VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

文件信息
安全评分 :60
基本信息
MD5:90a5e92cbebb333e6e56fc57697ba0e1
文件类型:EXE
出品公司:SecurityXploded
版本:7.5.0.0---7.5
壳或编译器信息:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [Overlay] *
关键行为
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x001601b4, Text = VirusTotal Scanner Setup, ClassName = #32770.
行为描述:直接获取CPU时钟
详情信息:EAX = 0xa24a1c41, EDX = 0x0000039d
EAX = 0xaa37ea2a, EDX = 0x0000039d
EAX = 0xb7608680, EDX = 0x0000039d
EAX = 0xbc9b5539, EDX = 0x0000039d
EAX = 0xc9c3f18f, EDX = 0x0000039d
EAX = 0xc9c3f1db, EDX = 0x0000039d
行为描述:跨进程写入数据
详情信息:TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x00050000, Size = 0x00000020 TargetPID = 0x00000840
TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x00050020, Size = 0x00000034 TargetPID = 0x00000840
TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x7ffdf238, Size = 0x00000004 TargetPID = 0x00000840
TargetProcess = C:\Windows\System32\%temp%\****.exe, WriteAddress = 0x00050000, Size = 0x00000020 TargetPID = 0x000009e8
TargetProcess = C:\Windows\System32\%temp%\****.exe, WriteAddress = 0x00050020, Size = 0x00000034 TargetPID = 0x000009e8
TargetProcess = C:\Windows\System32\%temp%\****.exe, WriteAddress = 0x7ffd3238, Size = 0x00000004 TargetPID = 0x000009e8
TargetProcess = C:\Windows\System32\attrib.exe, WriteAddress = 0x00050000, Size = 0x00000020 TargetPID = 0x000008d8
TargetProcess = C:\Windows\System32\attrib.exe, WriteAddress = 0x00050020, Size = 0x00000034 TargetPID = 0x000008d8
TargetProcess = C:\Windows\System32\attrib.exe, WriteAddress = 0x7ffdc238, Size = 0x00000004 TargetPID = 0x000008d8
TargetProcess = C:\Windows\System32\%temp%\****.exe, WriteAddress = 0x00050000, Size = 0x00000020 TargetPID = 0x000008f4
TargetProcess = C:\Windows\System32\%temp%\****.exe, WriteAddress = 0x00050020, Size = 0x00000034 TargetPID = 0x000008f4
TargetProcess = C:\Windows\System32\%temp%\****.exe, WriteAddress = 0x7ffd8238, Size = 0x00000004 TargetPID = 0x000008f4
TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x00050000, Size = 0x00000020 TargetPID = 0x00000b80
TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x00050020, Size = 0x00000034 TargetPID = 0x00000b80
TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x7ffd3238, Size = 0x00000004 TargetPID = 0x00000b80
行为描述:获取TickCount值
详情信息:TickCount = 1165546, SleepMilliseconds = 60000.
TickCount = 1165562, SleepMilliseconds = 60000.
TickCount = 1165859, SleepMilliseconds = 60000.
TickCount = 1166015, SleepMilliseconds = 60000.
TickCount = 1166031, SleepMilliseconds = 60000.
TickCount = 1166046, SleepMilliseconds = 60000.
TickCount = 1166078, SleepMilliseconds = 60000.
TickCount = 1166125, SleepMilliseconds = 60000.
TickCount = 1166156, SleepMilliseconds = 60000.
TickCount = 1166171, SleepMilliseconds = 60000.
TickCount = 1166187, SleepMilliseconds = 60000.
TickCount = 1166250, SleepMilliseconds = 60000.
TickCount = 1166265, SleepMilliseconds = 60000.
TickCount = 1166296, SleepMilliseconds = 60000.
TickCount = 1166359, SleepMilliseconds = 60000.
