VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

文件信息
安全评分 :79
基本信息
MD5:b3e25f13085751b83358aab30d216ef3
文件类型:CHM帮助文件
出品公司:
版本:
壳或编译器信息:
子文件信息:$FIftiMain / 1b91daa315e5c993333036b6a35a0c8d / Unknown
Windows2000可执行文件一览.htm / 7e79d9e120a4b6dbb781ccc1a815601f / Unknown
WebDav漏洞简单分析及通用exploit设计.htm / 76911cffac819f444ba001de73ae8206 / Unknown
03.jpg / 3ffe9bccdd25ac77490cb3ee6150e4b1 / Unknown
378.jpg / 30614efeeec86e4e081432c60c2c41f4 / Unknown
sql8.jpg / 431024a7305f4bac2a6a4c26a2c20e36 / Unknown
sql7.jpg / 5812037a208ef76428820597f133ed8d / Unknown
379.jpg / 986ec3eacc9841d4483390eb93408950 / Unknown
en.jpg / 595bc8d8749665b3f5a0320fbf1d2228 / Unknown
html.gif / 70885a537c886e402237e4d38dca3ef2 / Unknown
381.jpg / 8dd3fdc629ae018d5c4a002372dedf23 / Unknown
个人计算机安全.htm / cbd386f3a655da1729efb0598a584b1c / Unknown
2000服务器终极安全设置与效率优化指南.htm / e06d5fbc8b0f688727018b887970ecc3 / Unknown
sql.jpg / a7f1f2f4b6ff9ffca82a445a7ee19718 / Unknown
exec1.gif / c89488e8d78a76ead27ac3bd75d3b8ff / Unknown
376.jpg / 0605bf239b08c542f89e53688d185240 / Unknown
11.jpg / a23bd141ae38e3b6153b2bc253b810ca / Unknown
changef1.gif / 2163a905aff1a05b207180e608607904 / Unknown
copy2.gif / 5685a3b5153b1c6c72a55576aa674b20 / Unknown
关键行为
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
进程行为
行为描述:创建本地线程
详情信息:TargetProcess: hh.exe, InheritedFromPID = 2000, ProcessID = 2668, ThreadID = 2680, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: hh.exe, InheritedFromPID = 2000, ProcessID = 2668, ThreadID = 2812, StartAddress = 6359727B, Parameter = 001B59B0
TargetProcess: hh.exe, InheritedFromPID = 2000, ProcessID = 2668, ThreadID = 2816, StartAddress = 77E56C7D, Parameter = 001CB4E0
TargetProcess: hh.exe, InheritedFromPID = 2000, ProcessID = 2668, ThreadID = 2820, StartAddress = 769AE43B, Parameter = 001CFB10
TargetProcess: hh.exe, InheritedFromPID = 2000, ProcessID = 2668, ThreadID = 2824, StartAddress = 6359727B, Parameter = 001CD070
文件行为
行为描述:创建文件
详情信息:C:\Documents and Settings\Administrator\Application Data\Microsoft\HTML Help\hh.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\IMT3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFBB16.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFBB32.tmp
行为描述:删除文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\IMT3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFBB32.tmp
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述:修改文件内容
详情信息:C:\Documents and Settings\Administrator\Application Data\Microsoft\HTML Help\hh.dat ---> Offset = 96
C:\Documents and Settings\Administrator\Application Data\Microsoft\HTML Help\hh.dat ---> Offset = 180
C:\Documents and Settings\Administrator\Application Data\Microsoft\HTML Help\hh.dat ---> Offset = 240
C:\Documents and Settings\Administrator\Application Data\Microsoft\HTML Help\hh.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\IMT3.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\IMT3.tmp ---> Offset = 84
行为描述:查找文件
详情信息:FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\%temp%\****.chm
其他行为
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\!PrivacIE!SharedMemory!Mutex
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.AHK
行为描述:创建事件对象
详情信息:EventName = MSCTF.SendReceive.Event.AHK.IC
EventName = MSCTF.SendReceiveConection.Event.AHK.IC
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述:打开事件
详情信息:\SECURITY\LSA_AUTHENTICATION_INITIALIZED
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSFT.VSA.COM.DISABLE.2668
MSFT.VSA.IEC.STATUS.6c736db0
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
行为描述:窗口信息
详情信息:Pid = 2668, Hwnd=0x10342, Text = 2000系统大攻略, ClassName = HH Parent.
行为描述:打开互斥体
详情信息:ShimCacheMutex
Local\WininetStartupMutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!IETld!Mutex
CtfmonInstMutexDefaultS-*
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号