VirSCAN VirSCAN

1, Podés SUBIR cualquier archivo de hasta 20MB.
2, VirSCAN soporta descompresión Rar/Zip de hasta 20 archivos.
3, VirSCAN puede escanear archivos comprimidos con la contraseña 'infected' o 'virus'.

Idioma
Carga del Servidor
Server Load

Información del archivo
Calificación de seguridad:78
Lista de comportamiento
Información básica
MD5:8975b8147dd5979e2862495059304001
Tipo de archivo:EXE
Compañía de producción:
Versión:
Información de shell o compilador:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Información de subarchivo:rtu30x64w8.sys / aac76da735718db96e95509bcfcd75cb / SYS
rtu30x64w7.sys / 30916d83eb23cc66c6c670c3a7f67f20 / SYS
rtu30lh64.sys / e16b9b0f766eb53f2933820c265955dd / SYS
RTNicProp32.dll / 08732b3c89b2a9877495ad14fb56a8b6 / DLL
RTNicProp32.dll / 63f511c62ac0b381433dca4a5869c41c / DLL
RTNicProp32.dll / 4fa9526655e24e7a9052bf30ca533636 / DLL
RTNicProp32.dll / 593422cb748dd0c3ba6ed08603170250 / DLL
rtu30x86w8.sys / d4c6f97bae377f86c14d82654189d1e2 / SYS
RTNicProp64.dll / f6884083f230025ea0f5d2e873a8b38e / DLL
RTNicProp64.dll / a6287b4fad2a1bdb390c43ffab007472 / DLL
RTNicProp64.dll / 8c8e72f9dd8bd31f5c5a16e73c9d30f7 / DLL
RTNicProp64.dll / f035197c2d32673bd40665103d2d651c / DLL
rtu30lh86.sys / 7a08b5d28e5ba8759ee04540bcf29cfc / SYS
rtu30x86w7.sys / bbb97f8d530af9aa3f86b899c5bc03b9 / SYS
rtu30nic64.sys / 9916f5e5975274b25139d3fdbda2c305 / SYS
Setup.exe / c60078b65117aeb51e2e754d1dc8421a / EXE
rtu30nicxp.sys / 35043e6f075625c21d3ceb45dba82005 / SYS
rtu30x64w8.inf / 2ea79fd5c627c8152fcb8ce14a66d6c2 / Unknown
rtu30x86w8.inf / 7a1000b0bb9e45d42856eff3ce52e3d5 / Unknown
Comportamiento clave
Descripción del comportamiento:获取TickCount值
Detalles:TickCount = 5437859, SleepMilliseconds = 250.
Comportamiento del proceso
Descripción del comportamiento:创建本地线程
Detalles:TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 3464, ThreadID = 3548, StartAddress = 0040129C, Parameter = 0091AF88
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 3464, ThreadID = 3552, StartAddress = 77C0A341, Parameter = 0091B630
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 3464, ThreadID = 3556, StartAddress = 77C0A341, Parameter = 00B0CE08
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 3464, ThreadID = 3560, StartAddress = 77C0A341, Parameter = 0091B630
TargetProcess: Setup.exe, InheritedFromPID = 3464, ProcessID = 3716, ThreadID = 3736, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: Setup.exe, InheritedFromPID = 3464, ProcessID = 3716, ThreadID = 3740, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: Setup.exe, InheritedFromPID = 3464, ProcessID = 3716, ThreadID = 3744, StartAddress = 7C949B6F, Parameter = 00000000
TargetProcess: Setup.exe, InheritedFromPID = 3464, ProcessID = 3716, ThreadID = 3748, StartAddress = 765E964D, Parameter = 001BEC70
TargetProcess: Setup.exe, InheritedFromPID = 3464, ProcessID = 3716, ThreadID = 3752, StartAddress = 759D8761, Parameter = 00000000
TargetProcess: Setup.exe, InheritedFromPID = 3464, ProcessID = 3716, ThreadID = 3780, StartAddress = 77DC845A, Parameter = 00000000
Descripción del comportamiento:创建新文件进程
Detalles:[0x00000e84]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RTK_NIC_DRIVER_INSTALLER\setup.exe" -s
Comportamiento del archivo
Descripción del comportamiento:创建文件
Detalles:C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WinXP\32\netu30rtle.cat
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WinXP\64\netu30rtle.cat
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\64\rtu30lh64.cat
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\32\rtu30lh86.cat
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win7\64\rtu30x64w7.cat
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win8\64\rtu30x64w8.cat
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win7\32\rtu30x86w7.cat
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win8\32\rtu30x86w8.cat
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WinXP\32\Netu30rtle.INF
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WinXP\64\Netu30rtle.INF
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\64\rtu30lh64.INF
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\32\rtu30lh86.INF
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win7\64\rtu30x64w7.inf
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win8\64\rtu30x64w8.inf
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win7\32\rtu30x86w7.inf
Descripción del comportamiento:创建可执行文件
Detalles:C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win7\32\RTNicProp32.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win8\32\RTNicProp32.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\32\RTNicProp32.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WinXP\32\RTNicProp32.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win7\64\RTNicProp64.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win8\64\RTNicProp64.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\64\RTNicProp64.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WinXP\64\RTNicProp64.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\64\rtu30lh64.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\32\rtu30lh86.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WinXP\64\rtu30nic64.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win7\64\rtu30x64w7.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win8\64\rtu30x64w8.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win7\32\rtu30x86w7.sys
Descripción del comportamiento:覆盖已有文件
Detalles:C:\WINDOWS\inf\oem12.inf
Descripción del comportamiento:查找文件
Detalles:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RTK_NIC_DRIVER_INSTALLER\setup.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\32\Netu30rtle.inf
FileName = C:\WINDOWS\INF\OEM*.INF