进程行为
行为描述:隐藏窗口创建进程
详情信息:ImagePath = , CmdLine = "C:\Users\ADMINI~1\AppData\Local\Temp\EXEDF64.tmp.bat"
ImagePath = , CmdLine = "C:\Users\ADMINI~1\AppData\Local\Temp\EXEDFD3.tmp.bat"
行为描述:创建进程
详情信息:[0x00000840]ImagePath = C:\Windows\System32\cmd.exe, CmdLine = cmd /c ""C:\Users\ADMINI~1\AppData\Local\Temp\EXEDF64.tmp.bat" "
[0x000009e8]ImagePath = C:\Windows\System32\%temp%\****.exe, CmdLine = C:\Windows\System32\%temp%\****.exe guestsession --session-id=5 --session-proto=2 --user Administrator
[0x000008d8]ImagePath = C:\Windows\System32\attrib.exe, CmdLine = ATTRIB -r "\\?\C:\Users\ADMINI~1\AppData\Roaming\SECURI~1\VIRUST~1.5\install\VIRUST~1.MSI"
[0x000008f4]ImagePath = C:\Windows\System32\%temp%\****.exe, CmdLine = C:\Windows\System32\%temp%\****.exe guestsession --session-id=5 --session-proto=2 --user Administrator
[0x00000b80]ImagePath = C:\Windows\System32\cmd.exe, CmdLine = C:\Windows\system32\cmd.exe /S /D /c" del "C:\Users\ADMINI~1\AppData\Local\Temp\EXEDF64.tmp.bat" "
[0x0000078c]ImagePath = C:\Windows\System32\cmd.exe, CmdLine = C:\Windows\system32\cmd.exe /S /D /c" cls"
行为描述:跨进程写入数据
详情信息:TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x00050000, Size = 0x00000020 TargetPID = 0x00000840
TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x00050020, Size = 0x00000034 TargetPID = 0x00000840
TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x7ffdf238, Size = 0x00000004 TargetPID = 0x00000840
TargetProcess = C:\Windows\System32\%temp%\****.exe, WriteAddress = 0x00050000, Size = 0x00000020 TargetPID = 0x000009e8
TargetProcess = C:\Windows\System32\%temp%\****.exe, WriteAddress = 0x00050020, Size = 0x00000034 TargetPID = 0x000009e8
TargetProcess = C:\Windows\System32\%temp%\****.exe, WriteAddress = 0x7ffd3238, Size = 0x00000004 TargetPID = 0x000009e8
TargetProcess = C:\Windows\System32\attrib.exe, WriteAddress = 0x00050000, Size = 0x00000020 TargetPID = 0x000008d8
TargetProcess = C:\Windows\System32\attrib.exe, WriteAddress = 0x00050020, Size = 0x00000034 TargetPID = 0x000008d8
TargetProcess = C:\Windows\System32\attrib.exe, WriteAddress = 0x7ffdc238, Size = 0x00000004 TargetPID = 0x000008d8
TargetProcess = C:\Windows\System32\%temp%\****.exe, WriteAddress = 0x00050000, Size = 0x00000020 TargetPID = 0x000008f4
TargetProcess = C:\Windows\System32\%temp%\****.exe, WriteAddress = 0x00050020, Size = 0x00000034 TargetPID = 0x000008f4
TargetProcess = C:\Windows\System32\%temp%\****.exe, WriteAddress = 0x7ffd8238, Size = 0x00000004 TargetPID = 0x000008f4
TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x00050000, Size = 0x00000020 TargetPID = 0x00000b80
TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x00050020, Size = 0x00000034 TargetPID = 0x00000b80
TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x7ffd3238, Size = 0x00000004 TargetPID = 0x00000b80
文件行为
行为描述:创建文件
详情信息:C:\Users\Administrator\AppData\Roaming\SecurityXploded\VirusTotal Scanner 7.5\install\holder0.aiph
C:\Users\Administrator\AppData\Roaming\SecurityXploded\VirusTotal Scanner 7.5\install\VirusTotalScanner.aiui
C:\Users\Administrator\AppData\Roaming\SecurityXploded\VirusTotal Scanner 7.5\install\VirusTotalScanner.msi
C:\Users\Administrator\AppData\Local\Temp\MSIE06F.tmp
C:\Users\Administrator\AppData\Local\Temp\MSIE10C.tmp
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\installer_minbackground.jpg
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\installer_background.jpg
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\installlogoicon
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\sx_logo_icon.ico
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\folderlogoicon
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\printico
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\exclamic
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\info
