VirSCAN VirSCAN

1, E' possibile CARICARE qualsiasi file, ma c'è un limite di 20 MB per file.
2, VirSCAN supporta la decompressione Rar/Zip, ma deve essere minore di 20 file.
3, VirSCAN può eseguire la scansione dei file compressi con password 'infected' o 'virus'.

Lingua
Carico del server
Server Load

Informazioni sui file
Valutazione di sicurezza:55
Elenco dei comportamenti
Informazioni di base
MD5:c63f4cca934c1e1babd6c1ca31363a01
Tipo di file:Nsis
Società di produzione:
versione:
Informazioni sulla shell o sul compilatore:
Informazioni sul file secondario:apktool_2.0.0rc3.jar / big file / zip
蓝冰APK反编译大师.exe / facd84bb6a5b9b74fd44829524888886 / EXE
jd-gui.exe / d011e6e3d91ebc76899365d54221d0d8 / EXE
rtl210.bpl / 0308adf52ed1ee235669155fad353214 / DLL
APKEditor.bpl / bffa3945ae7c03c161f69d7115f21d8b / DLL
AKCommon.bpl / e9f5852c0b185a9b96671a6f0b228035 / DLL
vcl210.bpl / b16f08d89fe7944b61874ffee41a4c5e / DLL
upx_c_5b3d2657dumpFile / 80d87e27107bf371950aaf54fc7332e6 / EXE
config.dll / 1fff1017709483b7c89d80d68b8967cd / DLL
dx.jar / d4f3948f97a67cbb90c0f7de75791f55 / zip
adb.exe / eb5425fdd219c3ffa503866d5651c1f2 / EXE
Notepad2.exe / 4f0281d9da2528970189f03cd55a75b3 / EXE
asm-all-3.3.1.jar / a4ac27cff067518cc6e1d8334440795b / zip
jasmin-p2.5.jar / 2817f0503f30d2c9457fa21d8cf9e089 / zip
dex-ir-1.12.jar / c00b2b67ffa27862345eb4101a7e0cc9 / zip
dex-reader-1.15.jar / a5ad133ce4f7dbaed6d84f260d2e59e4 / zip
AdbWinApi.dll / 47a6ee3f186b2c2f5057028906bac0c6 / DLL
dex-translator-0.0.9.15.jar / 759e36dcc0e5376809e0ce8ba294a4a5 / zip
dex-tools-0.0.9.15.jar / 331b57ee9e94ae36a44b4916b4288c68 / zip
Comportamento chiave
Descrizione del comportamento:探测 Virtual PC是否存在
Per ulteriori informazioni:N/A
Descrizione del comportamento:隐藏指定窗口
Per ulteriori informazioni:[Window,Class] = [,Button]
[Window,Class] = [Nullsoft Install System v2.45,Static]
[Window,Class] = [Nullsoft Install System v2.45 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
Descrizione del comportamento:在桌面创建快捷方式
Per ulteriori informazioni:C:\Documents and Settings\Administrator\桌面\APK反编译大师.lnk
Descrizione del comportamento:写权限映射文件
Per ulteriori informazioni:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EAN..ALGJH
MSCTF.MarshalInterface.FileMap.EAN.B.ALGJH
MSCTF.MarshalInterface.FileMap.EAN.C.ALGJH
MSCTF.MarshalInterface.FileMap.EAN.D.ALGJH
MSCTF.MarshalInterface.FileMap.EAN.E.ALGJH
MSCTF.MarshalInterface.FileMap.EAN.F.PLGJH
MSCTF.MarshalInterface.FileMap.EAN.G.PLGJH
MSCTF.Shared.SFM.EAN
Descrizione del comportamento:查询注册表_检测虚拟机相关
Per ulteriori informazioni:\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
Descrizione del comportamento:查找指定内核模块
Per ulteriori informazioni:lstrcmpiA: ntice.sys <------> ntkrnlpa.exe (ntice.sys)
lstrcmpiA: ntice.sys <------> hal.dll (ntice.sys)
lstrcmpiA: ntice.sys <------> KDCOM.DLL (ntice.sys)
lstrcmpiA: ntice.sys <------> BOOTVID.dll (ntice.sys)
lstrcmpiA: ntice.sys <------> ACPI.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> WMILIB.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> pci.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> isapnp.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> compbatt.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> BATTC.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> intelide.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> PCIIDEX.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> MountMgr.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> ftdisk.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> dmload.sys (ntice.sys)
Descrizione del comportamento:查找反病毒常用工具窗口
Per ulteriori informazioni:NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
NtUserFindWindowEx: [Class,Window] = [pediy06,]
NtUserFindWindowEx: [Class,Window] = [FilemonClass,]
NtUserFindWindowEx: [Class,Window] = [,File Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [PROCMON_WINDOW_CLASS,]
NtUserFindWindowEx: [Class,Window] = [,Process Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [RegmonClass,]
NtUserFindWindowEx: [Class,Window] = [,Registry Monitor - Sysinternals: www.sysinternals.com]
Comportamento del processo
Descrizione del comportamento:创建新文件进程
Per ulteriori informazioni:ImagePath = C:\Program Files\APK反编译大师\蓝冰APK反编译大师.exe, CmdLine = "C:\Program Files\APK反编译大师\蓝冰APK反编译大师.exe"
Descrizione del comportamento:枚举进程
Per ulteriori informazioni:N/A
Comportamento del file
Descrizione del comportamento:在系统敏感位置(如开始菜单等)释放链接或快捷方式
Per ulteriori informazioni:C:\Documents and Settings\Administrator\「开始」菜单\程序\APK反编译大师\APK反编译大师.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\APK反编译大师\官方网站.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\APK反编译大师\卸载.lnk
