VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

文件信息
安全评分 :50
基本信息
MD5:64f6ded30f2d43ea5362169f487611c8
文件类型:Rar
出品公司:
版本:
壳或编译器信息:
子文件信息:jianrong.ocx / 8e0e41df12f5d6cfc14f586b06e372ce / DLL
ewe.dll / f9a9468f2e479a9958e1fc516757f300 / DLL
枫叶美食大战老鼠V11.5.exe / bcffd7f3717c03c59c5520c6285fa439 / EXE
HPSocket4C.dll / 707aa56cf742eb934185edf0a69d7289 / DLL
牡丹花服务器V1.3.exe / 0c95201cd8b3a4f6f77220eb6bf8fc9e / EXE
fzbj.jpg / fb484c84661d26a7aafe6c5bf11a4b1e / Unknown
qdbj.jpg / 942de08495fb5fe161f67447d9b8ab34 / Unknown
AABBCCDDEEFF.dll / 246fc4d2d26118562a93414acc2e7046 / DLL
dlym.htm / aeb913a3f8bcc12c2933a28dcc031f8c / Unknown
cj.htm / 9ef308003df4c7686c91fb820d3feaee / Unknown
kong.htm / 7ea1561eb730f36a134cc4df1524dd3e / Unknown
关键行为
行为描述:直接调用系统关键API
详情信息:Index = 0x00000011, Name: NtAllocateVirtualMemory, Instruction Address = 0x00403245
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x0040CD6F
Index = 0x000000B2, Name: NtQueryVirtualMemory, Instruction Address = 0x00403245
行为描述:直接获取CPU时钟
详情信息:EAX = 0xce62e9fc, EDX = 0x000000bb
EAX = 0xce62ea48, EDX = 0x000000bb
EAX = 0xce62ea94, EDX = 0x000000bb
EAX = 0xce62eae0, EDX = 0x000000bb
EAX = 0xce62eb2c, EDX = 0x000000bb
EAX = 0xce62eb78, EDX = 0x000000bb
EAX = 0xce62ebc4, EDX = 0x000000bb
EAX = 0xce62ec10, EDX = 0x000000bb
EAX = 0xce62ec5c, EDX = 0x000000bb
EAX = 0xce62eca8, EDX = 0x000000bb
行为描述:获取窗口截图信息
详情信息:Foreground window Info: HWND = 0x00010348, DC = 0x01010057.
Foreground window Info: HWND = 0x0001034a, DC = 0x01010057.
行为描述:在桌面创建文件
详情信息:C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\AABBCCDDEEFF.dll
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ewe.dll
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\HPSocket4C.dll
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\枫叶美食大战老鼠V11.5.exe
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\牡丹花服务器V1.3.exe
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ziyuanwenjian\cj.htm
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ziyuanwenjian\dlym.htm
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ziyuanwenjian\fzbj.jpg
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ziyuanwenjian\jianrong.ocx
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ziyuanwenjian\kong.htm
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ziyuanwenjian\qdbj.jpg
进程行为
行为描述:创建本地线程
详情信息:TargetProcess: 枫叶美食大战老鼠V11.5.exe, InheritedFromPID = 2000, ProcessID = 3428, ThreadID = 3464, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: 枫叶美食大战老鼠V11.5.exe, InheritedFromPID = 2000, ProcessID = 3428, ThreadID = 3472, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: 枫叶美食大战老鼠V11.5.exe, InheritedFromPID = 2000, ProcessID = 3428, ThreadID = 3488, StartAddress = 0040ED88, Parameter = 00000001
TargetProcess: 枫叶美食大战老鼠V11.5.exe, InheritedFromPID = 2000, ProcessID = 3428, ThreadID = 3492, StartAddress = 0040ED88, Parameter = 00000002
TargetProcess: 枫叶美食大战老鼠V11.5.exe, InheritedFromPID = 2000, ProcessID = 3428, ThreadID = 3496, StartAddress = 0040ED88, Parameter = 00000003
TargetProcess: 枫叶美食大战老鼠V11.5.exe, InheritedFromPID = 2000, ProcessID = 3428, ThreadID = 3504, StartAddress = 76B2AEAF, Parameter = 00000000
TargetProcess: 枫叶美食大战老鼠V11.5.exe, InheritedFromPID = 2000, ProcessID = 3428, ThreadID = 3516, StartAddress = 0041411B, Parameter = 00000000
行为描述:枚举进程
详情信息:N/A
文件行为
行为描述:创建可执行文件
详情信息:C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\AABBCCDDEEFF.dll
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ewe.dll
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\HPSocket4C.dll
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\枫叶美食大战老鼠V11.5.exe
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\牡丹花服务器V1.3.exe
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ziyuanwenjian\jianrong.ocx
行为描述:修改文件内容
详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\AABBCCDDEEFF.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\AABBCCDDEEFF.dll ---> Offset = 233472
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\AABBCCDDEEFF.dll ---> Offset = 241664
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\AABBCCDDEEFF.dll ---> Offset = 0
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\AABBCCDDEEFF.dll ---> Offset = 65536
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\AABBCCDDEEFF.dll ---> Offset = 131072
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\AABBCCDDEEFF.dll ---> Offset = 196608
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ewe.dll ---> Offset = 0
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ewe.dll ---> Offset = 65536
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ewe.dll ---> Offset = 131072
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ewe.dll ---> Offset = 196608
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ewe.dll ---> Offset = 262144
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\HPSocket4C.dll ---> Offset = 0
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\HPSocket4C.dll ---> Offset = 65536
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\HPSocket4C.dll ---> Offset = 131072
行为描述:查找文件
详情信息:FileName = C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠
FileName = C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\MOD包
FileName = C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\ziyuanwenjian\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\枫叶美食大战老鼠V11.5\*.*
FileName = C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠.*
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
