VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

文件信息
安全评分 :50
基本信息
MD5:5388ceb10c6a3a39ff5910204c213316
文件类型:EXE
出品公司:
版本:11.7.9924.9266---11, 7, 9924, 9266
壳或编译器信息:PACKER:ASProtect v1.23 RC1 *
关键行为
行为描述:跨进程写入数据
详情信息:TargetProcess = C:\WINDOWS\explorer.exe, WriteAddress = 0x7c98149b, Size = 0x00000004 TargetPID = 0x000007d0
TargetProcess = C:\WINDOWS\explorer.exe, WriteAddress = 0x00e40000, Size = 0x00000318 TargetPID = 0x000007d0
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x7c98149b, Size = 0x00000004 TargetPID = 0x00000b50
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x04cc0000, Size = 0x00000318 TargetPID = 0x00000b50
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x7c98149b, Size = 0x00000004 TargetPID = 0x00000b78
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x04600000, Size = 0x00000318 TargetPID = 0x00000b78
行为描述:创建远程线程
详情信息:TargetProcess: explorer.exe, InheritedFromPID = 1932, ProcessID = 2000, ThreadID = 3252, StartAddress = 7C98149B, Parameter = 00000000
TargetProcess: iexplore.exe, InheritedFromPID = 2364, ProcessID = 2896, ThreadID = 3304, StartAddress = 7C98149B, Parameter = 00000000
TargetProcess: iexplore.exe, InheritedFromPID = 2896, ProcessID = 2936, ThreadID = 3312, StartAddress = 7C98149B, Parameter = 00000000
行为描述:通过内存映射跨进程修改内存
详情信息:TargetProcess = explorer.exe
TargetProcess = iexplore.exe
行为描述:设置线程上下文
详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
行为描述:获取TickCount值
详情信息:TickCount = 243975, SleepMilliseconds = 100.
TickCount = 246865, SleepMilliseconds = 100.
进程行为
行为描述:跨进程写入数据
详情信息:TargetProcess = C:\WINDOWS\explorer.exe, WriteAddress = 0x7c98149b, Size = 0x00000004 TargetPID = 0x000007d0
TargetProcess = C:\WINDOWS\explorer.exe, WriteAddress = 0x00e40000, Size = 0x00000318 TargetPID = 0x000007d0
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x7c98149b, Size = 0x00000004 TargetPID = 0x00000b50
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x04cc0000, Size = 0x00000318 TargetPID = 0x00000b50
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x7c98149b, Size = 0x00000004 TargetPID = 0x00000b78
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x04600000, Size = 0x00000318 TargetPID = 0x00000b78
行为描述:创建本地线程
详情信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2656, ThreadID = 3180, StartAddress = 00401034, Parameter = 0012FDC0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2656, ThreadID = 3184, StartAddress = 004010FB, Parameter = 0012FDC0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2656, ThreadID = 3248, StartAddress = 01E9105B, Parameter = 01E97570
行为描述:创建远程线程
详情信息:TargetProcess: explorer.exe, InheritedFromPID = 1932, ProcessID = 2000, ThreadID = 3252, StartAddress = 7C98149B, Parameter = 00000000
TargetProcess: iexplore.exe, InheritedFromPID = 2364, ProcessID = 2896, ThreadID = 3304, StartAddress = 7C98149B, Parameter = 00000000
TargetProcess: iexplore.exe, InheritedFromPID = 2896, ProcessID = 2936, ThreadID = 3312, StartAddress = 7C98149B, Parameter = 00000000
行为描述:设置线程上下文
详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
行为描述:枚举进程
详情信息:N/A
行为描述:通过内存映射跨进程修改内存
详情信息:TargetProcess = explorer.exe
TargetProcess = iexplore.exe
文件行为
行为描述:创建文件
详情信息:C:\Documents and Settings\Administrator\Application Data\Microsoft\Appm9_25\aaclm700.exe
行为描述:修改文件内容
详情信息:C:\Documents and Settings\Administrator\Application Data\Microsoft\Appm9_25\aaclm700.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Microsoft\Appm9_25\aaclm700.exe ---> Offset = 4096
行为描述:查找文件
详情信息:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\aspr_keys.ini
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aspr_keys.ini
FileName = C:\WINDOWS\system32\*.dll
注册表行为
行为描述:修改注册表_延迟重命名项
详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
其他行为
行为描述:检测自身是否被调试
详情信息:IsDebuggerPresent
行为描述:创建互斥体
详情信息:oleacc-msaa-loaded
{E03EB370-BF64-122B-4914-63668D8847FA}
{606C98C9-3FB4-9234-C994-E3E60D08C77A}
{685E90CD-A72E-DADB-711C-CBAE35102FC2}
行为描述:创建事件对象
详情信息:EventName = Local\{A19253DD-8C8B-7BD1-9E65-80DFB269B483}
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [ProgMan,]
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
行为描述:搜索kernel32.dll基地址
详情信息:Instruction Address = 0x0052973c
行为描述:获取光标位置
详情信息:CursorPos = (80,18468), SleepMilliseconds = 100.
CursorPos = (6373,26501), SleepMilliseconds = 100.
CursorPos = (19208,15725), SleepMilliseconds = 100.
CursorPos = (11517,29359), SleepMilliseconds = 100.
CursorPos = (27001,24465), SleepMilliseconds = 100.
CursorPos = (5744,28146), SleepMilliseconds = 100.
行为描述:枚举窗口
详情信息:N/A
行为描述:调用Sleep函数
详情信息:[1]: MilliSeconds = 100.
[2]: MilliSeconds = 100.
[3]: MilliSeconds = 100.
[4]: MilliSeconds = 100.
[5]: MilliSeconds = 100.
[6]: MilliSeconds = 100.
[7]: MilliSeconds = 100.
[8]: MilliSeconds = 100.
[9]: MilliSeconds = 100.
[10]: MilliSeconds = 100.
行为描述:获取TickCount值
详情信息:TickCount = 243975, SleepMilliseconds = 100.
TickCount = 246865, SleepMilliseconds = 100.
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号