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\tabback
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\removico
行为描述:创建可执行文件
详情信息:C:\Users\Administrator\AppData\Roaming\SecurityXploded\VirusTotal Scanner 7.5\install\VirusTotalScanner.aiui
C:\Users\Administrator\AppData\Local\Temp\MSIE06F.tmp
C:\Users\Administrator\AppData\Local\Temp\MSIE10C.tmp
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\ExternalUICleaner.dll
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\Prereq.dll
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\aicustact.dll
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\viewer.exe
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\lzmaextractor.dll
C:\Users\Administrator\AppData\Local\Temp\MSIE1E8.tmp
C:\Users\Administrator\AppData\Local\Temp\MSID33E.tmp
行为描述:修改脚本文件
详情信息:C:\Users\Administrator\AppData\Local\Temp\EXEDF64.tmp.bat ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\EXEDFD3.tmp.bat ---> Offset = 0
行为描述:查找文件
详情信息:FileName = C:\Windows\system32\msi.dll
FileName = \\?\C:\Users\Administrator\AppData\Roaming\SecurityXploded\VirusTotal Scanner 7.5\install\
FileName = \\?\C:\Users\Administrator\AppData\Roaming\SecurityXploded\VirusTotal Scanner 7.5\install\VirusTotalScanner.aiui
FileName = \\?\C:\Users\Administrator\AppData\Roaming\SecurityXploded\VirusTotal Scanner 7.5\install\VirusTotalScanner.msi
FileName = C:\Users
FileName = C:\Users\Administrator\AppData
FileName = C:\Users\Administrator\AppData\Roaming
FileName = C:\Users\Administrator\AppData\Roaming\SecurityXploded\VirusTotal Scanner 7.5\install
FileName = C:\Windows\system32\*
FileName = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\Windows\Microsoft.NET\Framework\\*
FileName = C:\Users\Administrator\AppData\Roaming\SecurityXploded\VirusTotal Scanner 7.5\install\VirusTotalScanner.msi
FileName = C:\Windows\Installer\$PatchCache$\Managed\*.*
FileName = \\?\C:\Users\Administrator
FileName = \\?\C:\Users\Administrator\AppData\Roaming\SecurityXploded
行为描述:删除文件
详情信息:C:\Users\Administrator\AppData\Local\Temp\MSIE06F.tmp
C:\Users\Administrator\AppData\Local\Temp\MSIE10C.tmp
C:\Users\Administrator\AppData\Local\Temp\MSIE1E8.tmp
C:\Users\Administrator\AppData\Local\Temp\MSID33E.tmp
C:\Users\Administrator\AppData\Roaming\SecurityXploded\VirusTotal Scanner 7.5\install\VirusTotalScanner.aiui
C:\Users\Administrator\AppData\Local\Temp\EXEDF64.tmp
C:\Users\Administrator\AppData\Roaming\SecurityXploded\VirusTotal Scanner 7.5\install\holder0.aiph
C:\Users\Administrator\AppData\Local\Temp\EXEDFD3.tmp
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\installer_minbackground.jpg
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\installer_background.jpg
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\installlogoicon
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\sx_logo_icon.ico
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\folderlogoicon
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\printico
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\exclamic
行为描述:修改文件内容
详情信息:C:\Users\Administrator\AppData\Roaming\SecurityXploded\VirusTotal Scanner 7.5\install\VirusTotalScanner.aiui ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\SecurityXploded\VirusTotal Scanner 7.5\install\VirusTotalScanner.aiui ---> Offset = 65536
C:\Users\Administrator\AppData\Roaming\SecurityXploded\VirusTotal Scanner 7.5\install\VirusTotalScanner.aiui ---> Offset = 131072
C:\Users\Administrator\AppData\Roaming\SecurityXploded\VirusTotal Scanner 7.5\install\VirusTotalScanner.aiui ---> Offset = 196608
C:\Users\Administrator\AppData\Roaming\SecurityXploded\VirusTotal Scanner 7.5\install\VirusTotalScanner.aiui ---> Offset = 262144
C:\Users\Administrator\AppData\Roaming\SecurityXploded\VirusTotal Scanner 7.5\install\VirusTotalScanner.msi ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\SecurityXploded\VirusTotal Scanner 7.5\install\VirusTotalScanner.msi ---> Offset = 65536
