VirSCAN VirSCAN

1, Podés SUBIR cualquier archivo de hasta 20MB.
2, VirSCAN soporta descompresión Rar/Zip de hasta 20 archivos.
3, VirSCAN puede escanear archivos comprimidos con la contraseña 'infected' o 'virus'.

Idioma
Carga del Servidor
Server Load

Información del archivo
Calificación de seguridad:30
Lista de comportamiento
Información básica
MD5:204d72f9fbe8abc2044fe1006290424f
Tipo de archivo:zip
Compañía de producción:
Versión:
Información de shell o compilador:
Información de subarchivo:vc2008.exe / 35da2bf2befd998980a495b6f4f55e60 / EXE
生成器.exe / 56c97e360848f78a00a75a93fe905f2b / EXE
25000.exe / 4386706f14a77b47736e5e487e515861 / EXE
去后门补丁.exe / bd349de95342803afd1c49a7eaf94941 / EXE
使用说明.txt / ab87180e8bb282751c655c653be6b456 / Unknown
菜鸟3分钟了解Linux集群.txt / f6d65070cd4fdc8a1576b2972008e29d / Unknown
Comportamiento clave
Descripción del comportamiento:屏蔽窗口关闭消息
Detalles:hWnd = 0x0001034a, Text = Microsoft Visual C++ 2008 Redistributable 安装程序, ClassName = ATL:0047DD48.
Descripción del comportamiento:获取TickCount值
Detalles:TickCount = 283921, SleepMilliseconds = 60000.
TickCount = 283968, SleepMilliseconds = 60000.
TickCount = 283984, SleepMilliseconds = 60000.
TickCount = 284000, SleepMilliseconds = 60000.
TickCount = 284015, SleepMilliseconds = 60000.
TickCount = 284031, SleepMilliseconds = 60000.
TickCount = 284078, SleepMilliseconds = 60000.
TickCount = 284109, SleepMilliseconds = 60000.
TickCount = 284125, SleepMilliseconds = 60000.
TickCount = 284312, SleepMilliseconds = 60000.
TickCount = 284500, SleepMilliseconds = 60000.
TickCount = 284515, SleepMilliseconds = 60000.
Comportamiento del proceso
Descripción del comportamiento:创建本地线程
Detalles:TargetProcess: vc2008.exe, InheritedFromPID = 2000, ProcessID = 3072, ThreadID = 3084, StartAddress = 0100368E, Parameter = 00000000
TargetProcess: install.exe, InheritedFromPID = 3072, ProcessID = 3232, ThreadID = 3288, StartAddress = 00418763, Parameter = 0012FA20
TargetProcess: install.exe, InheritedFromPID = 3072, ProcessID = 3232, ThreadID = 3332, StartAddress = 7CAA203B, Parameter = 7CB75F50
TargetProcess: install.exe, InheritedFromPID = 3072, ProcessID = 3232, ThreadID = 3344, StartAddress = 765E964D, Parameter = 001C6710
TargetProcess: install.exe, InheritedFromPID = 3072, ProcessID = 3232, ThreadID = 3348, StartAddress = 7C949B6F, Parameter = 00000000
TargetProcess: install.exe, InheritedFromPID = 3072, ProcessID = 3232, ThreadID = 3352, StartAddress = 759D8761, Parameter = 00000000
TargetProcess: install.exe, InheritedFromPID = 3072, ProcessID = 3232, ThreadID = 3356, StartAddress = 757D4D37, Parameter = 001FC598
TargetProcess: install.exe, InheritedFromPID = 3072, ProcessID = 3232, ThreadID = 3384, StartAddress = 77E56C7D, Parameter = 001B8958
TargetProcess: install.exe, InheritedFromPID = 3072, ProcessID = 3232, ThreadID = 3388, StartAddress = 769AE43B, Parameter = 0020EB50
TargetProcess: install.exe, InheritedFromPID = 3072, ProcessID = 3232, ThreadID = 3420, StartAddress = 77E56C7D, Parameter = 00207010
Descripción del comportamiento:创建新文件进程
Detalles:[0x00000ca0]ImagePath = C:\6efc323b4fbc654615a7057273160c\install.exe, CmdLine = c:\6efc323b4fbc654615a7057273160c\.\install.exe
Comportamiento del archivo
Descripción del comportamiento:创建文件
Detalles:C:\6efc323b4fbc654615a7057273160c\vc_red.cab
C:\6efc323b4fbc654615a7057273160c\vc_red.msi
C:\6efc323b4fbc654615a7057273160c\install.exe
C:\6efc323b4fbc654615a7057273160c\install.res.1033.dll
C:\6efc323b4fbc654615a7057273160c\install.res.1042.dll
C:\6efc323b4fbc654615a7057273160c\install.res.1041.dll
