServerName = ap****om, PORT = 443, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
行为描述:打开HTTP连接
详情信息:InternetOpenA: UserAgent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0), hSession = 0x00cc0004
行为描述:建立到一个指定的套接字连接
详情信息:URL: ap****om, IP: **.133.40.**:443, SOCKET = 0x0000034c
URL: ap****om, IP: **.133.40.**:443, SOCKET = 0x000000f0
URL: ap****om, IP: **.133.40.**:443, SOCKET = 0x000003a0
URL: ap****om, IP: **.133.40.**:443, SOCKET = 0x000001b0
URL: ap****om, IP: **.133.40.**:443, SOCKET = 0x000003a8
URL: ap****om, IP: **.133.40.**:443, SOCKET = 0x00000184
URL: ap****om, IP: **.133.40.**:443, SOCKET = 0x000003b0
URL: ap****om, IP: **.133.40.**:443, SOCKET = 0x000003b8
行为描述:打开HTTP请求
详情信息:HttpOpenRequestA: ap****om:443/tools/getchrome/json, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x84803000
行为描述:按名称获取主机地址
详情信息:GetAddrInfoW: ap****om
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\EnableFileTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\EnableConsoleTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\FileTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\ConsoleTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\MaxFileSize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\FileDirectory
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASMANCS\EnableFileTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASMANCS\EnableConsoleTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASMANCS\FileTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASMANCS\ConsoleTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASMANCS\MaxFileSize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASMANCS\FileDirectory
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
行为描述:删除注册表键值
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
其他行为
行为描述:检测自身是否被调试
详情信息:IsDebuggerPresent
行为描述:创建互斥体
详情信息:Google Chrome 更新器 6.2.3 - www.shuax.com
RasPbFile
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Static]
行为描述:直接获取CPU时钟
详情信息:EAX = 0x9dde65cc, EDX = 0x00000280
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
行为描述:窗口信息
详情信息:Pid = 1816, Hwnd=0x180116, Text = 在线查询Chrome版本, ClassName = Button(GroupBox).
Pid = 1816, Hwnd=0x1f0124, Text = 已装版本:, ClassName = Static.
Pid = 1816, Hwnd=0xa02ca, Text = 未安装, ClassName = Static.
Pid = 1816, Hwnd=0x1c01c0, Text = 查询版本:, ClassName = Static.
Pid = 1816, Hwnd=0x2401de, Text = 稳定版, ClassName = ComboBox.
Pid = 1816, Hwnd=0x17016a, Text = 32位, ClassName = ComboBox.
Pid = 1816, Hwnd=0x1c01dc, Text = 立刻查询, ClassName = Button.
Pid = 1816, Hwnd=0x270168, Text = 最新版本:, ClassName = Static.
Pid = 1816, Hwnd=0x8033a, Text = 尚未查询, ClassName = Static.
Pid = 1816, Hwnd=0x270112, Text = 文件大小:, ClassName = Static.
Pid = 1816, Hwnd=0x220160, Text = 未知, ClassName = Static.
Pid = 1816, Hwnd=0x802e8, Text = 点击下面的网址,即可复制到粘贴板, ClassName = Static.
Pid = 1816, Hwnd=0x270184, Text = 生成绿色版Chrome, ClassName = Button(GroupBox).
Pid = 1816, Hwnd=0x1b01ac, Text = 安装包:, ClassName = Static.
Pid = 1816, Hwnd=0x160302, Text = 选择文件, ClassName = Button.
行为描述:打开互斥体
详情信息:Local\MSCTF.Asm.MutexDefault1
Local\_!MSFTHISTORY!_
Local\c:!users!administrator!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Local\c:!users!administrator!appdata!roaming!microsoft!windows!cookies!
Local\c:!users!administrator!appdata!local!microsoft!windows!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
RasPbFile
Local\!IETld!Mutex
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号