C:\Users\Administrator\AppData\Roaming\SecurityXploded\VirusTotal Scanner 7.5\install\VirusTotalScanner.msi ---> Offset = 131072
C:\Users\Administrator\AppData\Roaming\SecurityXploded\VirusTotal Scanner 7.5\install\VirusTotalScanner.msi ---> Offset = 196608
C:\Users\Administrator\AppData\Roaming\SecurityXploded\VirusTotal Scanner 7.5\install\VirusTotalScanner.msi ---> Offset = 262144
C:\Users\Administrator\AppData\Local\Temp\MSIE06F.tmp ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\MSIE06F.tmp ---> Offset = 65536
C:\Users\Administrator\AppData\Local\Temp\MSIE10C.tmp ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\MSIE10C.tmp ---> Offset = 65536
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\installer_minbackground.jpg ---> Offset = 0
注册表行为
行为描述:删除注册表键值
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
其他行为
行为描述:检测自身是否被调试
详情信息:IsDebuggerPresent
行为描述:创建互斥体
详情信息:Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
行为描述:创建事件对象
详情信息:EventName = Advinst_A348FD7D22FA478E8CDFCE3CB041A52D
EventName = 3972_prepare_evt
EventName = 3972_uigo_evt
EventName = 3972_uidone_evt
EventName = 3972_mdl_evt
EventName = 3972_sho_evt
EventName = 3972_edlg_evt
EventName = 3972_ddlg_evt
EventName = OleDfRootFCBA64AEB89C1991
EventName = OleDfRoot7E1451398D89A32C
EventName = OleDfRoot14BCEFCC3260F0C1
EventName = OleDfRoot1F521300B4600396
EventName = 3972_sti_evt
EventName = 3972_uis_evt
EventName = 3972_WelcomeDlg_pbl_evt
行为描述:打开互斥体
详情信息:Local\MSCTF.Asm.MutexDefault1
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
\KernelObjects\MaximumCommitCondition
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
MSFT.VSA.COM.DISABLE.3972
MSFT.VSA.IEC.STATUS.6c736db0
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
3972_WelcomeDlg_pbl_evt
3972_FolderDlg_pbl_evt
Global\SvcctrlStartEvent_A3752DX
3972_CancelDlg_pbl_evt
3972_VerifyReadyDlg_pbl_evt
行为描述:获取TickCount值
详情信息:TickCount = 1165546, SleepMilliseconds = 60000.
TickCount = 1165562, SleepMilliseconds = 60000.
TickCount = 1165859, SleepMilliseconds = 60000.
TickCount = 1166015, SleepMilliseconds = 60000.
TickCount = 1166031, SleepMilliseconds = 60000.
TickCount = 1166046, SleepMilliseconds = 60000.
TickCount = 1166078, SleepMilliseconds = 60000.
TickCount = 1166125, SleepMilliseconds = 60000.
TickCount = 1166156, SleepMilliseconds = 60000.
TickCount = 1166171, SleepMilliseconds = 60000.
TickCount = 1166187, SleepMilliseconds = 60000.
TickCount = 1166250, SleepMilliseconds = 60000.
TickCount = 1166265, SleepMilliseconds = 60000.
TickCount = 1166296, SleepMilliseconds = 60000.
TickCount = 1166359, SleepMilliseconds = 60000.
行为描述:调整进程token权限
详情信息:SE_CREATE_TOKEN_PRIVILEGE
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x001601b4, Text = VirusTotal Scanner Setup, ClassName = #32770.
行为描述:窗口信息
详情信息:Pid = 3972, Hwnd=0xb0290, Text = &Next >, ClassName = Button.
Pid = 3972, Hwnd=0xc021c, Text = < &Back, ClassName = Button.
Pid = 3972, Hwnd=0xa0216, Text = Welcome to the VirusTotal Scanner Setup Wizard, ClassName = Static.
Pid = 3972, Hwnd=0x160138, Text = The Setup Wizard will install VirusTotal Scanner on your computer. Click Next to continue or close the window to exit the Setup Wizard., ClassName = Static.
Pid = 3972, Hwnd=0x10028c, Text = Icon, ClassName = Static.
Pid = 3972, Hwnd=0x9020c, Text = Bitmap, ClassName = Static.
Pid = 3972, Hwnd=0x1601b4, Text = VirusTotal Scanner Setup, ClassName = #32770.
Pid = 3972, Hwnd=0x11028c, Text = &Next >, ClassName = Button.
Pid = 3972, Hwnd=0xc0290, Text = < &Back, ClassName = Button.
Pid = 3972, Hwnd=0x18017a, Text = C:\Program Files\SecurityXploded\VirusTotal Scanner\, ClassName = ComboBox.
Pid = 3972, Hwnd=0xb0216, Text = C:\Program Files\SecurityXploded\VirusTotal Scanner\, ClassName = Edit.
