VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

文件信息
安全评分 :79
基本信息
MD5:5e702e2ca3dc7bf48f6b6e9b19496548
文件类型:Rar
出品公司:
版本:
壳或编译器信息:
子文件信息:Xceed.Wpf.Toolkit.dll / 0d47f99ada12dad4894c4298b9348e88 / DLL
Newtonsoft.Json.pdb / bc5d85c6bb797ac107fb3f1b6809aeee / Unknown
WindowsBase.dll / 6fc86c9c70b76b297df360bf721e9021 / DLL
Newtonsoft.Json.dll / c3c04754418382f505cafc18d64427f5 / DLL
Newtonsoft.Json.xml / 14a39a6b2b68c36eb2b6a0bc5ee23f66 / Unknown
InstagramBot.exe / 578ce2c3e43a4ee648f5973e9ebe1613 / EXE
InstagramBot.pdb / 3a0e26e0faa5e12f4582c358603ba068 / Unknown
InstagramBot.exe.manifest / 444ba0ef7ce50129d1fe02b4d0853c48 / Unknown
README.md / e1ddfe2644d5838a2334697aba3a5412 / Unknown
InstagramBot.application / e7239ed717810806881f182abf68ae01 / Unknown
kabillo_cracker_-session.dat / 7276d0c6026addb28176baa9eca44316 / Unknown
kabillo_cracker_-settings.dat / af63f18dcea0c7e3bdb52272ecf34940 / Unknown
kabillo_cracker_-log.txt / fef52e09129c5b26ad5c9792b88803fe / Unknown
comments.dat / d6424853e778d6f65603ffd5fd087de1 / Unknown
InstagramBot.exe.config / ffc636063e5734ac8064a4be379ed60c / Unknown
-log.txt / af593644f449e3c7087a4e6d5519bab1 / Unknown
kabillo_cracker_-bot-follow-list.dat / 72ce32b49662704a527ee36da4fda757 / Unknown
last-login.dat / 42dc0cca58a5e31cbc31bd1000c32a6c / Unknown
.gitignore / e5efe0bdb01a095fcfa969a17e55b8aa / Unknown
关键行为
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x000301b6, Text = Instabot.pw, ClassName = HwndWrapper[InstagramBot.exe;;dad1dd2f-0061-4202-93a6-0dcc7f8ccf07].
行为描述:设置特殊文件夹属性
详情信息:C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
行为描述:直接获取CPU时钟
详情信息:EAX = 0x1b495985, EDX = 0x00000087
EAX = 0x1b4959d1, EDX = 0x00000087
EAX = 0x1dd1295a, EDX = 0x00000087
EAX = 0x1dd129a6, EDX = 0x00000087
EAX = 0x23372852, EDX = 0x00000087
EAX = 0x2337289e, EDX = 0x00000087
EAX = 0xbcedad51, EDX = 0x00000087
EAX = 0xbcedad9d, EDX = 0x00000087
EAX = 0xbfa0ad19, EDX = 0x00000087
EAX = 0xbfa0ad65, EDX = 0x00000087
行为描述:获取TickCount值
详情信息:TickCount = 219125, SleepMilliseconds = 60000.
TickCount = 219234, SleepMilliseconds = 60000.
TickCount = 219328, SleepMilliseconds = 60000.
TickCount = 219578, SleepMilliseconds = 60000.
TickCount = 219671, SleepMilliseconds = 60000.
TickCount = 219859, SleepMilliseconds = 60000.
TickCount = 219937, SleepMilliseconds = 60000.
TickCount = 219953, SleepMilliseconds = 60000.
TickCount = 220000, SleepMilliseconds = 60000.
TickCount = 220031, SleepMilliseconds = 60000.
TickCount = 220046, SleepMilliseconds = 60000.
TickCount = 220062, SleepMilliseconds = 60000.
TickCount = 220078, SleepMilliseconds = 60000.
TickCount = 220093, SleepMilliseconds = 60000.
TickCount = 220109, SleepMilliseconds = 60000.
文件行为
行为描述:创建文件
详情信息:C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WPF719C.tmp
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WPF7C3C.tmp
行为描述:覆盖已有文件
详情信息:C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WPF719C.tmp
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WPF7C3C.tmp
行为描述:删除文件
详情信息:C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WPF719C.tmp
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WPF7C3C.tmp
行为描述:设置特殊文件夹属性
详情信息:C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
行为描述:查找文件
详情信息:FileName = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\Windows\Microsoft.NET\Framework\\*
FileName = C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
FileName = C:\Users
FileName = C:\Users\Administrator\AppData
FileName = C:\Users\Administrator\AppData\Local
FileName = C:\Users\Administrator\AppData\Local\Temp
FileName = C:\Users\Administrator\AppData\Local\%temp%
FileName = C:\Users\Administrator
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\Instagram-bot-cs -master 1.0.6.2
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\Instagram-bot-cs -master 1.0.6.2\InstagramBot.exe
FileName = C:\Windows\assembly\NativeImages_v4.0.30319_32\InstagramBot\*
FileName = C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\*
FileName = C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\*
网络行为
行为描述:建立到一个指定的套接字连接
详情信息:URL: sc****om, IP: **.133.40.**:443, SOCKET = 0x00000568
URL: sc****om, IP: **.133.40.**:443, SOCKET = 0x00000534
URL: in****pw, IP: **.133.40.**:443, SOCKET = 0x00000294
行为描述:按名称获取主机地址
详情信息:GetAddrInfoW: sc****om
GetAddrInfoW: in****pw
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Direct3D\MostRecentApplication\Name
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\InstagramBot_RASAPI32\EnableFileTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\InstagramBot_RASAPI32\EnableConsoleTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\InstagramBot_RASAPI32\FileTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\InstagramBot_RASAPI32\ConsoleTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\InstagramBot_RASAPI32\MaxFileSize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\InstagramBot_RASAPI32\FileDirectory
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\InstagramBot_RASMANCS\EnableFileTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\InstagramBot_RASMANCS\EnableConsoleTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\InstagramBot_RASMANCS\FileTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\InstagramBot_RASMANCS\ConsoleTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\InstagramBot_RASMANCS\MaxFileSize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\InstagramBot_RASMANCS\FileDirectory
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\S-*\Software\Microsoft\CTF\CUAS\DefaultCompositionWindow\Left
行为描述:删除注册表键值
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
其他行为
行为描述:获取光标位置
详情信息:CursorPos = (48,18794), SleepMilliseconds = 60000.
