VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
文件信息
安全评分 :71
基本信息
MD5:eeedf1d8bf1f546550476e04b83172f7
文件类型:Rar
出品公司:
版本:
壳或编译器信息:
子文件信息:UnityEngine.dll / f5934a551d83ef17269823a0f6a8b6fc / DLL
2.jpg / 77aa57aad517dadb97281ef846ba4f3e / Unknown
1.jpg / 9708738bd9c7db36d616d278b64209cb / Unknown
Mono.Cecil.dll / cae39da6657bd53afe065ff2a1929d9b / DLL
UnityEngine.UI.dll / f37400d3f40132ca6742d66b554d96f1 / DLL
UnityEngine.UI.dll / e3626e2477eefa9ce89bfb7465c659b5 / DLL
H.7.txt / ce7a2b77cedf658248f7bf76d11bd76e / Unknown
EditScene.6.txt / 3c88cbd3fb5320587089feca0423a517 / Unknown
UnityEngine.UI.Translation.dll / c55d0af1bb076c6551ba95aa759cc653 / DLL
Translation.log / ca86cbe1725bae847b590b1f6f67fc01 / Unknown
IPA.exe / e43f786eee8ec18636ffe86b724c77ea / EXE
ADVScene.5.txt / 9c0e6ae198f5e0fb602bf72360179376 / Unknown
Launcher.exe / 43fe8c7c33c403737fa5150a59a59dbc / EXE
SelectScene.8.txt / 2f4b5286f46e177d18fc64805253676a / Unknown
IllusionInjector.dll / 15f90b8e6ba5b95ee7b4159b4f9c531a / DLL
TitleScene.4.txt / 77a164fb6df91d005d440839827e3058 / Unknown
IllusionPlugin.xml / 55f5bed5c5a52037ce6f33bff5a0f525 / Unknown
IllusionPlugin.dll / 5d1077c6bb3f5cb37e2927d25ffc98dc / DLL
使用说明.txt / 9213155941427527911a3b65503824ba / Unknown
关键行为
行为描述:跨进程写入数据
详情信息:TargetProcess = C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe, WriteAddress = 0x00150000, Size = 0x00000020 TargetPID = 0x00000a30
TargetProcess = C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe, WriteAddress = 0x00150020, Size = 0x00000034 TargetPID = 0x00000a30
TargetProcess = C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe, WriteAddress = 0x7ffdf238, Size = 0x00000004 TargetPID = 0x00000a30
进程行为
行为描述:创建进程
详情信息:[0x00000a30]ImagePath = C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe, CmdLine = dw20.exe -x -s 440
行为描述:跨进程写入数据
详情信息:TargetProcess = C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe, WriteAddress = 0x00150000, Size = 0x00000020 TargetPID = 0x00000a30
TargetProcess = C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe, WriteAddress = 0x00150020, Size = 0x00000034 TargetPID = 0x00000a30
TargetProcess = C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe, WriteAddress = 0x7ffdf238, Size = 0x00000004 TargetPID = 0x00000a30
文件行为
行为描述:查找文件
详情信息:FileName = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\Windows\Microsoft.NET\Framework\\*
FileName = C:\Windows
FileName = C:\Windows\WinSxS
FileName = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80.dll
FileName = C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
FileName = C:\Users
FileName = C:\Users\Administrator\AppData
FileName = C:\Users\Administrator\AppData\Local
FileName = C:\Users\Administrator\AppData\Local\Temp
FileName = C:\Users\Administrator\AppData\Local\%temp%
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\phjzbhhhbd\IPA.exe
FileName = C:\Users\Administrator
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\phjzbhhhbd
其他行为
行为描述:检测自身是否被调试
详情信息:IsDebuggerPresent
行为描述:创建互斥体
详情信息:Global\f23498bc-10de-11e8-a49b-080027488980
行为描述:创建事件对象
详情信息:EventName = Global\CorDBIPCSetupSyncEvent_1988
行为描述:样本控制台输出内容
详情信息:N/A
行为描述:打开事件
详情信息:Global\CLR_PerfMon_StartEnumEvent
HookSwitchHookEnabledEvent
\KernelObjects\LowMemoryCondition
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
\KernelObjects\MaximumCommitCondition
行为描述:枚举窗口
详情信息:N/A
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,CtrlNotifySink]
行为描述:打开互斥体
详情信息:Global\CLR_CASOFF_MUTEX
Local\MSCTF.Asm.MutexDefault1
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号