C:\6efc323b4fbc654615a7057273160c\install.res.1049.dll
C:\6efc323b4fbc654615a7057273160c\install.res.1040.dll
C:\6efc323b4fbc654615a7057273160c\install.res.1036.dll
C:\6efc323b4fbc654615a7057273160c\install.res.3082.dll
C:\6efc323b4fbc654615a7057273160c\install.res.1031.dll
C:\6efc323b4fbc654615a7057273160c\install.res.1028.dll
C:\6efc323b4fbc654615a7057273160c\install.res.2052.dll
C:\6efc323b4fbc654615a7057273160c\eula.1033.txt
C:\6efc323b4fbc654615a7057273160c\eula.1042.txt
Descripción del comportamiento:删除文件
Detalles:C:\6efc323b4fbc654615a7057273160c\$shtdwn$.req
C:\6efc323b4fbc654615a7057273160c\vcredist.bmp
C:\6efc323b4fbc654615a7057273160c\install.ini
C:\6efc323b4fbc654615a7057273160c\globdata.ini
C:\6efc323b4fbc654615a7057273160c\eula.2052.txt
C:\6efc323b4fbc654615a7057273160c\eula.1028.txt
C:\6efc323b4fbc654615a7057273160c\eula.1031.txt
C:\6efc323b4fbc654615a7057273160c\eula.3082.txt
C:\6efc323b4fbc654615a7057273160c\eula.1036.txt
C:\6efc323b4fbc654615a7057273160c\eula.1040.txt
C:\6efc323b4fbc654615a7057273160c\eula.1049.txt
C:\6efc323b4fbc654615a7057273160c\eula.1041.txt
C:\6efc323b4fbc654615a7057273160c\eula.1042.txt
C:\6efc323b4fbc654615a7057273160c\eula.1033.txt
C:\6efc323b4fbc654615a7057273160c\install.res.2052.dll
Descripción del comportamiento:创建可执行文件
Detalles:C:\6efc323b4fbc654615a7057273160c\install.exe
C:\6efc323b4fbc654615a7057273160c\install.res.1033.dll
C:\6efc323b4fbc654615a7057273160c\install.res.1042.dll
C:\6efc323b4fbc654615a7057273160c\install.res.1041.dll
C:\6efc323b4fbc654615a7057273160c\install.res.1049.dll
C:\6efc323b4fbc654615a7057273160c\install.res.1040.dll
C:\6efc323b4fbc654615a7057273160c\install.res.1036.dll
C:\6efc323b4fbc654615a7057273160c\install.res.3082.dll
C:\6efc323b4fbc654615a7057273160c\install.res.1031.dll
C:\6efc323b4fbc654615a7057273160c\install.res.1028.dll
C:\6efc323b4fbc654615a7057273160c\install.res.2052.dll
Descripción del comportamiento:修改文件内容
Detalles:C:\6efc323b4fbc654615a7057273160c\vc_red.cab ---> Offset = 0
C:\6efc323b4fbc654615a7057273160c\vc_red.cab ---> Offset = 32768
C:\6efc323b4fbc654615a7057273160c\vc_red.cab ---> Offset = 65536
C:\6efc323b4fbc654615a7057273160c\vc_red.cab ---> Offset = 98304
C:\6efc323b4fbc654615a7057273160c\vc_red.cab ---> Offset = 131072
C:\6efc323b4fbc654615a7057273160c\vc_red.msi ---> Offset = 0
C:\6efc323b4fbc654615a7057273160c\vc_red.msi ---> Offset = 32768
C:\6efc323b4fbc654615a7057273160c\vc_red.msi ---> Offset = 65536
C:\6efc323b4fbc654615a7057273160c\vc_red.msi ---> Offset = 98304
C:\6efc323b4fbc654615a7057273160c\vc_red.msi ---> Offset = 131072
C:\6efc323b4fbc654615a7057273160c\install.exe ---> Offset = 0
C:\6efc323b4fbc654615a7057273160c\install.exe ---> Offset = 32768
C:\6efc323b4fbc654615a7057273160c\install.exe ---> Offset = 65536
C:\6efc323b4fbc654615a7057273160c\install.exe ---> Offset = 98304
C:\6efc323b4fbc654615a7057273160c\install.exe ---> Offset = 131072
Descripción del comportamiento:查找文件
Detalles:FileName = c:\6efc323b4fbc654615a7057273160c\install.exe
FileName = C:\6efc323b4fbc654615a7057273160c\install.exe
FileName = C:\6efc323b4fbc654615a7057273160c\vc_red.msi
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates\*
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs\*
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs\*
FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\WINDOWS\Microsoft.NET\Framework\\*
FileName = c:\6efc323b4fbc654615a7057273160c\vc_red.msi
Comportamiento de la red
Descripción del comportamiento:连接指定站点
Detalles:WinHttpConnect: ServerName = cr****om, PORT = 80, UserName = , Password = , hSession = 0x02482000, hConnect = 0x02482100, Flags = 0x00000000
