VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:20
Behavior list
Basic Information
MD5:d58a2ac9da68b98f5c0392e4cf015454
file type:EXE
Production company:文件夹
version:1.0.0.0---1.0.0.0
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Key behavior
Behavior description:删除QQ登录信息的数据库文件
details:C:\Program Files\Tencent\QQ\Users\All Users\QQ\Registry.db
Behavior description:设置特殊文件夹属性
details:C:\autorun.inf
C:\autorun.inf\文件免疫
C:\Program Files\autorun.inf
C:\Program Files\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\autorun.inf
C:\Program Files\Windows Media Player\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\autorun.inf
C:\Program Files\Windows Media Player\9\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\c\autorun.inf
C:\Program Files\Windows Media Player\9\c\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\c\b\autorun.inf
C:\Program Files\Windows Media Player\9\c\b\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\c\b\c\autorun.inf
C:\Program Files\Windows Media Player\9\c\b\c\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\c\b\c\c\autorun.inf
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00000000, DC = 0x58010568.
Foreground window Info: HWND = 0x00000000, DC = 0x980105d6.
Foreground window Info: HWND = 0x00000000, DC = 0x6b01069f.
Foreground window Info: HWND = 0x00000000, DC = 0x060106e4.
Foreground window Info: HWND = 0x00000000, DC = 0x0a0106df.
Foreground window Info: HWND = 0x00000000, DC = 0x070106e4.
Foreground window Info: HWND = 0x00000000, DC = 0x160106dc.
Foreground window Info: HWND = 0x00000000, DC = 0x02010742.
Foreground window Info: HWND = 0x00000000, DC = 0x02010743.
Foreground window Info: HWND = 0x00000000, DC = 0x03010742.
Foreground window Info: HWND = 0x00000000, DC = 0x050107b7.
Foreground window Info: HWND = 0x00000000, DC = 0x060107ef.
Foreground window Info: HWND = 0x00000000, DC = 0x1c0107e6.
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
Behavior description:杀掉QQ进程
details:TASKKILL = taskkill /im qq.exe /f
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\%temp%\****.exe
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = C:\Documents and Settings\Administrator\Local Settings\%temp%\CQ.bat
ImagePath = , CmdLine = C:\Documents and Settings\Administrator\Local Settings\%temp%\temp.bat
ImagePath = , CmdLine = "C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe " folder
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c "C:\Documents and Settings\Administrator\Local Settings\%temp%\CQ.bat"
ImagePath = C:\WINDOWS\system32\taskkill.exe, CmdLine = taskkill /im qq.exe /f
ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c "C:\Documents and Settings\Administrator\Local Settings\%temp%\temp.bat"
ImagePath = C:\WINDOWS\system32\cacls.exe, CmdLine = cacls "C:\Program Files\Windows Media Player\9" /d everyone /e
ImagePath = C:\WINDOWS\explorer.exe, CmdLine = explorer "C:\Documents and Settings\Administrator\Local Settings\%temp%\996E"
Behavior description:创建本地线程
details:TargetProcess: taskkill.exe, InheritedFromPID = 2012, ProcessID = 1664, ThreadID = 1048, StartAddress = 77E56C7D, Parameter = 000EAC20
TargetProcess: taskkill.exe, InheritedFromPID = 2012, ProcessID = 1664, ThreadID = 1960, StartAddress = 769AE43B, Parameter = 000ED5C8
TargetProcess: taskkill.exe, InheritedFromPID = 2012, ProcessID = 1664, ThreadID = 2052, StartAddress = 77E56C7D, Parameter = 000EDD50
TargetProcess: svchost.exe , InheritedFromPID = 2008, ProcessID = 2280, ThreadID = 2372, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: 52ee29.tmp.exe, InheritedFromPID = 2280, ProcessID = 2424, ThreadID = 2476, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: 52f80e.tmp.exe, InheritedFromPID = 2280, ProcessID = 2528, ThreadID = 2580, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: 53008b.tmp.exe, InheritedFromPID = 2280, ProcessID = 2660, ThreadID = 2716, StartAddress = 77DC845A, Parameter = 00000000
Behavior description:创建新文件进程
details:ImagePath = C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe , CmdLine = "C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe " folder
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\52ee29.tmp.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\52ee29.tmp.exe" qjb 852840
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\52f80e.tmp.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\52f80e.tmp.exe" qjb 263132
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\53008b.tmp.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\53008b.tmp.exe" qjb 131332
Behavior description:杀掉QQ进程
details:TASKKILL = taskkill /im qq.exe /f
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\%temp%\****.exe
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\krnln.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\eAPI.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\Md5.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\internet.fne
C:\Documents and Settings\Administrator\Local Settings\%temp%\CQ.bat
C:\autorun.inf\desktop.ini
C:\Program Files\autorun.inf\desktop.ini
C:\Program Files\Windows Media Player\autorun.inf\desktop.ini
C:\Program Files\Windows Media Player\9\autorun.inf\desktop.ini
C:\Program Files\Windows Media Player\9\c\autorun.inf\desktop.ini
C:\Program Files\Windows Media Player\9\c\b\autorun.inf\desktop.ini
C:\Program Files\Windows Media Player\9\c\b\c\autorun.inf\desktop.ini
C:\Program Files\Windows Media Player\9\c\b\c\c\autorun.inf\desktop.ini
C:\Program Files\Windows Media Player\9\c\b\c\c\0\autorun.inf\desktop.ini
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\autorun.inf\desktop.ini
Behavior description:删除QQ登录信息的数据库文件
details:C:\Program Files\Tencent\QQ\Users\All Users\QQ\Registry.db
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\krnln.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\eAPI.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\Md5.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\internet.fne
