VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

文件信息
安全评分 :81
基本信息
MD5:947add8f18b5031aa56845ac8c3a0257
文件类型:EXE
出品公司:
版本:
壳或编译器信息:PACKER:PECompact 2.x -> Jeremy Collake
子文件信息:pecompact2x_3921ed53dumpFile / big file / EXE
关键行为
行为描述:写权限映射文件
详情信息:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.ABL..KAIIH
MSCTF.MarshalInterface.FileMap.ABL.B.KAIIH
MSCTF.MarshalInterface.FileMap.ABL.C.KAIIH
MSCTF.MarshalInterface.FileMap.ABL.D.KAIIH
MSCTF.MarshalInterface.FileMap.ABL.E.KAIIH
MSCTF.MarshalInterface.FileMap.ABL.F.KAIIH
MSCTF.MarshalInterface.FileMap.ABL.G.KAIIH
MSCTF.Shared.SFM.ABL
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,Afx:400000:8:10011:1900015:0]
[Window,Class] = [,WTWindow]
进程行为
行为描述:创建新文件进程
详情信息:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gGvrt5rf.txt, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gGvrt5rf.txt
行为描述:枚举进程
详情信息:N/A
文件行为
行为描述:写权限映射文件
详情信息:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.ABL..KAIIH
MSCTF.MarshalInterface.FileMap.ABL.B.KAIIH
MSCTF.MarshalInterface.FileMap.ABL.C.KAIIH
MSCTF.MarshalInterface.FileMap.ABL.D.KAIIH
MSCTF.MarshalInterface.FileMap.ABL.E.KAIIH
MSCTF.MarshalInterface.FileMap.ABL.F.KAIIH
MSCTF.MarshalInterface.FileMap.ABL.G.KAIIH
MSCTF.Shared.SFM.ABL
行为描述:创建可执行文件
详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gGvrt5rf.txt
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述:查找文件
详情信息:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gGvrt5rf.txt
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
网络行为
行为描述:连接指定站点
详情信息:InternetConnectA: ServerName = ip.qq.com, PORT = 80
行为描述:读取网络文件
详情信息:hFile = 0x000001bc, BytesToRead =10240, BytesRead = 10240.
hFile = 0x000001c4, BytesToRead =10240, BytesRead = 10240.
行为描述:打开HTTP请求
详情信息:HttpOpenRequestA: ip.qq.com:80/, hConnect = 0x000001b8
HttpOpenRequestA: ip.qq.com:80/, hConnect = 0x000001c0
其他行为
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述:窗口信息
详情信息:Pid = 2828, Hwnd=0x202d4, Text = 确定, ClassName = Button.
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,Afx:400000:8:10011:1900015:0]
[Window,Class] = [,WTWindow]
行为描述:创建互斥体
详情信息:RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.ABL
异常崩溃
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述:窗口信息
详情信息:Pid = 2828, Hwnd=0x202d4, Text = 确定, ClassName = Button.
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,Afx:400000:8:10011:1900015:0]
[Window,Class] = [,WTWindow]
行为描述:创建互斥体
详情信息:RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.ABL
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号