Descrizione del comportamento:创建可执行文件
Per ulteriori informazioni:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\InstallOptions.dll
C:\Program Files\APK反编译大师\蓝冰APK反编译大师.exe
C:\Program Files\APK反编译大师\AKCommon.bpl
C:\Program Files\APK反编译大师\config.dll
C:\Program Files\APK反编译大师\rtl210.bpl
C:\Program Files\APK反编译大师\vcl210.bpl
C:\Program Files\APK反编译大师\bin\adb\AdbWinApi.dll
C:\Program Files\APK反编译大师\bin\adb\AdbWinUsbApi.dll
C:\Program Files\APK反编译大师\bin\adb\adb.exe
C:\Program Files\APK反编译大师\bin\jd-gui\jd-gui.exe
C:\Program Files\APK反编译大师\plugins\APKEditor.bpl
C:\Program Files\APK反编译大师\tool\Notepad2.exe
C:\Program Files\APK反编译大师\uninst.exe
Descrizione del comportamento:查找文件
Per ulteriori informazioni:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp
FileName = C:\Program Files\APK反编译大师
FileName = C:\Program Files
FileName = C:\Program Files\APK反编译大师\蓝冰APK反编译大师.exe
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\Documents and Settings\Administrator\「开始」菜单
Descrizione del comportamento:在桌面创建快捷方式
Per ulteriori informazioni:C:\Documents and Settings\Administrator\桌面\APK反编译大师.lnk
Descrizione del comportamento:写权限映射文件
Per ulteriori informazioni:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EAN..ALGJH
MSCTF.MarshalInterface.FileMap.EAN.B.ALGJH
MSCTF.MarshalInterface.FileMap.EAN.C.ALGJH
MSCTF.MarshalInterface.FileMap.EAN.D.ALGJH
MSCTF.MarshalInterface.FileMap.EAN.E.ALGJH
MSCTF.MarshalInterface.FileMap.EAN.F.PLGJH
MSCTF.MarshalInterface.FileMap.EAN.G.PLGJH
MSCTF.Shared.SFM.EAN
Descrizione del comportamento:修改文件内容
Per ulteriori informazioni:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\ioSpecial.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\ioSpecial.ini---> Offset = 36
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\modern-wizard.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\ioSpecial.ini---> Offset = 124
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\ioSpecial.ini---> Offset = 33
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\ioSpecial.ini---> Offset = 43
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\ioSpecial.ini---> Offset = 60
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\ioSpecial.ini---> Offset = 277
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\ioSpecial.ini---> Offset = 321
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\ioSpecial.ini---> Offset = 376
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\ioSpecial.ini---> Offset = 384
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\ioSpecial.ini---> Offset = 396
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\ioSpecial.ini---> Offset = 225
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\ioSpecial.ini---> Offset = 345
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\ioSpecial.ini---> Offset = 633
Comportamento del registro
Descrizione del comportamento:修改注册表
Per ulteriori informazioni:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\蓝冰APK反编译大师.exe\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\APK反编译大师\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\APK反编译大师\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\APK反编译大师\DisplayIcon
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\APK反编译大师\DisplayVersion
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\APK反编译大师\URLInfoAbout
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\APK反编译大师\Publisher
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ID
Altro comportamento
Descrizione del comportamento:打开图片文件
Per ulteriori informazioni:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\modern-wizard.bmp
Descrizione del comportamento:创建互斥体
Per ulteriori informazioni:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EAN
oleacc-msaa-loaded
DDrawWindowListMutex
DDrawDriverObjectListMutex
__DDrawExclMode__
__DDrawCheckExclMode__
RasPbFile
Descrizione del comportamento:隐藏指定窗口
Per ulteriori informazioni:[Window,Class] = [,Button]
[Window,Class] = [Nullsoft Install System v2.45,Static]
[Window,Class] = [Nullsoft Install System v2.45 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
Descrizione del comportamento:探测 Virtual PC是否存在
Per ulteriori informazioni:N/A
Descrizione del comportamento:查找指定窗口
Per ulteriori informazioni:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [18467-41,]
Descrizione del comportamento:尝试打开调试器或监控软件的驱动设备对象
Per ulteriori informazioni:\??\SICE
\??\SIWVID
\??\NTICE
Descrizione del comportamento:获取系统权限
Per ulteriori informazioni:SE_LOAD_DRIVER_PRIVILEGE
Descrizione del comportamento:搜索kernel32.dll基地址
Per ulteriori informazioni:Instruction Address = 0x006cbaa6
Descrizione del comportamento:窗口信息
Per ulteriori informazioni:Pid = 3328, Hwnd=0x202a4, Text = 下一步(&N) >, ClassName = Button.
