VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

文件信息
安全评分 :61
基本信息
MD5:55d8296cf5bf2252857879003ee52390
文件类型:EXE
出品公司:North Star
版本:3.7.0.0---3, 7, 0, 0
壳或编译器信息:PACKER:ASProtect 2.1x SKE -> Alexey Solodovnikov [Overlay]
子文件信息:aspr.ske.2.x_75211f3cdumpFile / 150da994f2972e08992a1b0801b3c6bc / EXE
关键行为
行为描述:检测自身是否被调试
详情信息:N/A
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,Afx:400000:3]
[Window,Class] = [,ComboLBox]
进程行为
行为描述:枚举进程
详情信息:N/A
文件行为
行为描述:修改文件内容
详情信息:C:\WINDOWS\system32\nsuser.dat---> Offset = 0
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
其他行为
行为描述:检测自身是否被调试
详情信息:N/A
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,Afx:400000:3]
[Window,Class] = [,ComboLBox]
行为描述:使用SCSI指令读写硬盘
详情信息:LBA = 0x8000C000 SCSIOP = 0x12
行为描述:尝试打开调试器或监控软件的驱动设备对象
详情信息:\??\SICE
\??\NTICE
\??\SIWVID
行为描述:获取系统权限
详情信息:SE_LOAD_DRIVER_PRIVILEGE
行为描述:窗口信息
详情信息:Pid = 1160, Hwnd=0xe0358, Text = www.nsdsn.com, ClassName = Static.
Pid = 1160, Hwnd=0xe0330, Text = 主页:, ClassName = Static.
Pid = 1160, Hwnd=0xb01e0, Text = 用户指定节名(小于8个字符):, ClassName = Button(RadioButton).
Pid = 1160, Hwnd=0xb01a2, Text = 清除所有节名, ClassName = Button(RadioButton).
Pid = 1160, Hwnd=0xb019c, Text = 使用随机数命名(0000000-9999999), ClassName = Button(RadioButton).
Pid = 1160, Hwnd=0xc01b2, Text = 语言:, ClassName = Static.
Pid = 1160, Hwnd=0xc01ee, Text = 处理共享节, ClassName = Button(CheckBox).
Pid = 1160, Hwnd=0xb018a, Text = 压缩资源, ClassName = Button(CheckBox).
Pid = 1160, Hwnd=0xa01f0, Text = 忽略重定位节, ClassName = Button(CheckBox).
Pid = 1160, Hwnd=0xc01da, Text = 在压缩前备份程序, ClassName = Button(CheckBox).
Pid = 1160, Hwnd=0xc01a6, Text = 保留额外数据, ClassName = Button(CheckBox).
Pid = 1160, Hwnd=0xb0200, Text = 使用Shell右键扩展, ClassName = Button(CheckBox).
Pid = 1160, Hwnd=0xd01f6, Text = 强制压缩, ClassName = Button(CheckBox).
Pid = 1160, Hwnd=0xc017a, Text = 退出保存设置, ClassName = Button(CheckBox).
Pid = 1160, Hwnd=0xb015e, Text = 节名称:, ClassName = Button(GroupBox).
行为描述:直接操作物理设备
详情信息:\??\PhysicalDrive0
异常崩溃
行为描述:检测自身是否被调试
详情信息:N/A
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,Afx:400000:3]
[Window,Class] = [,ComboLBox]
行为描述:使用SCSI指令读写硬盘
详情信息:LBA = 0x8000C000 SCSIOP = 0x12
行为描述:尝试打开调试器或监控软件的驱动设备对象
详情信息:\??\SICE
\??\NTICE
\??\SIWVID
行为描述:获取系统权限
详情信息:SE_LOAD_DRIVER_PRIVILEGE
行为描述:窗口信息
详情信息:Pid = 1160, Hwnd=0xe0358, Text = www.nsdsn.com, ClassName = Static.
Pid = 1160, Hwnd=0xe0330, Text = 主页:, ClassName = Static.
Pid = 1160, Hwnd=0xb01e0, Text = 用户指定节名(小于8个字符):, ClassName = Button(RadioButton).
Pid = 1160, Hwnd=0xb01a2, Text = 清除所有节名, ClassName = Button(RadioButton).
Pid = 1160, Hwnd=0xb019c, Text = 使用随机数命名(0000000-9999999), ClassName = Button(RadioButton).
Pid = 1160, Hwnd=0xc01b2, Text = 语言:, ClassName = Static.
Pid = 1160, Hwnd=0xc01ee, Text = 处理共享节, ClassName = Button(CheckBox).
Pid = 1160, Hwnd=0xb018a, Text = 压缩资源, ClassName = Button(CheckBox).
Pid = 1160, Hwnd=0xa01f0, Text = 忽略重定位节, ClassName = Button(CheckBox).
Pid = 1160, Hwnd=0xc01da, Text = 在压缩前备份程序, ClassName = Button(CheckBox).
Pid = 1160, Hwnd=0xc01a6, Text = 保留额外数据, ClassName = Button(CheckBox).
Pid = 1160, Hwnd=0xb0200, Text = 使用Shell右键扩展, ClassName = Button(CheckBox).
Pid = 1160, Hwnd=0xd01f6, Text = 强制压缩, ClassName = Button(CheckBox).
Pid = 1160, Hwnd=0xc017a, Text = 退出保存设置, ClassName = Button(CheckBox).
Pid = 1160, Hwnd=0xb015e, Text = 节名称:, ClassName = Button(GroupBox).
行为描述:直接操作物理设备
详情信息:\??\PhysicalDrive0
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号