Descripción del comportamiento:复制文件
Detalles:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\32\Netu30rtle.inf ---> C:\WINDOWS\INF\oem12.inf
Descripción del comportamiento:重命名文件
Detalles:C:\WINDOWS\LastGood\TMP51.tmp ---> C:\WINDOWS\LastGood\INF\oem12.inf
C:\WINDOWS\LastGood\TMP52.tmp ---> C:\WINDOWS\LastGood\INF\oem12.PNF
Descripción del comportamiento:修改文件内容
Detalles:C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WinXP\32\netu30rtle.cat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WinXP\64\netu30rtle.cat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\64\rtu30lh64.cat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\32\rtu30lh86.cat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win7\64\rtu30x64w7.cat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win8\64\rtu30x64w8.cat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win7\32\rtu30x86w7.cat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win8\32\rtu30x86w8.cat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WinXP\32\Netu30rtle.INF ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WinXP\64\Netu30rtle.INF ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\64\rtu30lh64.INF ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\32\rtu30lh86.INF ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win7\64\rtu30x64w7.inf ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win8\64\rtu30x64w8.inf ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win7\32\rtu30x86w7.inf ---> Offset = 0
Comportamiento del registro
Descripción del comportamiento:修改注册表
Detalles:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RTK_NIC_DRIVER_INSTALLER\setup.exe
\REGISTRY\MACHINE\SYSTEM\LastKnownGoodRecovery\LastGood\INF/oem12.inf
\REGISTRY\MACHINE\SYSTEM\LastKnownGoodRecovery\LastGood\INF/oem12.PNF
Otro comportamiento
Descripción del comportamiento:创建互斥体
Detalles:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
SHIMLIB_LOG_MUTEX
Descripción del comportamiento:创建事件对象
Detalles:EventName = Global\userenv: User Profile setup event
EventName = DINPUTWINMM
EventName = Global\crypt32LogoffEvent
Descripción del comportamiento:获取TickCount值
Detalles:TickCount = 5437859, SleepMilliseconds = 250.
Descripción del comportamiento:调整进程token权限
Detalles:SE_LOAD_DRIVER_PRIVILEGE
Descripción del comportamiento:打开事件
Detalles:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\crypt32LogoffEvent
Global\SvcctrlStartEvent_A3752DX
Global\userenv: Machine Group Policy has been applied
userenv: User Group Policy has been applied
\INSTALLATION_SECURITY_HOLD
Descripción del comportamiento:可执行文件签名信息
Detalles:C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win7\32\RTNicProp32.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win8\32\RTNicProp32.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\32\RTNicProp32.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WinXP\32\RTNicProp32.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win7\64\RTNicProp64.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win8\64\RTNicProp64.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\64\RTNicProp64.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WinXP\64\RTNicProp64.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\64\rtu30lh64.sys(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\32\rtu30lh86.sys(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WinXP\64\rtu30nic64.sys(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win7\64\rtu30x64w7.sys(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win8\64\rtu30x64w8.sys(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win7\32\rtu30x86w7.sys(签名验证: 通过)
Descripción del comportamiento:调用Sleep函数
Detalles:[1]: MilliSeconds = 250.
Descripción del comportamiento:可执行文件MD5
Detalles:C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exe ---> c60078b65117aeb51e2e754d1dc8421a
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win7\32\RTNicProp32.dll ---> 08732b3c89b2a9877495ad14fb56a8b6
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win8\32\RTNicProp32.dll ---> 593422cb748dd0c3ba6ed08603170250
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\32\RTNicProp32.dll ---> 63f511c62ac0b381433dca4a5869c41c
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WinXP\32\RTNicProp32.dll ---> 4fa9526655e24e7a9052bf30ca533636
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win7\64\RTNicProp64.dll ---> f6884083f230025ea0f5d2e873a8b38e
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win8\64\RTNicProp64.dll ---> f035197c2d32673bd40665103d2d651c
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\64\RTNicProp64.dll ---> 8c8e72f9dd8bd31f5c5a16e73c9d30f7
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WinXP\64\RTNicProp64.dll ---> a6287b4fad2a1bdb390c43ffab007472
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\64\rtu30lh64.sys ---> e16b9b0f766eb53f2933820c265955dd
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\32\rtu30lh86.sys ---> 7a08b5d28e5ba8759ee04540bcf29cfc
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\WinXP\64\rtu30nic64.sys ---> 9916f5e5975274b25139d3fdbda2c305
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win7\64\rtu30x64w7.sys ---> 30916d83eb23cc66c6c670c3a7f67f20
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win8\64\rtu30x64w8.sys ---> aac76da735718db96e95509bcfcd75cb
C:\Documents and Settings\Administrator\Local Settings\Temp\RTK_NIC_DRIVER_INSTALLER\Win7\32\rtu30x86w7.sys ---> bbb97f8d530af9aa3f86b899c5bc03b9
Descripción del comportamiento:打开互斥体
Detalles:ShimCacheMutex
Local\!IETld!Mutex
Ejecutar captura de pantalla
VirSCAN

Acerca de VirSCAN | Política de Privacidad | Contactanos | Enlace amigable | Ayudá a VirSCAN
Traducido por Marcelo Ois Lagarde, Argentina
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号