VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

文件信息
安全评分 :78
基本信息
MD5:6ce8bfc12ee2cb03207f6486840827d0
文件类型:zip
出品公司:
版本:
壳或编译器信息:
子文件信息:jshint.js / 8884912b7633f12e6503e22e82f2aa24 / Unknown
codemirror.js / b3d1c9d9ffdbb1273c8ee3072a1211e6 / Unknown
background.js / 56bb6529ca9fd668c39e00140f4a64f4 / Unknown
Roboto-Light-webfont.woff / 9ba9494f703dd09cf1da7b83daee41f7 / Unknown
jquery.js / 62e30e1e5b6625b9bf20c3d482b96dee / Unknown
options.js / 929b15c5cdd2e092af430c6eb2ba17a7 / Unknown
vim.js / e7270377d6583a570b3acf5f7cc64bdd / Unknown
messages.json / f594bf5ec73dfb55e87b9df4ff5412bd / Unknown
messages.json / 841413ec3cb7526324f01f368d4c5473 / Unknown
messages.json / c31fe6bfdc4dbc0ec78f32edb56a3b5e / Unknown
messages.json / 5a5a8e1f617712a88382293a903e9d7b / Unknown
page.js / 1e7dcb0d54128590dd7d6520e0b10854 / Unknown
messages.json / b2e8af67e0d2ed774449d306423d1785 / Unknown
messages.json / 2a8ec7f6f91aa05983f363915930563d / Unknown
messages.json / 4b3f2e43f2d8485fc639262438e4c0ea / Unknown
messages.json / a303182effce52de5103429ec24b40ea / Unknown
messages.json / 3b25b313037a686a1f6cb1cf32a806f7 / Unknown
messages.json / 538ca3e3b5757346df2dd0505ed0b633 / Unknown
messages.json / c1e48f238739e9c97efa0807e0009eb2 / Unknown
关键行为
行为描述:获取窗口截图信息
详情信息:Foreground window Info: HWND = 0x00000000, DC = 0x6c0104ed.
进程行为
行为描述:创建本地线程
详情信息:TargetProcess: wscript.exe, InheritedFromPID = 1944, ProcessID = 3028, ThreadID = 3052, StartAddress = 01002FD4, Parameter = 008E44A0
TargetProcess: wscript.exe, InheritedFromPID = 1944, ProcessID = 3028, ThreadID = 3056, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: wscript.exe, InheritedFromPID = 1944, ProcessID = 3028, ThreadID = 3060, StartAddress = 765E964D, Parameter = 001C1990
TargetProcess: wscript.exe, InheritedFromPID = 1944, ProcessID = 3028, ThreadID = 3064, StartAddress = 77E56C7D, Parameter = 001BBBC0
TargetProcess: wscript.exe, InheritedFromPID = 1944, ProcessID = 3028, ThreadID = 3068, StartAddress = 769AE43B, Parameter = 001A83E8
文件行为
行为描述:查找文件
详情信息:FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\syncinfo.js
其他行为
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
行为描述:创建事件对象
详情信息:EventName = Global\crypt32LogoffEvent
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
行为描述:打开事件
详情信息:MSFT.VSA.COM.DISABLE.3028
MSFT.VSA.IEC.STATUS.6c736db0
Global\crypt32LogoffEvent
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000052
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000052
MSCTF.SendReceive.Event.ELH.IC
MSCTF.SendReceiveConection.Event.ELH.IC
行为描述:窗口信息
详情信息:Pid = 3028, Hwnd=0x60380, Text = 确定, ClassName = Button.
Pid = 3028, Hwnd=0xa03b0, Text = 脚本: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\syncinfo.js 行: 1 字符: 1 错误: "Registry" 未定义 代码: 800A1391 源: Microsoft JScript 运行时错误 , ClassName = Static.
Pid = 3028, Hwnd=0x1b02b6, Text = Windows Script Host, ClassName = #32770.
行为描述:获取窗口截图信息
详情信息:Foreground window Info: HWND = 0x00000000, DC = 0x6c0104ed.
行为描述:打开互斥体
详情信息:ShimCacheMutex
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号