VirSCAN VirSCAN

1, Vous pouvez ENVOYER tout fichier mais il y a une limite de 20 Mo par fichier.
2, VirSCAN supporte la décompression Rar/Zip mais il doit y avoir moins de 20 fichiers.
3, VirSCAN peut détecter un fichier compressé avec le mot de passe 'infected' ou 'virus'.

La langue
Charge du serveur
Server Load

Informations sur les fichiers
Cote de sécurité:75
Liste de comportement
Informations de base
MD5:48cb928ac6b5344695b2e7210f33e9f0
Type de fichier:EXE
Société de production:
Version:1.3.0.0---1.3.0.0
Informations sur le shell ou le compilateur:COMPILER:PE+(64)
Comportement clé
Description du comportement:获取TickCount值
Détails:TickCount = 1701312, SleepMilliseconds = 5000.
TickCount = 1701546, SleepMilliseconds = 5000.
TickCount = 1701859, SleepMilliseconds = 5000.
TickCount = 1702171, SleepMilliseconds = 5000.
TickCount = 1702593, SleepMilliseconds = 5000.
TickCount = 1703296, SleepMilliseconds = 5000.
TickCount = 1703609, SleepMilliseconds = 5000.
TickCount = 1703890, SleepMilliseconds = 5000.
TickCount = 1699125, SleepMilliseconds = 172.
TickCount = 1704265, SleepMilliseconds = 5000.
TickCount = 1704281, SleepMilliseconds = 5000.
TickCount = 1699715, SleepMilliseconds = 200.
TickCount = 1703318, SleepMilliseconds = 3740.
TickCount = 1704843, SleepMilliseconds = 5000.
TickCount = 1700106, SleepMilliseconds = 216.
Comportement du processus
Description du comportement:创建本地线程
Détails:ProcessId = 1272, ThreadId = 2260.
ProcessId = 1272, ThreadId = 2948.
ProcessId = 1272, ThreadId = 1172.
ProcessId = 1272, ThreadId = 2532.
ProcessId = 1272, ThreadId = 2644.
ProcessId = 1272, ThreadId = 1136.
ProcessId = 1272, ThreadId = 3172.
ProcessId = 1272, ThreadId = 3952.
ProcessId = 1272, ThreadId = 1956.
ProcessId = 1272, ThreadId = 3240.
Comportement du fichier
Description du comportement:查找文件
Détails:FileName = C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
FileName = C:\Windows\Microsoft.NET\Framework64\\*
FileName = C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\*
FileName = C:\Users
FileName = C:\Users\Administrator\AppData
FileName = C:\Users\Administrator\AppData\Local
FileName = C:\Users\Administrator\AppData\Local\Temp
FileName = C:\Users\Administrator\AppData\Local\%temp%
FileName = C:\Users\Administrator\AppData\Local\%temp%\****.exe
FileName = C:\Users\Administrator
FileName = C:\Windows\assembly\NativeImages_v4.0.30319_64\Client.all\*
FileName = C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\*
FileName = C:\Windows\assembly\NativeImages_v4.0.30319_64\System\*
FileName = C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\*
FileName = C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\*
Comportement du réseau
Description du comportement:建立到一个指定的套接字连接
Détails:URL: ip****om, IP: **.133.40.**:80, SOCKET = 0x00000538
URL: fr****et, IP: **.133.40.**:80, SOCKET = 0x00000508
URL: ap****rg, IP: **.133.40.**:80, SOCKET = 0x00000508
IP: **.0.0.**:4782, SOCKET = 0x000005a0
IP: **.0.0.**:4782, SOCKET = 0x0000061c
IP: **.0.0.**:4782, SOCKET = 0x00000338
IP: **.0.0.**:4782, SOCKET = 0x000005b4
Description du comportement:发送HTTP包
Détails:GET /json/ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0 Host: ip****om Connection: Keep-Alive
GET /xml/ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0 Host: fr****et Connection: Keep-Alive
GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0 Host: ap****rg Connection: Keep-Alive
Description du comportement:按名称获取主机地址
Détails:GetAddrInfoW: ip****om
GetAddrInfoW: fr****et
GetAddrInfoW: ap****rg
Comportement du registre
Description du comportement:修改注册表
Détails:\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500_CLASSES\Local Settings\MuiCache\da\AAF68885\@%SystemRoot%\System32\fveui.dll,-843
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500_CLASSES\Local Settings\MuiCache\da\AAF68885\@%SystemRoot%\System32\fveui.dll,-844
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500_CLASSES\Local Settings\MuiCache\da\AAF68885\@%SystemRoot%\System32\wuaueng.dll,-400
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\996E_RASAPI32\EnableFileTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\996E_RASAPI32\EnableAutoFileTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\996E_RASAPI32\EnableConsoleTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\996E_RASAPI32\FileTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\996E_RASAPI32\ConsoleTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\996E_RASAPI32\MaxFileSize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\996E_RASAPI32\FileDirectory
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\996E_RASMANCS\EnableFileTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\996E_RASMANCS\EnableAutoFileTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\996E_RASMANCS\EnableConsoleTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\996E_RASMANCS\FileTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\996E_RASMANCS\ConsoleTracingMask
Autre comportement
Description du comportement:检测自身是否被调试
Détails:IsDebuggerPresent
Description du comportement:创建互斥体
Détails:QSR_MUTEX_V4f78SJObm47XTb3Sg
Global\RasPbFile
Description du comportement:创建事件对象
Détails:EventName = Global\CPFATE_1272_v4.0.30319
Description du comportement:获取TickCount值
Détails:TickCount = 1701312, SleepMilliseconds = 5000.
TickCount = 1701546, SleepMilliseconds = 5000.
TickCount = 1701859, SleepMilliseconds = 5000.
TickCount = 1702171, SleepMilliseconds = 5000.
TickCount = 1702593, SleepMilliseconds = 5000.
TickCount = 1703296, SleepMilliseconds = 5000.
TickCount = 1703609, SleepMilliseconds = 5000.
TickCount = 1703890, SleepMilliseconds = 5000.
TickCount = 1699125, SleepMilliseconds = 172.
TickCount = 1704265, SleepMilliseconds = 5000.
TickCount = 1704281, SleepMilliseconds = 5000.
TickCount = 1699715, SleepMilliseconds = 200.
TickCount = 1703318, SleepMilliseconds = 3740.
TickCount = 1704843, SleepMilliseconds = 5000.
TickCount = 1700106, SleepMilliseconds = 216.
Description du comportement:调整进程token权限
Détails:SE_DEBUG_PRIVILEGE
Description du comportement:打开事件
Détails:Global\CLR_PerfMon_StartEnumEvent
\KernelObjects\LowMemoryCondition
\KernelObjects\MaximumCommitCondition
MSFT.VSA.COM.DISABLE.1272
MSFT.VSA.IEC.STATUS.6c736db0
Global\SvcctrlStartEvent_A3752DX
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Description du comportement:调用Sleep函数
Détails:[1]: MilliSeconds = 5000.
[2]: MilliSeconds = 5000.
[3]: MilliSeconds = 5000.
[4]: MilliSeconds = 5000.
[5]: MilliSeconds = 5000.
[6]: MilliSeconds = 5000.
[7]: MilliSeconds = 5000.
[8]: MilliSeconds = 172.
[9]: MilliSeconds = 5000.
[10]: MilliSeconds = 5000.
