VirSCAN VirSCAN

1, Vous pouvez ENVOYER tout fichier mais il y a une limite de 20 Mo par fichier.
2, VirSCAN supporte la décompression Rar/Zip mais il doit y avoir moins de 20 fichiers.
3, VirSCAN peut détecter un fichier compressé avec le mot de passe 'infected' ou 'virus'.

La langue
Charge du serveur
Server Load

Informations sur les fichiers
Cote de sécurité:50
Liste de comportement
Informations de base
MD5:46657c4342525913bb90dd8da9dc06e1
Type de fichier:EXE
Société de production:
Version:1.0.0.0---1.0.0.0
Informations sur le shell ou le compilateur:COMPILER:Elan
Comportement clé
Description du comportement:修改注册表_Winsock劫持
Détails:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\PackedCatalogItem
Description du comportement:设置特殊文件夹属性
Détails:C:\Documents and Settings\Administrator\IECompatCache
Comportement du processus
Description du comportement:创建本地线程
Détails:TargetProcess: iexplore.exe, InheritedFromPID = 2740, ProcessID = 2780, ThreadID = 2920, StartAddress = 77E56C7D, Parameter = 001D6C70
TargetProcess: iexplore.exe, InheritedFromPID = 2740, ProcessID = 2780, ThreadID = 2928, StartAddress = 0138507F, Parameter = 0217E400
TargetProcess: iexplore.exe, InheritedFromPID = 2176, ProcessID = 2740, ThreadID = 2940, StartAddress = 769AE43B, Parameter = 001C6580
TargetProcess: iexplore.exe, InheritedFromPID = 2176, ProcessID = 2740, ThreadID = 2944, StartAddress = 7C930230, Parameter = 00000000
Description du comportement:枚举进程
Détails:N/A
Comportement du fichier
Description du comportement:创建文件
Détails:C:\Documents and Settings\Administrator\Local Settings\%temp%\ESPI11.dll
C:\WINDOWS\system32\ESPI11.dll
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\yixun_com[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favicon[1].ico
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Description du comportement:创建可执行文件
Détails:C:\Documents and Settings\Administrator\Local Settings\%temp%\ESPI11.dll
C:\WINDOWS\system32\ESPI11.dll
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Description du comportement:复制文件
Détails:C:\Documents and Settings\Administrator\Local Settings\%temp%\ESPI11.dll ---> C:\WINDOWS\system32\ESPI11.dll
Description du comportement:删除文件
Détails:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favicon[1].ico
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Description du comportement:查找文件
Détails:FileName = C:\WINDOWS
FileName = C:\WINDOWS\WinSxS
FileName = C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
FileName = C:\Program Files\Java
FileName = C:\Program Files\Java\jre7
FileName = C:\Program Files\Java\jre7\bin
FileName = C:\Program Files\Java\jre7\bin\jp2ssv.dll
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\urlmon.dll
FileName = C:\Program Files
FileName = C:\Program Files\Internet Explorer
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates\*
Description du comportement:设置特殊文件夹属性
Détails:C:\Documents and Settings\Administrator\IECompatCache
Description du comportement:修改文件内容
Détails:C:\Documents and Settings\Administrator\Local Settings\%temp%\ESPI11.dll ---> Offset = 0
C:\WINDOWS\system32\ESPI11.dll ---> Offset = 0
C:\WINDOWS\system32\ESPI11.dll ---> Offset = 65536
C:\WINDOWS\system32\ESPI11.dll ---> Offset = 4096
C:\WINDOWS\system32\ESPI11.dll ---> Offset = 8192
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico ---> Offset = 0
Comportement du réseau
Description du comportement:下载文件
Détails:C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Description du comportement:连接指定站点
Détails:InternetConnectA: ServerName = ur****om, PORT = 443, UserName = , Password = , hSession = 0x00cc0010, hConnect = 0x00cc0014, Flags = 0x00000200
Description du comportement:打开HTTP连接
Détails:InternetOpenA: UserAgent: VCSoapClient, hSession = 0x00cc0010
Description du comportement:建立到一个指定的套接字连接
Détails:IP: **.0.0.**:1031, SOCKET = 0x00000400
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x0000047c
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x000005a8
IP: **.0.0.**:1033, SOCKET = 0x000005a0
URL: ur****om, IP: **.133.40.**:443, SOCKET = 0x000005bc
Description du comportement:读取网络文件
Détails:hFile = 0x00cc000c, BytesToRead =2048, BytesRead = 2048.
hFile = 0x00cc0018, BytesToRead =4095, BytesRead = 4095.
Description du comportement:发送HTTP包