Pid = 3328, Hwnd=0x202a6, Text = 取消(&C), ClassName = Button.
Pid = 3328, Hwnd=0x302bc, Text = Nullsoft Install System v2.45 , ClassName = Static.
Pid = 3328, Hwnd=0x202d4, Text = Nullsoft Install System v2.45, ClassName = Static.
Pid = 3328, Hwnd=0x202c6, Text = 欢迎使用“APK反编译大师 1.0”安装向导, ClassName = Static.
Pid = 3328, Hwnd=0x302da, Text = 这个向导将指引你完成“APK反编译大师 1.0”的安装进程。 在开始安装之前,建议先关闭其他所有应用程序。这将允许“安装程序”更新指定, ClassName = Static.
Pid = 3328, Hwnd=0x2029e, Text = APK反编译大师 1.0 安装, ClassName = #32770.
Pid = 3328, Hwnd=0x202a4, Text = 安装(&I), ClassName = Button.
Pid = 3328, Hwnd=0x402da, Text = C:\Program Files\APK反编译大师, ClassName = Edit.
Pid = 3328, Hwnd=0x302c6, Text = 浏览(&B)..., ClassName = Button.
Pid = 3328, Hwnd=0x302ca, Text = 可用空间: 5.8GB, ClassName = Static.
Pid = 3328, Hwnd=0x202ae, Text = 所需空间: 27.3MB, ClassName = Static.
Pid = 3328, Hwnd=0x202aa, Text = Setup 将安装 APK反编译大师 1.0 在下列文件夹。要安装到不同文件夹,单击 [浏览(B)] 并选择其他的文件夹。 单击 [安装(I)] 开始安装进程。, ClassName = Static.
Pid = 3328, Hwnd=0x202ac, Text = 目标文件夹, ClassName = Button(GroupBox).
Pid = 3328, Hwnd=0x302ac, Text = 显示细节(&D), ClassName = Button.
Descrizione del comportamento:查询注册表_检测虚拟机相关
Per ulteriori informazioni:\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
Descrizione del comportamento:查找指定内核模块
Per ulteriori informazioni:lstrcmpiA: ntice.sys <------> ntkrnlpa.exe (ntice.sys)
lstrcmpiA: ntice.sys <------> hal.dll (ntice.sys)
lstrcmpiA: ntice.sys <------> KDCOM.DLL (ntice.sys)
lstrcmpiA: ntice.sys <------> BOOTVID.dll (ntice.sys)
lstrcmpiA: ntice.sys <------> ACPI.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> WMILIB.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> pci.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> isapnp.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> compbatt.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> BATTC.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> intelide.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> PCIIDEX.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> MountMgr.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> ftdisk.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> dmload.sys (ntice.sys)
Descrizione del comportamento:查找反病毒常用工具窗口
Per ulteriori informazioni:NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
NtUserFindWindowEx: [Class,Window] = [pediy06,]
NtUserFindWindowEx: [Class,Window] = [FilemonClass,]
NtUserFindWindowEx: [Class,Window] = [,File Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [PROCMON_WINDOW_CLASS,]
NtUserFindWindowEx: [Class,Window] = [,Process Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [RegmonClass,]
NtUserFindWindowEx: [Class,Window] = [,Registry Monitor - Sysinternals: www.sysinternals.com]
Esegui screenshot
VirSCAN

A proposito di VirSCAN | Tutela della privacy | Contattaci | Collegamento amichevole | Aiuta VirSCAN
Tradotto da Riccardo Vianello, Italia
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号