Description du comportement:解密数据
Détails:[CryptDecrypt] Data: 0x00000000023CD710, CipherTextLen: 16, PlainTextLen: 16, Flags: 0x00000000
[CryptDecrypt] Data: 0x00000000023CD850, CipherTextLen: 0, PlainTextLen: 0, Flags: 0x00000000
[CryptDecrypt] Data: 0x00000000023CF340, CipherTextLen: 16, PlainTextLen: 16, Flags: 0x00000000
[CryptDecrypt] Data: 0x00000000023CF388, CipherTextLen: 0, PlainTextLen: 0, Flags: 0x00000000
[CryptDecrypt] Data: 0x00000000023CFFE8, CipherTextLen: 16, PlainTextLen: 16, Flags: 0x00000000
[CryptDecrypt] Data: 0x00000000023D0038, CipherTextLen: 0, PlainTextLen: 0, Flags: 0x00000000
[CryptDecrypt] Data: 0x00000000023D0CB0, CipherTextLen: 16, PlainTextLen: 16, Flags: 0x00000000
[CryptDecrypt] Data: 0x00000000023D0CF8, CipherTextLen: 0, PlainTextLen: 0, Flags: 0x00000000
[CryptDecrypt] Data: 0x00000000023D1958, CipherTextLen: 16, PlainTextLen: 16, Flags: 0x00000000
[CryptDecrypt] Data: 0x00000000023D19A8, CipherTextLen: 0, PlainTextLen: 0, Flags: 0x00000000
[CryptDecrypt] Data: 0x00000000023D2630, CipherTextLen: 16, PlainTextLen: 16, Flags: 0x00000000
[CryptDecrypt] Data: 0x00000000023D2690, CipherTextLen: 16, PlainTextLen: 16, Flags: 0x00000000
[CryptDecrypt] Data: 0x00000000023D26E0, CipherTextLen: 0, PlainTextLen: 0, Flags: 0x00000000
[CryptDecrypt] Data: 0x00000000023D33A0, CipherTextLen: 16, PlainTextLen: 16, Flags: 0x00000000
[CryptDecrypt] Data: 0x00000000023D3400, CipherTextLen: 16, PlainTextLen: 16, Flags: 0x00000000
Description du comportement:导入密钥
Détails:[CryptImportKey] Algorithm: CALG_AES_256 (0x00006610), Data: 0x00000000023CC928, DataLen: 44, Flags: 0x00000001
[CryptImportKey] Algorithm: CALG_AES_256 (0x00006610), Data: 0x00000000023CE8E8, DataLen: 44, Flags: 0x00000001
[CryptImportKey] Algorithm: CALG_AES_256 (0x00006610), Data: 0x00000000023CF590, DataLen: 44, Flags: 0x00000001
[CryptImportKey] Algorithm: CALG_AES_256 (0x00006610), Data: 0x00000000023D0258, DataLen: 44, Flags: 0x00000001
[CryptImportKey] Algorithm: CALG_AES_256 (0x00006610), Data: 0x00000000023D0F00, DataLen: 44, Flags: 0x00000001
[CryptImportKey] Algorithm: CALG_AES_256 (0x00006610), Data: 0x00000000023D1BD0, DataLen: 44, Flags: 0x00000001
[CryptImportKey] Algorithm: CALG_AES_256 (0x00006610), Data: 0x00000000023D2940, DataLen: 44, Flags: 0x00000001
[CryptImportKey] Algorithm: CALG_AES_256 (0x00006610), Data: 0x00000000023D3680, DataLen: 44, Flags: 0x00000001
[CryptImportKey] Algorithm: CALG_AES_256 (0x00006610), Data: 0x00000000023D45C8, DataLen: 44, Flags: 0x00000001
[CryptImportKey] Algorithm: CALG_AES_256 (0x00006610), Data: 0x00000000023D6E78, DataLen: 44, Flags: 0x00000001
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x00000000007446D0, DataLen: 532, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x000000001B0AD58B, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x000000001ABE7FAC, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x000000001ABE81BC, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x000000001ABE826C, DataLen: 148, Flags: 0x00000000
Exécuter une capture d'écran
VirSCAN

Au sujet de VirSCAN | Politique de confidentialité | Contacts | Lien amical | Aider VirSCAN
Traduit par Gérard Mélone (Paris)
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号