VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
文件信息
安全评分 :74
基本信息
MD5:81fa47aa4864059f5abc2ef8749bb078
文件类型:EXE
出品公司:
版本:
壳或编译器信息:COMPILER:Elan
关键行为
行为描述:写权限映射文件
详情信息:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
Local\!PrivacIE!SharedMem!Counter
\WINDOWS\system32\zh-cn\mshtml.dll.mui
MSCTF.MarshalInterface.FileMap.AOJ..CAMFF
MSCTF.MarshalInterface.FileMap.AOJ.B.CAMFF
MSCTF.MarshalInterface.FileMap.AOJ.C.CAMFF
MSCTF.MarshalInterface.FileMap.AOJ.D.CAMFF
MSCTF.MarshalInterface.FileMap.AOJ.E.CAMFF
MSCTF.MarshalInterface.FileMap.AOJ.F.CAMFF
MSCTF.MarshalInterface.FileMap.AOJ.G.CAMFF
MSCTF.MarshalInterface.FileMap.AOJ.H.CAMFF
MSCTF.MarshalInterface.FileMap.AOJ.I.CAMFF
MSCTF.MarshalInterface.FileMap.AOJ.J.CBMFF
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
文件行为
行为描述:写权限映射文件
详情信息:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
Local\!PrivacIE!SharedMem!Counter
\WINDOWS\system32\zh-cn\mshtml.dll.mui
MSCTF.MarshalInterface.FileMap.AOJ..CAMFF
MSCTF.MarshalInterface.FileMap.AOJ.B.CAMFF
MSCTF.MarshalInterface.FileMap.AOJ.C.CAMFF
MSCTF.MarshalInterface.FileMap.AOJ.D.CAMFF
MSCTF.MarshalInterface.FileMap.AOJ.E.CAMFF
MSCTF.MarshalInterface.FileMap.AOJ.F.CAMFF
MSCTF.MarshalInterface.FileMap.AOJ.G.CAMFF
MSCTF.MarshalInterface.FileMap.AOJ.H.CAMFF
MSCTF.MarshalInterface.FileMap.AOJ.I.CAMFF
MSCTF.MarshalInterface.FileMap.AOJ.J.CBMFF
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述:修改文件内容
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\dnserrordiagoff_webOC[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\errorPageStrings[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[3]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[2]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\info_48[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\down[2]---> Offset = 0
网络行为
行为描述:连接指定站点
详情信息:InternetConnectA: ServerName = box.zhangmen.baidu.com, PORT = 80
行为描述:建立到一个指定的套接字连接
详情信息:127.0.0.1:1032
行为描述:打开HTTP请求
详情信息:HttpOpenRequestA: box.zhangmen.baidu.com:80/m?tn=baidumt&gate=cb&from=idd&l_cb=http%3a%2f%2fmp3.baidu.com%2fm%3ff%3dms%26rn%3d%26tn%3dbdmp3idjs%26ct%3d134217728%26word%3d%25bc%25a4%25c7%25e9dj%26lm%3d-1&s_o=15, hConnect = 0x00000540
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
行为描述:删除注册表键值_IE连接设置
详情信息:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
其他行为
行为描述:打开指定IE网页
详情信息:http://www.juxiangyou.com/r3413217
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [,Microsoft Internet Explorer]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
Local\!PrivacIE!SharedMemory!Mutex
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.AOJ
行为描述:窗口信息
详情信息:Pid = 2524, Hwnd=0x20368, Text = 停止攻击, ClassName = Button.
Pid = 2524, Hwnd=0x10360, Text = 攻击IP :, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2524, Hwnd=0x1035e, Text = 攻击线程:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2524, Hwnd=0x1035a, Text = 25, ClassName = Edit.
Pid = 2524, Hwnd=0x10356, Text = 开始攻击, ClassName = Button.
Pid = 2524, Hwnd=0x10354, Text = 222.246.129.82, ClassName = Edit.
Pid = 2524, Hwnd=0x10352, Text = 死神IP攻击器, ClassName = WTWindow.
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号