VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

文件信息
安全评分 :50
基本信息
MD5:8881f883bfae6e6968bce5739d1a0f02
文件类型:zip
出品公司:
版本:
壳或编译器信息:
子文件信息:DiskMark64.exe / ca5a97c5173a403d47a538a193feb323 / EXE
DiskMark32.exe / 560f921cd9e11612d3f3d2e27fdf013d / EXE
diskspd64.exe / 71aae83f044c6044bafbf4a640840a20 / EXE
diskspd32.exe / 73ff9f35b0ec076debd647e718289912 / EXE
icon.png / d54d6fe80b8dfd29addf20f218c8d6fb / Unknown
background.png / 8c3e6413b08e8a70e5d8c2827296557b / Unknown
background.png / 99d1c33daf31d5e1c4132361bfdafb0e / Unknown
background.png / eb086d4bf293a03d57ed3f8cddea60a5 / Unknown
meterbg.png / afa216d5a421495fc5fadbc05898b435 / Unknown
meter.png / 7a8e15c436aee0d06bff2f074c5a4838 / Unknown
line.png / eead74234e195caf228bead61c47aa45 / Unknown
button.png / aa68bfad60531fb81653b68cf5a0ae41 / Unknown
Main.html / 7f2d85fbf23f81174acedeb6ae1fd1db / Unknown
Main8.html / 1fb3cf967995f2ba4088ef8bbf2f571b / Unknown
buttonHover.png / e03a567db26618c21ef6d4015097d0d6 / Unknown
Main.css / cc5cfc9586c1df8a720aa4fae0fb12eb / Unknown
Main.css / 81d01e5ed703d74c2311c30b430030c2 / Unknown
Main.css / 2c74c1256694affc54bb8fb3ee4f609c / Unknown
Main.css / 2166dffbbf5d82ca16f8a09bc113106d / Unknown
关键行为
行为描述:设置特殊文件夹属性
详情信息:C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018061420180615
行为描述:获取TickCount值
详情信息:TickCount = 226750, SleepMilliseconds = 60000.
TickCount = 226765, SleepMilliseconds = 60000.
TickCount = 226781, SleepMilliseconds = 60000.
TickCount = 226796, SleepMilliseconds = 60000.
TickCount = 226812, SleepMilliseconds = 60000.
文件行为
行为描述:创建文件
详情信息:C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\DiskMark32.ini
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018061420180615\index.dat
行为描述:删除文件
详情信息:C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017110320171104\index.dat
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017112320171124\index.dat
行为描述:修改文件内容
详情信息:C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\DiskMark32.ini ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\DiskMark32.ini ---> Offset = 26
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018061420180615\index.dat ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\DiskMark32.ini ---> Offset = 39
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\DiskMark32.ini ---> Offset = 51
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\DiskMark32.ini ---> Offset = 79
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\DiskMark32.ini ---> Offset = 94
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\DiskMark32.ini ---> Offset = 106
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\DiskMark32.ini ---> Offset = 119
行为描述:设置特殊文件夹属性
详情信息:C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018061420180615
行为描述:查找文件
详情信息:FileName = C:\Users
FileName = C:\Users\Administrator\AppData
FileName = C:\Users\Administrator\AppData\Local
FileName = C:\Users\Administrator\AppData\Local\Temp
FileName = C:\Users\Administrator\AppData\Local\%temp%
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\CdmResource\language\\*.lang
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\CdmResource\theme\\*.*
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\CdmResource\theme\\..\Main.css
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\CdmResource\theme\\blue\Main.css
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\CdmResource\theme\\default\Main.css
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\CdmResource\theme\\FlatSquare\Main.css
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\CdmResource\theme\\flower\Main.css
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\CdmResource\theme\\Shizuku\Main.css
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\CdmResource\theme\\wine\Main.css
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\CdmResource\dialog
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018061420180615\CachePath
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018061420180615\CachePrefix
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018061420180615\CacheLimit
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018061420180615\CacheOptions
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018061420180615\CacheRepair
行为描述:删除注册表键值
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
行为描述:删除注册表键
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017110320171104\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017112320171124\
其他行为
行为描述:检测自身是否被调试
详情信息:IsDebuggerPresent
行为描述:创建互斥体
详情信息:Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\!IETld!Mutex
Local\_!MSFTHISTORY!_
Local\c:!users!administrator!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Local\c:!users!administrator!appdata!roaming!microsoft!windows!cookies!
Local\c:!users!administrator!appdata!local!microsoft!windows!history!history.ie5!
_!SHMSFTHISTORY!_
Local\c:!users!administrator!appdata!local!microsoft!windows!history!history.ie5!mshist012018061420180615!
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,Shell Embedding]
[Window,Class] = [,Internet Explorer_Server]
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
行为描述:窗口信息
详情信息:Pid = 3432, Hwnd=0x20170, Text = CrystalDiskMark 6.0.1 , ClassName = #32770.
行为描述:获取TickCount值
详情信息:TickCount = 226750, SleepMilliseconds = 60000.
TickCount = 226765, SleepMilliseconds = 60000.
TickCount = 226781, SleepMilliseconds = 60000.
TickCount = 226796, SleepMilliseconds = 60000.
TickCount = 226812, SleepMilliseconds = 60000.
行为描述:获取光标位置
详情信息:CursorPos = (48,18794), SleepMilliseconds = 60000.
CursorPos = (6341,26827), SleepMilliseconds = 60000.
CursorPos = (19176,16051), SleepMilliseconds = 60000.
CursorPos = (11485,29685), SleepMilliseconds = 60000.
CursorPos = (26969,24791), SleepMilliseconds = 60000.
CursorPos = (5712,28472), SleepMilliseconds = 60000.
CursorPos = (23288,17154), SleepMilliseconds = 60000.
CursorPos = (9968,818), SleepMilliseconds = 60000.
CursorPos = (3002,12269), SleepMilliseconds = 60000.
CursorPos = (4834,5763), SleepMilliseconds = 60000.
CursorPos = (32398,14931), SleepMilliseconds = 60000.
CursorPos = (3909,480), SleepMilliseconds = 60000.
CursorPos = (299,12709), SleepMilliseconds = 60000.
CursorPos = (17428,19043), SleepMilliseconds = 60000.
CursorPos = (19725,20222), SleepMilliseconds = 60000.
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
\KernelObjects\MaximumCommitCondition
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
MSFT.VSA.COM.DISABLE.3432
MSFT.VSA.IEC.STATUS.6c736db0
Global\TabletHardwarePresent
Global\SvcctrlStartEvent_A3752DX
行为描述:调用Sleep函数
详情信息:[1]: MilliSeconds = 60000.
行为描述:打开互斥体
详情信息:Local\WininetStartupMutex
Local\!IETld!Mutex
Local\MSCTF.Asm.MutexDefault1
Local\_!MSFTHISTORY!_
Local\c:!users!administrator!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Local\c:!users!administrator!appdata!roaming!microsoft!windows!cookies!
Local\c:!users!administrator!appdata!local!microsoft!windows!history!history.ie5!
_!SHMSFTHISTORY!_
Local\c:!users!administrator!appdata!local!microsoft!windows!history!history.ie5!mshist012018061420180615!
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号