Descripción del comportamiento:打开HTTP连接
Detalles:WinHttpOpen: UserAgent: Microsoft-CryptoAPI/5.131.2600.5512, hSession = 0x02482000
Descripción del comportamiento:建立到一个指定的套接字连接
Detalles:URL: cr****om, IP: **.133.40.**:80, SOCKET = 0x00000344
Descripción del comportamiento:发送HTTP包
Detalles:GET /pki/crl/products/CSPCA.crl HTTP/1.1 Accept: */* User-Agent: Microsoft-CryptoAPI/5.131.2600.5512 Host: cr****om Connection: Keep-Alive Cache-Control: no-cache Pragma: no-cache
Descripción del comportamiento:打开HTTP请求
Detalles:WinHttpOpenRequest: cr****om:80/pki/crl/products/cspca.crl, hConnect = 0x02482100, hRequest = 0x024f0000, Verb: GET, Referer: , Flags = 0x00000100
Descripción del comportamiento:按名称获取主机地址
Detalles:GetAddrInfoW: cr****om
Comportamiento del registro
Descripción del comportamiento:修改注册表_延迟重命名项
Detalles:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Otro comportamiento
Descripción del comportamiento:创建互斥体
Detalles:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
SetupWatson_Mutex_Name
MSCTF.Shared.MUTEX.EKM
RasPbFile
MSCTF.Shared.MUTEX.MAM
Descripción del comportamiento:创建事件对象
Detalles:EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
EventName = VSSetupWatsonInitEvent_3232
EventName = VSSetupWatsonStartEvent_3232
EventName = VSSetupWatsonEndEvent_3232
EventName = MSCTF.SendReceive.Event.EKM.IC
EventName = MSCTF.SendReceiveConection.Event.EKM.IC
EventName = DINPUTWINMM
EventName = MSCTF.SendReceiveConection.Event.MAM.IC
EventName = MSCTF.SendReceive.Event.MAM.IC
Descripción del comportamiento:查找指定窗口
Detalles:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Descripción del comportamiento:打开事件
Detalles:HookSwitchHookEnabledEvent
Global\SvcctrlStartEvent_A3752DX
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
Global\crypt32LogoffEvent
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
Global\userenv: Machine Group Policy has been applied
userenv: User Group Policy has been applied
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
\INSTALLATION_SECURITY_HOLD
MSFT.VSA.COM.DISABLE.3232
MSFT.VSA.IEC.STATUS.6c736db0
Descripción del comportamiento:获取TickCount值
Detalles:TickCount = 283921, SleepMilliseconds = 60000.
TickCount = 283968, SleepMilliseconds = 60000.
TickCount = 283984, SleepMilliseconds = 60000.
TickCount = 284000, SleepMilliseconds = 60000.
TickCount = 284015, SleepMilliseconds = 60000.
TickCount = 284031, SleepMilliseconds = 60000.
TickCount = 284078, SleepMilliseconds = 60000.
TickCount = 284109, SleepMilliseconds = 60000.
TickCount = 284125, SleepMilliseconds = 60000.
TickCount = 284312, SleepMilliseconds = 60000.
TickCount = 284500, SleepMilliseconds = 60000.
TickCount = 284515, SleepMilliseconds = 60000.
Descripción del comportamiento:调整进程token权限
Detalles:SE_CREATE_TOKEN_PRIVILEGE
Descripción del comportamiento:屏蔽窗口关闭消息
Detalles:hWnd = 0x0001034a, Text = Microsoft Visual C++ 2008 Redistributable 安装程序, ClassName = ATL:0047DD48.
Descripción del comportamiento:窗口信息
Detalles:Pid = 3232, Hwnd=0x1038a, Text = 产品支持中心, ClassName = Button.
Pid = 3232, Hwnd=0x10380, Text = 完成(&F), ClassName = Button.
Pid = 3232, Hwnd=0x10382, Text = 已成功安装 Microsoft Visual C++ 2008 Redistributable。, ClassName = Static.
Pid = 3232, Hwnd=0x10384, Text = 安装完成, ClassName = Static.
Pid = 3232, Hwnd=0x10386, Text = 强烈建议您下载并安装此产品的最新 Service Pack 和安全更新。 有关详细信息,请访问以下网站:, ClassName = Static.
Pid = 3232, Hwnd=0x10388, Text = 重新启动计算机(&R), ClassName = Button(CheckBox).
Pid = 3232, Hwnd=0x10370, Text = 取消(&C), ClassName = Button.
Pid = 3232, Hwnd=0x10374, Text = 正在安装所选项。, ClassName = Static.