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe 
C:\Documents and Settings\Administrator\Local Settings\Temp\52ee29.tmp.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\52f80e.tmp.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\53008b.tmp.exe
C:\222c25ed.exe
C:\autorun.inf.exe
C:\DiskD.exe
C:\DiskX.exe
C:\Documents and Settings.exe
C:\Program Files.exe
C:\Python27.exe
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\eAPI.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\internet.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\Md5.fne
Behavior description:复制文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe ---> C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe 
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\52ee29.tmp.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\52f80e.tmp.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\53008b.tmp.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\222c25ed.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\AnalyzeControl.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\autorun.inf.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\DiskD.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\DiskX.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\Documents and Settings.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\EasyWebSvr.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\monitor.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\Program Files.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\Python27.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\RECYCLER.exe
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\CQ.bat
C:\Documents and Settings\Administrator\Local Settings\%temp%\temp.bat
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\CQ.bat
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\taskkill.*
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\taskkill
FileName = C:\Python27\taskkill.*
FileName = C:\Python27\taskkill
FileName = C:\Python27\Scripts\taskkill.*
FileName = C:\Python27\Scripts\taskkill
FileName = C:\WINDOWS\system32\taskkill.*
FileName = C:\WINDOWS\system32\taskkill.COM
FileName = C:\WINDOWS\system32\taskkill.EXE
Behavior description:修改BAT脚本文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\CQ.bat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\temp.bat ---> Offset = 0
Behavior description:重命名文件
details:C:\autorun.inf\文件免疫 ---> C:\autorun.inf\文件免疫.\
C:\Program Files\autorun.inf\文件免疫 ---> C:\Program Files\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\9\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\9\c\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\9\c\b\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\9\c\b\c\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\9\c\b\c\c\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\c\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\9\c\b\c\c\0\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\c\0\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\autorun.inf\文件免疫.\
Behavior description:设置特殊文件夹属性
details:C:\autorun.inf
C:\autorun.inf\文件免疫
C:\Program Files\autorun.inf
C:\Program Files\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\autorun.inf
C:\Program Files\Windows Media Player\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\autorun.inf
C:\Program Files\Windows Media Player\9\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\c\autorun.inf
C:\Program Files\Windows Media Player\9\c\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\c\b\autorun.inf
C:\Program Files\Windows Media Player\9\c\b\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\c\b\c\autorun.inf
C:\Program Files\Windows Media Player\9\c\b\c\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\c\b\c\c\autorun.inf
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\krnln.fnr ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\eAPI.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\Md5.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\internet.fne ---> Offset = 0
C:\autorun.inf\desktop.ini ---> Offset = 0
C:\Program Files\autorun.inf\desktop.ini ---> Offset = 0
C:\Program Files\Windows Media Player\autorun.inf\desktop.ini ---> Offset = 0
C:\Program Files\Windows Media Player\9\autorun.inf\desktop.ini ---> Offset = 0
C:\Program Files\Windows Media Player\9\c\autorun.inf\desktop.ini ---> Offset = 0
C:\Program Files\Windows Media Player\9\c\b\autorun.inf\desktop.ini ---> Offset = 0
C:\Program Files\Windows Media Player\9\c\b\c\autorun.inf\desktop.ini ---> Offset = 0
C:\Program Files\Windows Media Player\9\c\b\c\c\autorun.inf\desktop.ini ---> Offset = 0
C:\Program Files\Windows Media Player\9\c\b\c\c\0\autorun.inf\desktop.ini ---> Offset = 0
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\autorun.inf\desktop.ini ---> Offset = 0
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\autorun.inf\desktop.ini ---> Offset = 0
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\LoveQ\first
\REGISTRY\MACHINE\SOFTWARE\Classes\.exe \
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
Other behavior
Behavior description:调整进程token权限
details:SE_DEBUG_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Afx:10000000:8:10011:1900015:0]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:枚举窗口
details:N/A
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
MSFT.VSA.COM.DISABLE.1664
MSFT.VSA.IEC.STATUS.6c736db0
_fCanRegisterWithShellService
LoveQ-BYxiaofeng_sp5
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000057
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000057
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000058
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000058
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000059
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000059
Behavior description:窗口信息
details:Pid = 2528, Hwnd=0x40462, Text = 取回密码, ClassName = Afx:10000000:b:10011:1900015:0.