Détails:GET / HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Accept-Encoding: gzip, deflate Host: ww****om Connection: Keep-Alive
GET /favicon.ico HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: ww****om Connection: Keep-Alive
Description du comportement:打开HTTP请求
Détails:HttpOpenRequestA: ur****om:443/urs.asmx?msurs-client-key=0djpfsuo3w7b96mbjedldg%3d%3d&msurs-patented-lock=67zhcbvhgio%3d, hConnect = 0x00cc0014, hRequest = 0x00cc0018, Verb: POST, Referer: , Flags = 0x04880300
Description du comportement:按名称获取主机地址
Détails:GetAddrInfoW: ww****om
GetAddrInfoW: ur****om
Comportement du registre
Description du comportement:修改注册表
Détails:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTimeCount
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Time
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\ThreadingModel
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\ThreadingModel
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32\
Description du comportement:删除注册表键值
Détails:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Description du comportement:删除注册表键
Détails:\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\
\REGISTRY\USER\S-*_CLASSES\JavaPlugin.1000\CLSID\
\REGISTRY\USER\S-*_CLASSES\JavaPlugin.1000\
Description du comportement:修改注册表_分层网络协议
Détails:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\ESPI11\1001
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\ESPI11\1002
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\ESPI11\1003
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\ESPI11\1004
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\ESPI11\1005
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\ESPI11\FileName
Description du comportement:修改注册表_Winsock劫持
Détails:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\PackedCatalogItem
Autre comportement
Description du comportement:创建互斥体
Détails:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
ESPI_GMEM_MUTEX 1.0
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\!IECompat!Mutex
Local\c:!documents and settings!administrator!iecompatcache!
CritOpMutex
ConnHashTable<2740>_HashTable_Mutex
Description du comportement:创建事件对象
Détails:EventName = DINPUTWINMM
EventName = IEFrame.EventCheckDefaultBrowser
EventName = Local\adc_29
EventName = Global\crypt32LogoffEvent
Description du comportement:查找指定窗口
Détails:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
Description du comportement:打开事件
Détails:HookSwitchHookEnabledEvent
Isolation Signal Registry Event (8269EA97-2893-11E9-91C0-7B****28, 0)
Local\adc_29
Global\crypt32LogoffEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Description du comportement:可执行文件签名信息
Détails:C:\Documents and Settings\Administrator\Local Settings\%temp%\ESPI11.dll(签名验证: 未通过)
C:\WINDOWS\system32\ESPI11.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico(签名验证: 未通过)
Description du comportement:隐藏指定窗口
Détails:[Window,Class] = [,Afx:400000:8]
[Window,Class] = [,_EL_Timer]
[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [,SysLink]
[Window,Class] = [,Static]
[Window,Class] = [http://www.yixun.com/ - Windows Internet Explorer,IEFrame]
[Window,Class] = [,UniversalSearchBand]
[Window,Class] = [,TravelBand]
[Window,Class] = [,CommandBarClass]
[Window,Class] = [,ReBarWindow32]
[Window,Class] = [,TabBandClass]
[Window,Class] = [文件大小未知,Static]
[Window,Class] = [打开此类文件前总是询问(&W),Button]
[Window,Class] = [发行者:,Static]
Description du comportement:可执行文件MD5
Détails:C:\Documents and Settings\Administrator\Local Settings\%temp%\ESPI11.dll ---> c3adbb35a05b44bc877a895d273aa270
C:\WINDOWS\system32\ESPI11.dll ---> c3adbb35a05b44bc877a895d273aa270
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico ---> fe1d0ee5901dd167ee9b28eece31786c
Description du comportement:打开互斥体
Détails:ShimCacheMutex
ESPI_GMEM_MUTEX 1.0
Local\!IECompat!Mutex
Local\c:!documents and settings!administrator!iecompatcache!
Local\!BrowserEmulation!SharedMemory!Mutex
ConnHashTable<2740>_HashTable_Mutex
Local\WininetStartupMutex
Description du comportement:加载新释放的文件
Détails:Image: C:\Documents and Settings\Administrator\Local Settings\%temp%\ESPI11.dll.
Image: C:\WINDOWS\system32\ESPI11.dll.
Exécuter une capture d'écran
VirSCAN

Au sujet de VirSCAN | Politique de confidentialité | Contacts | Lien amical | Aider VirSCAN
Traduit par Gérard Mélone (Paris)
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号