VirSCAN VirSCAN

1, Vous pouvez ENVOYER tout fichier mais il y a une limite de 20 Mo par fichier.
2, VirSCAN supporte la décompression Rar/Zip mais il doit y avoir moins de 20 fichiers.
3, VirSCAN peut détecter un fichier compressé avec le mot de passe 'infected' ou 'virus'.

La langue
Charge du serveur
Server Load

Informations sur les fichiers
Cote de sécurité:77
Liste de comportement
Informations de base
MD5:e24314dcd951f4b69431b125edadda81
Type de fichier:Rar
Société de production:
Version:
Informations sur le shell ou le compilateur:
Informations de sous-fichier:Readme-说明.htm / d326992de728d2520b4247ebea22009d / Unknown
TXT切割合并器.exe / 964802b86fbe0041dd9dea0cb94f2c48 / EXE
该软件介绍说明及注意事项.txt / c87fce4a05ed2d58050cce2844d8b93e / Unknown
Comportement clé
Description du comportement:设置特殊文件夹属性
Détails:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Description du comportement:获取窗口截图信息
Détails:Foreground window Info: HWND = 0x00010344, DC = 0x170106e6.
Foreground window Info: HWND = 0x00010344, DC = 0x01010055.
Foreground window Info: HWND = 0x00010344, DC = 0x13010752.
Description du comportement:获取TickCount值
Détails:TickCount = 279234, SleepMilliseconds = 60000.
TickCount = 279281, SleepMilliseconds = 60000.
TickCount = 279312, SleepMilliseconds = 60000.
TickCount = 279328, SleepMilliseconds = 60000.
TickCount = 219428, SleepMilliseconds = 100.
TickCount = 219459, SleepMilliseconds = 100.
TickCount = 219475, SleepMilliseconds = 100.
TickCount = 219506, SleepMilliseconds = 100.
TickCount = 219521, SleepMilliseconds = 100.
TickCount = 219584, SleepMilliseconds = 100.
TickCount = 219600, SleepMilliseconds = 100.
TickCount = 219615, SleepMilliseconds = 100.
TickCount = 219646, SleepMilliseconds = 100.
TickCount = 279593, SleepMilliseconds = 60000.
TickCount = 279609, SleepMilliseconds = 60000.
Comportement du processus
Description du comportement:创建本地线程
Détails:TargetProcess: TXT切割合并器.exe, InheritedFromPID = 2000, ProcessID = 2516, ThreadID = 2528, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: TXT切割合并器.exe, InheritedFromPID = 2000, ProcessID = 2516, ThreadID = 2608, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: TXT切割合并器.exe, InheritedFromPID = 2000, ProcessID = 2516, ThreadID = 2612, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: TXT切割合并器.exe, InheritedFromPID = 2000, ProcessID = 2516, ThreadID = 2664, StartAddress = 77E56C7D, Parameter = 001BDDB0
TargetProcess: TXT切割合并器.exe, InheritedFromPID = 2000, ProcessID = 2516, ThreadID = 2668, StartAddress = 769AE43B, Parameter = 001BD170
TargetProcess: TXT切割合并器.exe, InheritedFromPID = 2000, ProcessID = 2516, ThreadID = 2672, StartAddress = 00F1507F, Parameter = 00129868
TargetProcess: TXT切割合并器.exe, InheritedFromPID = 2000, ProcessID = 2516, ThreadID = 2676, StartAddress = 6359727B, Parameter = 00274408
TargetProcess: TXT切割合并器.exe, InheritedFromPID = 2000, ProcessID = 2516, ThreadID = 2680, StartAddress = 6359727B, Parameter = 02E4A240
TargetProcess: TXT切割合并器.exe, InheritedFromPID = 2000, ProcessID = 2516, ThreadID = 2684, StartAddress = 6359727B, Parameter = 02E4A2E0
Comportement du fichier
Description du comportement:创建文件
Détails:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\txt[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1]
Description du comportement:覆盖已有文件
Détails:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1]
Description du comportement:查找文件
Détails:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\urlmon.dll
FileName = C:\WINDOWS\system32\ieframe.dll
Description du comportement:删除文件
Détails:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\txt[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\ErrorPageTemplate[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[3]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\info_48[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\bullet[2]
Description du comportement:设置特殊文件夹属性
Détails:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Description du comportement:修改文件内容
Détails:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[2] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1] ---> Offset = 0
Comportement du réseau
Description du comportement:连接指定站点
Détails:InternetConnectA: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
Description du comportement:打开HTTP连接
Détails:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
Description du comportement:建立到一个指定的套接字连接
Détails:URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x0000034c
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000424
Description du comportement:读取网络文件
Détails:hFile = 0x00cc000c, BytesToRead =4096, BytesRead = 4096.
Description du comportement:发送HTTP包
