VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:55
Behavior list
Basic Information
MD5:f0b8e9d469b0fc816616983c69e32f9c
file type:EXE
Production company:按键小精灵 (C) 2001 - 2017
version:2014.0.5.16868---2014.0.5.16868
Shell or compiler information:PACKER:UPolyX v0.5
Key behavior
Behavior description:探测 Virtual PC是否存在
details:N/A
Behavior description:查询注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
Behavior description:获取TickCount值
details:TickCount = 224565, SleepMilliseconds = 50.
TickCount = 224581, SleepMilliseconds = 50.
TickCount = 224596, SleepMilliseconds = 50.
TickCount = 224690, SleepMilliseconds = 50.
TickCount = 224721, SleepMilliseconds = 50.
TickCount = 224878, SleepMilliseconds = 50.
TickCount = 225065, SleepMilliseconds = 50.
TickCount = 225268, SleepMilliseconds = 50.
TickCount = 225284, SleepMilliseconds = 50.
TickCount = 225456, SleepMilliseconds = 50.
TickCount = 225612, SleepMilliseconds = 50.
TickCount = 225628, SleepMilliseconds = 50.
TickCount = 225643, SleepMilliseconds = 50.
TickCount = 225675, SleepMilliseconds = 50.
TickCount = 225690, SleepMilliseconds = 50.
Behavior description:打开注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00010352, Text = , ClassName = ShadowWnd_UI.
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:直接获取CPU时钟
details:EAX = 0xa6a4f03c, EDX = 0x000000ba
EAX = 0xa6a4f088, EDX = 0x000000ba
EAX = 0xa6a4f0d4, EDX = 0x000000ba
EAX = 0xa6a4f120, EDX = 0x000000ba
EAX = 0xa957f09c, EDX = 0x000000ba
EAX = 0xa957f0e8, EDX = 0x000000ba
EAX = 0xa957f134, EDX = 0x000000ba
EAX = 0xabdfc0bd, EDX = 0x000000ba
EAX = 0xabdfc109, EDX = 0x000000ba
EAX = 0xabdfc155, EDX = 0x000000ba
Behavior description:VMWare特殊指令检测虚拟机
details:N/A
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2780, StartAddress = 0070C0CB, Parameter = 0086662C
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2784, StartAddress = 0070C0CB, Parameter = 008670B4
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2788, StartAddress = 0070C0CB, Parameter = 008679A0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2792, StartAddress = 0070C0CB, Parameter = 00868483
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2796, StartAddress = 0070C0CB, Parameter = 00868EC7
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2800, StartAddress = 0070C0CB, Parameter = 0086998D
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2804, StartAddress = 0070C0CB, Parameter = 0086A445
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2808, StartAddress = 0070C0CB, Parameter = 0086AF7B
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2812, StartAddress = 0070C0CB, Parameter = 0086F39F
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2816, StartAddress = 0070C0CB, Parameter = 00870336
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2820, StartAddress = 0070C0CB, Parameter = 00871358
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2824, StartAddress = 0070C0CB, Parameter = 0087247D
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2828, StartAddress = 0070C0CB, Parameter = 00873404
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2832, StartAddress = 0070C0CB, Parameter = 00874517
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2836, StartAddress = 0070C0CB, Parameter = 008755BE
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\ad-mymacro9.xml
C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\tmpad.xml
C:\Documents and Settings\Administrator\Local Settings\Temp\mac3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\plugin.zip
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\SYS.DLL
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\REGDLL.DLL
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\LXJ_PLUG.DLL
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ad-mymacro[1].xml
C:\Documents and Settings\Administrator\Local Settings\Temp\ad-mymacro9.xml.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\liveupdate8[1].dat
C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\liveupdate8.dat.tmp
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\LAZYOFFICE.DLL
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\MSG.DLL
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\FILE.DLL
C:\Documents and Settings\Administrator\Local Settings\Temp\mymacro.zip
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\SYS.DLL
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\REGDLL.DLL
C:\Documents and Settings\Administrator\Local Settings\Temp\ad-mymacro9.xml.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\liveupdate8.dat.tmp
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\LXJ_PLUG.DLL
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\LAZYOFFICE.DLL
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\MSG.DLL
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\FILE.DLL
C:\Documents and Settings\Administrator\Application Data\MyMacro\Runner.exe
C:\Documents and Settings\Administrator\Application Data\MyMacro\MT.exe
C:\Documents and Settings\Administrator\Application Data\MyMacro\updatemacro.dat
C:\Documents and Settings\Administrator\Application Data\MyMacro\binding.exe
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\tmpad.xml
C:\Documents and Settings\Administrator\Local Settings\Temp\mac3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ad-mymacro[1].xml
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\liveupdate8[1].dat
C:\Documents and Settings\Administrator\Local Settings\Temp\plugin.zip
C:\Documents and Settings\Administrator\Local Settings\Temp\mymacro.zip
C:\Documents and Settings\Administrator\Local Settings\Temp\RKey.zip
C:\Documents and Settings\Administrator\Local Settings\Temp\Runner.zip
C:\Documents and Settings\Administrator\Local Settings\Temp\MT.zip
