VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

文件信息
安全评分 :74
基本信息
MD5:74979a1ef13a969a29d6b68007d5bd7d
文件类型:zip
出品公司:
版本:
壳或编译器信息:COMPILER:Elan
子文件信息:半夏40.exe / 208344bb3e7d71f34b1f0cf5cce5aa86 / EXE
破解补丁.exe / d94229d98fc830ad295713d9390675d3 / EXE
关键行为
行为描述:写权限映射文件
详情信息:CiceroSharedMemDefaultS-*
Local\UrlZonesSM_Administrator
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,Button]
[Window,Class] = [,_EL_Timer]
进程行为
行为描述:枚举进程
详情信息:N/A
文件行为
行为描述:写权限映射文件
详情信息:CiceroSharedMemDefaultS-*
Local\UrlZonesSM_Administrator
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述:修改文件内容
详情信息:C:\kss.ini---> Offset = 0
行为描述:查找文件
详情信息:FileName = c:\windows\system32\drivers\etc\hosts
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
网络行为
行为描述:连接指定站点
详情信息:InternetConnectA: ServerName = vv9.hphu.com, PORT = 8081
行为描述:建立到一个指定的套接字连接
详情信息:127.0.0.1:1031
行为描述:打开HTTP请求
详情信息:HttpOpenRequestA: vv9.hphu.com:8081/kss_api/io.php?a=uplog&apiver=905&c=0&gdata=1&softcode=1002501&&lgid=0&f=&x=51122486171, hConnect = 0x0000056c
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ID
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
行为描述:删除注册表键
详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW
行为描述:删除注册表键值_IE连接设置
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
行为描述:删除注册表键值
详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\DWFileTreeRoot
其他行为
行为描述:创建互斥体
详情信息:RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
DDrawWindowListMutex
DDrawDriverObjectListMutex
__DDrawExclMode__
__DDrawCheckExclMode__
ini_read_write
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,Button]
[Window,Class] = [,_EL_Timer]
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号