Pid = 2528, Hwnd=0x30498, Text = 注册新账号, ClassName = Afx:10000000:b:10011:1900015:0.
Pid = 2528, Hwnd=0x3042a, Text = <请输入账号>, ClassName = Edit.
Pid = 2528, Hwnd=0x30432, Text = QQ2009 , ClassName = WTWindow.
Pid = 2424, Hwnd=0x130354, Text = 取回密码, ClassName = Afx:10000000:b:10011:1900015:0.
Pid = 2424, Hwnd=0x703ce, Text = 注册新账号, ClassName = Afx:10000000:b:10011:1900015:0.
Pid = 2424, Hwnd=0xf0356, Text = <请输入账号>, ClassName = Edit.
Pid = 2424, Hwnd=0x1c02f8, Text = QQ2009 , ClassName = WTWindow.
Pid = 2660, Hwnd=0x104d6, Text = 取回密码, ClassName = Afx:10000000:b:10011:1900015:0.
Pid = 2660, Hwnd=0x104d4, Text = 注册新账号, ClassName = Afx:10000000:b:10011:1900015:0.
Pid = 2660, Hwnd=0x104d0, Text = <请输入账号>, ClassName = Edit.
Pid = 2660, Hwnd=0x104c8, Text = QQ2009 , ClassName = WTWindow.
Pid = 2528, Hwnd=0x30494, Text = 123456, ClassName = Edit.
Pid = 2424, Hwnd=0x1202b0, Text = 123456, ClassName = Edit.
Pid = 2660, Hwnd=0x404cc, Text = 123456, ClassName = Edit.
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00000000, DC = 0x58010568.
Foreground window Info: HWND = 0x00000000, DC = 0x980105d6.
Foreground window Info: HWND = 0x00000000, DC = 0x6b01069f.
Foreground window Info: HWND = 0x00000000, DC = 0x060106e4.
Foreground window Info: HWND = 0x00000000, DC = 0x0a0106df.
Foreground window Info: HWND = 0x00000000, DC = 0x070106e4.
Foreground window Info: HWND = 0x00000000, DC = 0x160106dc.
Foreground window Info: HWND = 0x00000000, DC = 0x02010742.
Foreground window Info: HWND = 0x00000000, DC = 0x02010743.
Foreground window Info: HWND = 0x00000000, DC = 0x03010742.
Foreground window Info: HWND = 0x00000000, DC = 0x050107b7.
Foreground window Info: HWND = 0x00000000, DC = 0x060107ef.
Foreground window Info: HWND = 0x00000000, DC = 0x1c0107e6.
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\krnln.fnr(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\eAPI.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\Md5.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\internet.fne(签名验证: 未通过)
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe (签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\52ee29.tmp.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\52f80e.tmp.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\53008b.tmp.exe(签名验证: 未通过)
C:\222c25ed.exe(签名验证: 未通过)
C:\autorun.inf.exe(签名验证: 未通过)
C:\DiskD.exe(签名验证: 未通过)
C:\DiskX.exe(签名验证: 未通过)
C:\Documents and Settings.exe(签名验证: 未通过)
C:\Program Files.exe(签名验证: 未通过)
C:\Python27.exe(签名验证: 未通过)
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\krnln.fnr ---> 4b30dbe1a79b2b7572ff637cb3765ced
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\eAPI.fne ---> 3102c454a9543e58fe3ad5f783f5a690
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\Md5.fne ---> 992322b55f2684fe4c83b8e94dd54adb
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\internet.fne ---> c1180974dd8a7c6d9f8fcc13096b4f7a
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> d58a2ac9da68b98f5c0392e4cf015454
C:\Documents and Settings\Administrator\Local Settings\Temp\52ee29.tmp.exe ---> d58a2ac9da68b98f5c0392e4cf015454
C:\Documents and Settings\Administrator\Local Settings\Temp\52f80e.tmp.exe ---> d58a2ac9da68b98f5c0392e4cf015454
C:\Documents and Settings\Administrator\Local Settings\Temp\53008b.tmp.exe ---> d58a2ac9da68b98f5c0392e4cf015454
C:\222c25ed.exe ---> d58a2ac9da68b98f5c0392e4cf015454
C:\autorun.inf.exe ---> d58a2ac9da68b98f5c0392e4cf015454
C:\DiskD.exe ---> d58a2ac9da68b98f5c0392e4cf015454
C:\DiskX.exe ---> d58a2ac9da68b98f5c0392e4cf015454
C:\Documents and Settings.exe ---> d58a2ac9da68b98f5c0392e4cf015454
C:\Program Files.exe ---> d58a2ac9da68b98f5c0392e4cf015454
C:\Python27.exe ---> d58a2ac9da68b98f5c0392e4cf015454
Behavior description:打开互斥体
details:ShimCacheMutex
Behavior description:加载新释放的文件
details:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\krnln.fnr.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\Md5.fne.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\eAPI.fne.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号