Détails:GET /soft/txt/ HTTP/1.1 Accept: */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: ww****om Connection: Keep-Alive
Description du comportement:打开HTTP请求
Détails:HttpOpenRequestA: ww****om:80/soft/txt/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400000
HttpOpenRequestA: ww****om:80/soft/txt/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400010
Description du comportement:按名称获取主机地址
Détails:GetAddrInfoW: ww****om
Comportement du registre
Description du comportement:修改注册表
Détails:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Description du comportement:删除注册表键值
Détails:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Autre comportement
Description du comportement:调整进程token权限
Détails:SE_LOAD_DRIVER_PRIVILEGE
Description du comportement:创建互斥体
Détails:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
CritOpMutex
Local\!PrivacIE!SharedMemory!Mutex
MSIMGSIZECacheMutex
MSCTF.Shared.MUTEX.IOH
Description du comportement:创建事件对象
Détails:EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.AHK.IC
EventName = MSCTF.SendReceiveConection.Event.AHK.IC
EventName = MSCTF.SendReceive.Event.INJ.IC
EventName = MSCTF.SendReceiveConection.Event.INJ.IC
Description du comportement:窗口信息
Détails:Pid = 2516, Hwnd=0x10360, Text = 大小写转换, ClassName = TTabSheet.
Pid = 2516, Hwnd=0x1035e, Text = ASCII转换, ClassName = TTabSheet.
Pid = 2516, Hwnd=0x1035c, Text = 替换字符串, ClassName = TTabSheet.
Pid = 2516, Hwnd=0x1034e, Text = 合并, ClassName = TTabSheet.
Pid = 2516, Hwnd=0x10350, Text = 取文件里的S与E之间的字 串合并.文件1"qqS123E", 文件2"mmSabcE",合并 后:"S123ESabcE" , ClassName = TRichEdit.
Pid = 2516, Hwnd=0x10352, Text = 文件列表, ClassName = TGroupBox.
Pid = 2516, Hwnd=0x10348, Text = 切割 , ClassName = TTabSheet.
Pid = 2516, Hwnd=0x1037e, Text = 切割, ClassName = TButton.
Pid = 2516, Hwnd=0x1037a, Text = 0, ClassName = TSpinEdit.
Pid = 2516, Hwnd=0x10376, Text = 0, ClassName = TSpinEdit.
Pid = 2516, Hwnd=0x10374, Text = hello, ClassName = TEdit.
Pid = 2516, Hwnd=0x1034a, Text = 照指定的字节数来切割,优点是可切割 其他格式的文件,缺点是切割包含中文 的文件时,大小会有所偏差(切掉半个 汉字可不是好主意)。。。 , ClassName = TRichEdit.
Pid = 2516, Hwnd=0x10372, Text = 按字串, ClassName = TRadioButton.
Pid = 2516, Hwnd=0x1036e, Text = 按等份, ClassName = TRadioButton.
Pid = 2516, Hwnd=0x1036c, Text = 按字节, ClassName = TRadioButton.
Description du comportement:查找指定窗口
Détails:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [msctls_updown32,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Description du comportement:打开事件
Détails:HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
MSFT.VSA.COM.DISABLE.2516
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000011
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000011
Description du comportement:获取TickCount值
Détails:TickCount = 279234, SleepMilliseconds = 60000.
TickCount = 279281, SleepMilliseconds = 60000.
TickCount = 279312, SleepMilliseconds = 60000.
TickCount = 279328, SleepMilliseconds = 60000.
TickCount = 219428, SleepMilliseconds = 100.
TickCount = 219459, SleepMilliseconds = 100.
TickCount = 219475, SleepMilliseconds = 100.
TickCount = 219506, SleepMilliseconds = 100.
TickCount = 219521, SleepMilliseconds = 100.
TickCount = 219584, SleepMilliseconds = 100.
TickCount = 219600, SleepMilliseconds = 100.
TickCount = 219615, SleepMilliseconds = 100.
TickCount = 219646, SleepMilliseconds = 100.
TickCount = 279593, SleepMilliseconds = 60000.
TickCount = 279609, SleepMilliseconds = 60000.
Description du comportement:获取光标位置
Détails:CursorPos = (80,18468), SleepMilliseconds = 60000.
CursorPos = (6373,26501), SleepMilliseconds = 60000.
CursorPos = (19208,15725), SleepMilliseconds = 60000.
Description du comportement:枚举窗口
Détails:N/A
Description du comportement:获取窗口截图信息
Détails:Foreground window Info: HWND = 0x00010344, DC = 0x170106e6.
Foreground window Info: HWND = 0x00010344, DC = 0x01010055.
Foreground window Info: HWND = 0x00010344, DC = 0x13010752.
Description du comportement:调用Sleep函数
Détails:[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 100.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 0.
[5]: MilliSeconds = 0.
Description du comportement:隐藏指定窗口
Détails:[Window,Class] = [TXT切割合并器 V4.0,TApplication]
[Window,Class] = [,SysLink]
[Window,Class] = [,Static]
[Window,Class] = [,TWScrollbar]
[Window,Class] = [文件大小未知,Static]
[Window,Class] = [打开此类文件前总是询问(&W),Button]
[Window,Class] = [发行者:,Static]
[Window,Class] = [,Internet Explorer_Server]
Description du comportement:打开互斥体
Détails:ShimCacheMutex
Local\!IETld!Mutex
Local\WininetStartupMutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
RasPbFile
CtfmonInstMutexDefaultS-*
Exécuter une capture d'écran
VirSCAN

Au sujet de VirSCAN | Politique de confidentialité | Contacts | Lien amical | Aider VirSCAN
Traduit par Gérard Mélone (Paris)
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号