CursorPos = (6341,26827), SleepMilliseconds = 60000.
CursorPos = (19176,16051), SleepMilliseconds = 60000.
CursorPos = (11485,29685), SleepMilliseconds = 60000.
行为描述:创建互斥体
详情信息:Local\__DDrawExclMode__
Local\__DDrawCheckExclMode__
Local\_!MSFTHISTORY!_
Local\c:!users!administrator!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Local\c:!users!administrator!appdata!roaming!microsoft!windows!cookies!
Local\c:!users!administrator!appdata!local!microsoft!windows!history!history.ie5!
RasPbFile
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\!IETld!Mutex
行为描述:创建事件对象
详情信息:EventName = Global\CPFATE_3908_v4.0.30319
行为描述:检测自身是否被调试
详情信息:IsDebuggerPresent
行为描述:打开互斥体
详情信息:Local\_!MSFTHISTORY!_
Local\c:!users!administrator!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Local\c:!users!administrator!appdata!roaming!microsoft!windows!cookies!
Local\c:!users!administrator!appdata!local!microsoft!windows!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!IETld!Mutex
Local\MSCTF.Asm.MutexDefault1
行为描述:窗口信息
详情信息:Pid = 3908, Hwnd=0x301b6, Text = Instabot.pw, ClassName = HwndWrapper[InstagramBot.exe;;dad1dd2f-0061-4202-93a6-0dcc7f8ccf07].
行为描述:获取TickCount值
详情信息:TickCount = 219125, SleepMilliseconds = 60000.
TickCount = 219234, SleepMilliseconds = 60000.
TickCount = 219328, SleepMilliseconds = 60000.
TickCount = 219578, SleepMilliseconds = 60000.
TickCount = 219671, SleepMilliseconds = 60000.
TickCount = 219859, SleepMilliseconds = 60000.
TickCount = 219937, SleepMilliseconds = 60000.
TickCount = 219953, SleepMilliseconds = 60000.
TickCount = 220000, SleepMilliseconds = 60000.
TickCount = 220031, SleepMilliseconds = 60000.
TickCount = 220046, SleepMilliseconds = 60000.
TickCount = 220062, SleepMilliseconds = 60000.
TickCount = 220078, SleepMilliseconds = 60000.
TickCount = 220093, SleepMilliseconds = 60000.
TickCount = 220109, SleepMilliseconds = 60000.
行为描述:调整进程token权限
详情信息:SE_DEBUG_PRIVILEGE
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x000301b6, Text = Instabot.pw, ClassName = HwndWrapper[InstagramBot.exe;;dad1dd2f-0061-4202-93a6-0dcc7f8ccf07].
行为描述:打开事件
详情信息:Global\CLR_PerfMon_StartEnumEvent
\KernelObjects\LowMemoryCondition
HookSwitchHookEnabledEvent
MSFT.VSA.COM.DISABLE.3908
MSFT.VSA.IEC.STATUS.6c736db0
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
Global\TermSrvReadyEvent
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
行为描述:调用Sleep函数
详情信息:[1]: MilliSeconds = 60000.
[2]: MilliSeconds = -1.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 0.
[5]: MilliSeconds = 0.
[6]: MilliSeconds = 0.
[7]: MilliSeconds = 0.
[8]: MilliSeconds = 0.
[9]: MilliSeconds = 0.
[10]: MilliSeconds = 0.
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [CiceroUIWndFrame,CiceroUIWndFrame]
[Window,Class] = [,MSCTFComposition]
行为描述:直接获取CPU时钟
详情信息:EAX = 0x1b495985, EDX = 0x00000087
EAX = 0x1b4959d1, EDX = 0x00000087
EAX = 0x1dd1295a, EDX = 0x00000087
EAX = 0x1dd129a6, EDX = 0x00000087
EAX = 0x23372852, EDX = 0x00000087
EAX = 0x2337289e, EDX = 0x00000087
EAX = 0xbcedad51, EDX = 0x00000087
EAX = 0xbcedad9d, EDX = 0x00000087
EAX = 0xbfa0ad19, EDX = 0x00000087
EAX = 0xbfa0ad65, EDX = 0x00000087
行为描述:导入密钥
详情信息:[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x6913D99C, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x691FB90C, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x68700B70, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x68981B5B, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x6753AD00, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x679BAF7F, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x003C6454, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x003C64FC, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x003C664C, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x04728A9A, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x003C7174, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x003C72C4, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x003CDBEC, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x003CDBF4, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x66B58A1C, DataLen: 148, Flags: 0x00000000
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号