Pid = 3972, Hwnd=0x170138, Text = Br&owse..., ClassName = Button.
Pid = 3972, Hwnd=0x1202dc, Text = Choose a file location, ClassName = Static.
Pid = 3972, Hwnd=0xe0240, Text = To install in this folder, click "Next". To install to a different folder, enter it below or click "Browse"., ClassName = Static.
Pid = 3972, Hwnd=0xe0204, Text = 5.60 MB, ClassName = Static.
行为描述:可执行文件签名信息
详情信息:C:\Users\Administrator\AppData\Roaming\SecurityXploded\VirusTotal Scanner 7.5\install\VirusTotalScanner.aiui(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\MSIE06F.tmp(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\MSIE10C.tmp(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\ExternalUICleaner.dll(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\Prereq.dll(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\aicustact.dll(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\viewer.exe(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\lzmaextractor.dll(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\MSIE1E8.tmp(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\MSID33E.tmp(签名验证: 通过)
行为描述:调用Sleep函数
详情信息:[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 60000.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 10.
[5]: MilliSeconds = 10.
[6]: MilliSeconds = 10.
[7]: MilliSeconds = 10.
[8]: MilliSeconds = 10.
[9]: MilliSeconds = 10.
[10]: MilliSeconds = 10.
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [Skip,Button]
[Window,Class] = [,ComboLBox]
行为描述:获取光标位置
详情信息:CursorPos = (388,18506), SleepMilliseconds = 60000.
CursorPos = (429,19283), SleepMilliseconds = 60000.
CursorPos = (470,19283), SleepMilliseconds = 60000.
CursorPos = (511,19283), SleepMilliseconds = 60000.
CursorPos = (552,19283), SleepMilliseconds = 10.
CursorPos = (593,19283), SleepMilliseconds = 10.
CursorPos = (634,19283), SleepMilliseconds = 10.
CursorPos = (675,19283), SleepMilliseconds = 10.
CursorPos = (716,19283), SleepMilliseconds = 10.
CursorPos = (757,19283), SleepMilliseconds = 10.
CursorPos = (798,19283), SleepMilliseconds = 10.
CursorPos = (839,19283), SleepMilliseconds = 10.
CursorPos = (880,19283), SleepMilliseconds = 10.
CursorPos = (921,19283), SleepMilliseconds = 10.
CursorPos = (962,19283), SleepMilliseconds = 10.
行为描述:可执行文件MD5
详情信息:C:\Users\Administrator\AppData\Roaming\SecurityXploded\VirusTotal Scanner 7.5\install\VirusTotalScanner.aiui ---> 0996162407eb28fb5d904f97e1acdc25
C:\Users\Administrator\AppData\Local\Temp\MSIE06F.tmp ---> ca367c9fd5fb936729b4b6dcd78b003a
C:\Users\Administrator\AppData\Local\Temp\MSIE10C.tmp ---> ca367c9fd5fb936729b4b6dcd78b003a
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\ExternalUICleaner.dll ---> 2cf6c98c93b3f892e7420711593540cc
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\aicustact.dll ---> ca367c9fd5fb936729b4b6dcd78b003a
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\Prereq.dll ---> 98542f7a19b24166cd784a1682846385
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\viewer.exe ---> 282200f99164da0acf6fa3614ec3def2
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_3972\lzmaextractor.dll ---> 96a5c1880b4fd9ae42a63367e974cc12
C:\Users\Administrator\AppData\Local\Temp\MSIE1E8.tmp ---> ca367c9fd5fb936729b4b6dcd78b003a
C:\Users\Administrator\AppData\Local\Temp\MSID33E.tmp ---> ca367c9fd5fb936729b4b6dcd78b003a
行为描述:直接获取CPU时钟
详情信息:EAX = 0xa24a1c41, EDX = 0x0000039d
EAX = 0xaa37ea2a, EDX = 0x0000039d
EAX = 0xb7608680, EDX = 0x0000039d
EAX = 0xbc9b5539, EDX = 0x0000039d
EAX = 0xc9c3f18f, EDX = 0x0000039d
EAX = 0xc9c3f1db, EDX = 0x0000039d
行为描述:加载新释放的文件
详情信息:Image: C:\Users\ADMINI~1\AppData\Local\Temp\MSIE06F.tmp.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\MSIE10C.tmp.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\MSIE1E8.tmp.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\MSID33E.tmp.
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号