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\AnJianBindingInstallPC[1].html
Behavior description:重命名文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\ad-mymacro9.xml.tmp ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ad-mymacro9.xml
C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\liveupdate8.dat.tmp ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\adcon\mm\liveupdate8.dat
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\ad-mymacro9.xml ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\tmpad.xml ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\mac3.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\plugin.zip ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\plugin.zip ---> Offset = 4096
C:\Documents and Settings\Administrator\Local Settings\Temp\plugin.zip ---> Offset = 8192
C:\Documents and Settings\Administrator\Local Settings\Temp\plugin.zip ---> Offset = 12288
C:\Documents and Settings\Administrator\Local Settings\Temp\plugin.zip ---> Offset = 16384
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\SYS.DLL ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\SYS.DLL ---> Offset = 16384
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\REGDLL.DLL ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\REGDLL.DLL ---> Offset = 16384
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\REGDLL.DLL ---> Offset = 32768
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\REGDLL.DLL ---> Offset = 49152
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\REGDLL.DLL ---> Offset = 65536
Network behavior
Behavior description:联网打开网址
details:InternetOpenUrlA: http://so****om/Include/BuildPage/AnJianBindingInstallPC.html, hInternet = 0x00cc0014, Flags = 0x80000001
Behavior description:下载文件
details:URLDownloadToFileW: http://so****om/V2014V2/Config/ad-mymacro.xml ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ad-mymacro9.xml.tmp
URLDownloadToFileW: http://do****om/qmacro/up_mymacro/liveupdate8.dat ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\adcon\mm\liveupdate8.dat.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\ad-mymacro9.xml.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\liveupdate8.dat.tmp
Behavior description:连接指定站点
details:InternetConnectA: ServerName = so****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = do****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0010, Flags = 0x00000000
InternetConnectA: ServerName = so****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0008, hConnect = 0x00cc000c, Flags = 0x04000000
InternetConnectA: ServerName = so****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0014, hConnect = 0x00cc0018, Flags = 0x80000001
Behavior description:打开HTTP连接
details:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
InternetOpenA: UserAgent: Mozilla/4.0 (compatible), hSession = 0x00cc0008
InternetOpenA: UserAgent: HttpClient, hSession = 0x00cc0014
Behavior description:建立到一个指定的套接字连接
details:URL: so****om, IP: **.133.40.**:80, SOCKET = 0x00000358
URL: do****om, IP: **.133.40.**:80, SOCKET = 0x00000360
URL: so****om, IP: **.133.40.**:80, SOCKET = 0x00000374
URL: so****om, IP: **.133.40.**:80, SOCKET = 0x00000350
Behavior description:读取网络文件
details:hFile = 0x00cc000c, BytesToRead =2048, BytesRead = 2048.
hFile = 0x00cc0014, BytesToRead =2048, BytesRead = 2048.
hFile = 0x00cc0010, BytesToRead =4095, BytesRead = 4095.
hFile = 0x00cc001c, BytesToRead =4096, BytesRead = 4096.
Behavior description:发送HTTP包
details:GET /V2014V2/Config/ad-mymacro.xml HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: so****om Connection: Keep-Alive
GET /qmacro/up_mymacro/liveupdate8.dat HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: do****om Connection: Keep-Alive
POST /Include/BuildPage/ExitAdXJL.shtml HTTP/1.1 Accept: */* Host: so****om Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible) Content-Length: 0 Cache-Control: no-cache
GET /Include/BuildPage/AnJianBindingInstallPC.html HTTP/1.1 User-Agent: HttpClient Host: so****om Cache-Control: no-cache
POST /Interface/GetIP.aspx HTTP/1.1 Accept: */* Host: so****om Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible) Content-Length: 29 Cache-Control: no-cache data=30497A4B3525323E7EE50001
Behavior description:打开HTTP请求
details:HttpOpenRequestA: so****om:80/v2014v2/config/ad-mymacro.xml, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400010
HttpOpenRequestA: do****om:80/qmacro/up_mymacro/liveupdate8.dat, hConnect = 0x00cc0010, hRequest = 0x00cc0014, Verb: GET, Referer: , Flags = 0x00400010
HttpOpenRequestA: so****om:80/include/buildpage/exitadxjl.shtml, hConnect = 0x00cc000c, hRequest = 0x00cc0010, Verb: POST, Referer: , Flags = 0x04000040
HttpOpenRequestA: so****om:80/include/buildpage/anjianbindinginstallpc.html, hConnect = 0x00cc0018, hRequest = 0x00cc001c, Verb: GET, Referer: , Flags = 0x80000001
HttpOpenRequestA: so****om:80/interface/getip.aspx, hConnect = 0x00cc000c, hRequest = 0x00cc0010, Verb: POST, Referer: , Flags = 0x04000040
Behavior description:按名称获取主机地址
details:GetAddrInfoW: so****om
GetAddrInfoW: do****om
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\DWFileTreeRoot
Behavior description:打开注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Behavior description:查询注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\
Other behavior
Behavior description:探测 Virtual PC是否存在
details:N/A
Behavior description:创建互斥体
details:oleacc-msaa-loaded
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
Behavior description:打开互斥体
details:ShimCacheMutex
Local\!IETld!Mutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
RasPbFile
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
Behavior description:获取TickCount值
details:TickCount = 224565, SleepMilliseconds = 50.