Pid = 3232, Hwnd=0x10376, Text = 正在安装组件, ClassName = Static.
Pid = 3232, Hwnd=0x10378, Text = 正在初始化安装。, ClassName = Button.
Pid = 3232, Hwnd=0x1037c, Text = 安装进度: , ClassName = Static.
Pid = 3232, Hwnd=0x1035e, Text = < 上一步(&B), ClassName = Button.
Pid = 3232, Hwnd=0x10360, Text = 安装(&I) >, ClassName = Button.
Pid = 3232, Hwnd=0x10362, Text = 取消(&C), ClassName = Button.
Pid = 3232, Hwnd=0x10364, Text = MICROSOFT软件许可条款 MICROSOFT VISUAL C++ 2008 RUNTIME LIBRARIES (X86, IA64 AND X64), SERVICE PACK 1 本许可条款是 Microsoft Corporation(或您, ClassName = RichEdit20W.
Descripción del comportamiento:导入密钥
Detalles:[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x001BAA58, DataLen: 276, Flags: 0x00000000
Descripción del comportamiento:可执行文件签名信息
Detalles:C:\6efc323b4fbc654615a7057273160c\install.exe(签名验证: 通过)
C:\6efc323b4fbc654615a7057273160c\install.res.1033.dll(签名验证: 通过)
C:\6efc323b4fbc654615a7057273160c\install.res.1042.dll(签名验证: 通过)
C:\6efc323b4fbc654615a7057273160c\install.res.1041.dll(签名验证: 通过)
C:\6efc323b4fbc654615a7057273160c\install.res.1049.dll(签名验证: 通过)
C:\6efc323b4fbc654615a7057273160c\install.res.1040.dll(签名验证: 通过)
C:\6efc323b4fbc654615a7057273160c\install.res.1036.dll(签名验证: 通过)
C:\6efc323b4fbc654615a7057273160c\install.res.3082.dll(签名验证: 通过)
C:\6efc323b4fbc654615a7057273160c\install.res.1031.dll(签名验证: 通过)
C:\6efc323b4fbc654615a7057273160c\install.res.1028.dll(签名验证: 通过)
C:\6efc323b4fbc654615a7057273160c\install.res.2052.dll(签名验证: 通过)
Descripción del comportamiento:调用Sleep函数
Detalles:[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 60000.
[3]: MilliSeconds = 10.
[4]: MilliSeconds = 60000.
[5]: MilliSeconds = 0.
Descripción del comportamiento:隐藏指定窗口
Detalles:[Window,Class] = [Extracting Files,#32770]
[Window,Class] = [,Edit]
[Window,Class] = [重新启动计算机(&R),Button]
[Window,Class] = [,#32770]
[Window,Class] = [产品支持中心,Button]
Descripción del comportamiento:可执行文件MD5
Detalles:C:\6efc323b4fbc654615a7057273160c\install.exe ---> 4138c31964fbcb3b7418e086933324c3
C:\6efc323b4fbc654615a7057273160c\install.res.1033.dll ---> ff6003014eefc9c30abe20e3e1f5fbe8
C:\6efc323b4fbc654615a7057273160c\install.res.1042.dll ---> ba91e387d54b94689644ebd23ff264ba
C:\6efc323b4fbc654615a7057273160c\install.res.1041.dll ---> 6bfb58958d58bf38e9242b2056392b8c
C:\6efc323b4fbc654615a7057273160c\install.res.1049.dll ---> 9aac6ce2ad6c7aee5481e46ddb0ad0dd
C:\6efc323b4fbc654615a7057273160c\install.res.1040.dll ---> ef1ccfe8572cdaaefb1940efbbff6d80
C:\6efc323b4fbc654615a7057273160c\install.res.1036.dll ---> 4d431f94a7d0945f4a7f13b7988632aa
C:\6efc323b4fbc654615a7057273160c\install.res.3082.dll ---> dbbe392a7536c76ec60a21e211eb3210
C:\6efc323b4fbc654615a7057273160c\install.res.1031.dll ---> 6f22a8ecc5a917c61f1478ef4ad53949
C:\6efc323b4fbc654615a7057273160c\install.res.1028.dll ---> 8c2c1df03574e935277addc6e151bdbe
C:\6efc323b4fbc654615a7057273160c\install.res.2052.dll ---> 208f1260b7145b19434a8c95ff7c0474
Descripción del comportamiento:打开互斥体
Detalles:ShimCacheMutex
RasPbFile
Descripción del comportamiento:加载新释放的文件
Detalles:Image: C:\6efc323b4fbc654615a7057273160c\install.res.2052.dll.
Ejecutar captura de pantalla
VirSCAN

Acerca de VirSCAN | Política de Privacidad | Contactanos | Enlace amigable | Ayudá a VirSCAN
Traducido por Marcelo Ois Lagarde, Argentina
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号