行为描述:复制文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\AABBCCDDEEFF.dll ---> C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\AABBCCDDEEFF.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\AABBCCDDEEFF.dll-samplefile ---> C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\AABBCCDDEEFF.dll-samplefile
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\ewe.dll ---> C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ewe.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\ewe.dll-samplefile ---> C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ewe.dll-samplefile
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\HPSocket4C.dll ---> C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\HPSocket4C.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\HPSocket4C.dll-samplefile ---> C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\HPSocket4C.dll-samplefile
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\枫叶美食大战老鼠V11.5.exe ---> C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\枫叶美食大战老鼠V11.5.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\枫叶美食大战老鼠V11.5.exe-samplefile ---> C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\枫叶美食大战老鼠V11.5.exe-samplefile
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\牡丹花服务器V1.3.exe ---> C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\牡丹花服务器V1.3.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\牡丹花服务器V1.3.exe-samplefile ---> C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\牡丹花服务器V1.3.exe-samplefile
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\ziyuanwenjian\cj.htm ---> C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ziyuanwenjian\cj.htm
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\ziyuanwenjian\cj.htm-samplefile ---> C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ziyuanwenjian\cj.htm-samplefile
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\ziyuanwenjian\dlym.htm ---> C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ziyuanwenjian\dlym.htm
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\ziyuanwenjian\dlym.htm-samplefile ---> C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ziyuanwenjian\dlym.htm-samplefile
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\ziyuanwenjian\fzbj.jpg ---> C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ziyuanwenjian\fzbj.jpg
行为描述:在桌面创建文件
详情信息:C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\AABBCCDDEEFF.dll
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ewe.dll
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\HPSocket4C.dll
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\枫叶美食大战老鼠V11.5.exe
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\牡丹花服务器V1.3.exe
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ziyuanwenjian\cj.htm
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ziyuanwenjian\dlym.htm
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ziyuanwenjian\fzbj.jpg
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ziyuanwenjian\jianrong.ocx
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ziyuanwenjian\kong.htm
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ziyuanwenjian\qdbj.jpg
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x32(BGR 0)
其他行为
行为描述:直接调用系统关键API
详情信息:Index = 0x00000011, Name: NtAllocateVirtualMemory, Instruction Address = 0x00403245
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x0040CD6F
Index = 0x000000B2, Name: NtQueryVirtualMemory, Instruction Address = 0x00403245
行为描述:创建互斥体
详情信息:RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
行为描述:创建事件对象
详情信息:EventName = DINPUTWINMM
行为描述:打开互斥体
详情信息:RasPbFile
ShimCacheMutex
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
_fCanRegisterWithShellService
行为描述:调整进程token权限
详情信息:SE_LOAD_DRIVER_PRIVILEGE
行为描述:窗口信息
详情信息:Pid = 3428, Hwnd=0x10348, Text = 是(&Y), ClassName = Button.
Pid = 3428, Hwnd=0x1034a, Text = 否(&N), ClassName = Button.
Pid = 3428, Hwnd=0x1034e, Text = 为了更好的使用本辅助,强力推荐解压后运行 是否立即解压本辅助, ClassName = Static.
Pid = 3428, Hwnd=0x20346, Text = 信息:, ClassName = #32770.
行为描述:获取窗口截图信息
详情信息:Foreground window Info: HWND = 0x00010348, DC = 0x01010057.
Foreground window Info: HWND = 0x0001034a, DC = 0x01010057.
行为描述:可执行文件签名信息
详情信息:C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\AABBCCDDEEFF.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ewe.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\HPSocket4C.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\枫叶美食大战老鼠V11.5.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\牡丹花服务器V1.3.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ziyuanwenjian\jianrong.ocx(签名验证: 未通过)
行为描述:可执行文件MD5
详情信息:C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\AABBCCDDEEFF.dll ---> 246fc4d2d26118562a93414acc2e7046
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ewe.dll ---> f9a9468f2e479a9958e1fc516757f300
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\HPSocket4C.dll ---> 707aa56cf742eb934185edf0a69d7289
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\枫叶美食大战老鼠V11.5.exe ---> bcffd7f3717c03c59c5520c6285fa439
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\牡丹花服务器V1.3.exe ---> 0c95201cd8b3a4f6f77220eb6bf8fc9e
C:\Documents and Settings\Administrator\桌面\枫叶美食大战老鼠\ziyuanwenjian\jianrong.ocx ---> 文件过大!
行为描述:直接获取CPU时钟
详情信息:EAX = 0xce62e9fc, EDX = 0x000000bb
EAX = 0xce62ea48, EDX = 0x000000bb
EAX = 0xce62ea94, EDX = 0x000000bb
EAX = 0xce62eae0, EDX = 0x000000bb
EAX = 0xce62eb2c, EDX = 0x000000bb
EAX = 0xce62eb78, EDX = 0x000000bb
EAX = 0xce62ebc4, EDX = 0x000000bb
EAX = 0xce62ec10, EDX = 0x000000bb
EAX = 0xce62ec5c, EDX = 0x000000bb
EAX = 0xce62eca8, EDX = 0x000000bb
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号