TickCount = 224581, SleepMilliseconds = 50.
TickCount = 224596, SleepMilliseconds = 50.
TickCount = 224690, SleepMilliseconds = 50.
TickCount = 224721, SleepMilliseconds = 50.
TickCount = 224878, SleepMilliseconds = 50.
TickCount = 225065, SleepMilliseconds = 50.
TickCount = 225268, SleepMilliseconds = 50.
TickCount = 225284, SleepMilliseconds = 50.
TickCount = 225456, SleepMilliseconds = 50.
TickCount = 225612, SleepMilliseconds = 50.
TickCount = 225628, SleepMilliseconds = 50.
TickCount = 225643, SleepMilliseconds = 50.
TickCount = 225675, SleepMilliseconds = 50.
TickCount = 225690, SleepMilliseconds = 50.
Behavior description:获取光标位置
details:CursorPos = (80,18468), SleepMilliseconds = 50.
CursorPos = (6373,26501), SleepMilliseconds = 50.
CursorPos = (19208,15725), SleepMilliseconds = 50.
CursorPos = (11517,29359), SleepMilliseconds = 50.
CursorPos = (27001,24465), SleepMilliseconds = 50.
CursorPos = (5744,28146), SleepMilliseconds = 50.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00010352, Text = , ClassName = ShadowWnd_UI.
Behavior description:搜索kernel32.dll基地址
details:Instruction Address = 0x0070da8a
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\SYS.DLL(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\REGDLL.DLL(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\ad-mymacro9.xml.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\liveupdate8.dat.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\LXJ_PLUG.DLL(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\LAZYOFFICE.DLL(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\MSG.DLL(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\FILE.DLL(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\MyMacro\Runner.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Application Data\MyMacro\MT.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Application Data\MyMacro\updatemacro.dat(签名验证: 通过)
C:\Documents and Settings\Administrator\Application Data\MyMacro\binding.exe(签名验证: 通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 50.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ShadowWnd_UI]
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\SYS.DLL ---> 9e540d9b62d97b7ec9761ab519db6a5c
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\REGDLL.DLL ---> f2d9f1443217e23b29d64978d2f61612
C:\Documents and Settings\Administrator\Local Settings\Temp\ad-mymacro9.xml.tmp ---> fe1d0ee5901dd167ee9b28eece31786c
C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\liveupdate8.dat.tmp ---> fe1d0ee5901dd167ee9b28eece31786c
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\LXJ_PLUG.DLL ---> f2b95bba57762d7a6ac0045288a226ce
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\LAZYOFFICE.DLL ---> 9633ea58182770aa29872ac9fbe020e6
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\MSG.DLL ---> 67be71ef830b10f536c9fadfd0ff8689
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\FILE.DLL ---> 4723c8d438821f0b0bc7edfe9811a1dc
C:\Documents and Settings\Administrator\Application Data\MyMacro\Runner.exe ---> 文件过大!
C:\Documents and Settings\Administrator\Application Data\MyMacro\MT.exe ---> 295f142c363d8c14a3f7c84622497cf6
C:\Documents and Settings\Administrator\Application Data\MyMacro\updatemacro.dat ---> cf91ee6448dde1032c3b91ae8031389b
C:\Documents and Settings\Administrator\Application Data\MyMacro\binding.exe ---> 6abd36f782e36bcf9e90a3230d6ca97f
Behavior description:直接获取CPU时钟
details:EAX = 0xa6a4f03c, EDX = 0x000000ba
EAX = 0xa6a4f088, EDX = 0x000000ba
EAX = 0xa6a4f0d4, EDX = 0x000000ba
EAX = 0xa6a4f120, EDX = 0x000000ba
EAX = 0xa957f09c, EDX = 0x000000ba
EAX = 0xa957f0e8, EDX = 0x000000ba
EAX = 0xa957f134, EDX = 0x000000ba
EAX = 0xabdfc0bd, EDX = 0x000000ba
EAX = 0xabdfc109, EDX = 0x000000ba
EAX = 0xabdfc155, EDX = 0x000000ba
Behavior description:VMWare特殊指令检测虚拟机
details:N/A
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号