VirSCAN VirSCAN

1, Vous pouvez ENVOYER tout fichier mais il y a une limite de 20 Mo par fichier.
2, VirSCAN supporte la décompression Rar/Zip mais il doit y avoir moins de 20 fichiers.
3, VirSCAN peut détecter un fichier compressé avec le mot de passe 'infected' ou 'virus'.

La langue
Charge du serveur
Server Load

Informations sur les fichiers
Cote de sécurité:85
Liste de comportement
Informations de base
MD5:0120f70e7b484678f0f295d9ca5f3539
Type de fichier:EXE
Société de production:
Version:
Informations sur le shell ou le compilateur:COMPILER:UPolyX v0.5
Comportement clé
Description du comportement:屏蔽窗口关闭消息
Détails:hWnd = 0x000902b2, Text = Ru-Board is a power..., ClassName = #32770.
Description du comportement:获取TickCount值
Détails:TickCount = 5349647, SleepMilliseconds = 7.
TickCount = 5349663, SleepMilliseconds = 7.
TickCount = 5349694, SleepMilliseconds = 7.
TickCount = 5360053, SleepMilliseconds = 7.
TickCount = 5361710, SleepMilliseconds = 7.
TickCount = 5361850, SleepMilliseconds = 7.
TickCount = 5369428, SleepMilliseconds = 7.
TickCount = 5375116, SleepMilliseconds = 7.
TickCount = 5375132, SleepMilliseconds = 7.
Comportement du processus
Description du comportement:创建本地线程
Détails:TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2040, ThreadID = 444, StartAddress = 10003B43, Parameter = 00000000
Comportement du fichier
Description du comportement:创建文件
Détails:C:\Documents and Settings\Administrator\Local Settings\Temp\dup2patcher.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\bassmod.dll
Description du comportement:删除文件
Détails:C:\Documents and Settings\Administrator\Local Settings\Temp\bassmod.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\dup2patcher.dll
Description du comportement:创建可执行文件
Détails:C:\Documents and Settings\Administrator\Local Settings\Temp\dup2patcher.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\bassmod.dll
Description du comportement:修改文件内容
Détails:C:\Documents and Settings\Administrator\Local Settings\Temp\dup2patcher.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\bassmod.dll ---> Offset = 0
Autre comportement
Description du comportement:创建互斥体
Détails:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.IGE
Description du comportement:创建事件对象
Détails:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.IGE.IC
EventName = MSCTF.SendReceiveConection.Event.IGE.IC
Description du comportement:查找指定窗口
Détails:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Description du comportement:打开事件
Détails:HookSwitchHookEnabledEvent
Global\SvcctrlStartEvent_A3752DX
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000040
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000040
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000041
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000041
Description du comportement:获取TickCount值
Détails:TickCount = 5349647, SleepMilliseconds = 7.
TickCount = 5349663, SleepMilliseconds = 7.
TickCount = 5349694, SleepMilliseconds = 7.
TickCount = 5360053, SleepMilliseconds = 7.
TickCount = 5361710, SleepMilliseconds = 7.
TickCount = 5361850, SleepMilliseconds = 7.
TickCount = 5369428, SleepMilliseconds = 7.
TickCount = 5375116, SleepMilliseconds = 7.
TickCount = 5375132, SleepMilliseconds = 7.
Description du comportement:屏蔽窗口关闭消息
Détails:hWnd = 0x000902b2, Text = Ru-Board is a power..., ClassName = #32770.
Description du comportement:窗口信息
Détails:Pid = 2040, Hwnd=0xd035e, Text = Release Info, ClassName = Button(GroupBox).
Pid = 2040, Hwnd=0x1002c8, Text = [Filename], ClassName = Static.
Pid = 2040, Hwnd=0x1802fe, Text = [URL], ClassName = Static.
Pid = 2040, Hwnd=0xb032a, Text = [Author], ClassName = Static.
Pid = 2040, Hwnd=0x503b0, Text = [Release Date], ClassName = Static.
Pid = 2040, Hwnd=0x703ba, Text = ACDSee Ultimate 10.x UniPatch, ClassName = Static.
Pid = 2040, Hwnd=0x40392, Text = Some noisy files..., ClassName = Static.
Pid = 2040, Hwnd=0x403a2, Text = http://acdsee.com, ClassName = Static.
Pid = 2040, Hwnd=0x1902ce, Text = Kindly/RBC and CORE, ClassName = Static.
Pid = 2040, Hwnd=0x7038a, Text = September 14, 2016, ClassName = Static.
Pid = 2040, Hwnd=0x7037c, Text = Make Backup, ClassName = Button(CheckBox).
Pid = 2040, Hwnd=0x1702d8, Text = Patch, ClassName = Button.
Pid = 2040, Hwnd=0x9039c, Text = About, ClassName = Button.
Pid = 2040, Hwnd=0x1d02bc, Text = Exit, ClassName = Button.
Pid = 2040, Hwnd=0xc03a0, Text = 1. Install the software. 2. Copy patch to the app dir and apply. 3. Enjoy! This patch was based on CORE keygen. I"m can to reg, ClassName = Edit.
Description du comportement:可执行文件签名信息
Détails:C:\Documents and Settings\Administrator\Local Settings\Temp\dup2patcher.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\bassmod.dll(签名验证: 未通过)
Description du comportement:隐藏指定窗口
Détails:[Window,Class] = [,ListBox]
Description du comportement:可执行文件MD5
Détails:C:\Documents and Settings\Administrator\Local Settings\Temp\dup2patcher.dll ---> ef71d5d66b4fef4d35c9abf13e76594b
C:\Documents and Settings\Administrator\Local Settings\Temp\bassmod.dll ---> 780d14604d49e3c634200c523def8351
Description du comportement:打开互斥体
Détails:ShimCacheMutex
Description du comportement:样本控制台输出内容
Détails:N/A
Description du comportement:加载新释放的文件
Détails:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dup2patcher.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bassmod.dll.
Exécuter une capture d'écran
VirSCAN

Au sujet de VirSCAN | Politique de confidentialité | Contacts | Lien amical | Aider VirSCAN
Traduit par Gérard Mélone (Paris)
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号