VirSCAN VirSCAN

1, E' possibile CARICARE qualsiasi file, ma c'è un limite di 20 MB per file.
2, VirSCAN supporta la decompressione Rar/Zip, ma deve essere minore di 20 file.
3, VirSCAN può eseguire la scansione dei file compressi con password 'infected' o 'virus'.

Lingua
Carico del server
Server Load

Informazioni sui file
Valutazione di sicurezza:82
Elenco dei comportamenti
Rapporto di analisi del comportamento:         Rapporto sull'analisi del comportamento del file Threatbook
Informazioni di base
MD5:fa2625be0f5255ac3731215008447fa2
Tipo di file:EXE
Società di produzione:
versione:1.1.30.3---1.1.30.03
Informazioni sulla shell o sul compilatore:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Informazioni sul file secondario:AutoHotkey.chm / 8febca19d269fa7f6da04db3e4a8d1b2 / Chm
AutoHotkeyU64.exe / b7f69206ce622662cf399c3d4e847d7b / EXE
Unicode 64-bit.bin / bcb9dc9dec30db9fda021243eb6a27aa / EXE
AutoHotkeyU32.exe / 3b02391b4546307dcae5a57b0bbd7041 / EXE
setup.exe / 680ca8a1c751942113d62a481d1aed06 / EXE
Unicode 32-bit.bin / a39d5db2dd76a3229267b2e9c529bb24 / EXE
AutoHotkeyA32.exe / 262c2d5c42a35961b438f136073c8487 / EXE
ANSI 32-bit.bin / 823e9b1a044c3a67948459e80c20f32f / EXE
Ahk2Exe.exe / ebc1e8c709d5f1a4c1b41eaee5bcf8cf / EXE
Installer.ahk / 822be09b42717a81c8042bcfad09f504 / Unknown
license.txt / e3f2ad7733f3166fe770e4dc00af6c45 / Unknown
WindowSpy.ahk / 58cb262a57c136c2014235d27c987760 / Unknown
readme.txt / 7dc396df6d33b515684fc351f3d84410 / Unknown
Template.ahk / a85eeb1dc6f9a33897c407b4240dc20f / Unknown
Comportamento chiave
Descrizione del comportamento:设置特殊文件夹属性
Per ulteriori informazioni:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Descrizione del comportamento:获取TickCount值
Per ulteriori informazioni:TickCount = 283937, SleepMilliseconds = 60000.
TickCount = 283953, SleepMilliseconds = 60000.
Comportamento del processo
Descrizione del comportamento:创建新文件进程
Per ulteriori informazioni:[0x00000e14]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7z36D3CD14\setup.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7z36D3CD14\setup.exe
Descrizione del comportamento:创建本地线程
Per ulteriori informazioni:TargetProcess: setup.exe, InheritedFromPID = 3348, ProcessID = 3604, ThreadID = 3612, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: setup.exe, InheritedFromPID = 3348, ProcessID = 3604, ThreadID = 3616, StartAddress = 6359727B, Parameter = 000C5510
TargetProcess: setup.exe, InheritedFromPID = 3348, ProcessID = 3604, ThreadID = 3644, StartAddress = 77E56C7D, Parameter = 001654D8
TargetProcess: setup.exe, InheritedFromPID = 3348, ProcessID = 3604, ThreadID = 3648, StartAddress = 769AE43B, Parameter = 02364300
Comportamento del file
Descrizione del comportamento:创建文件
Per ulteriori informazioni:C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\AutoHotkey.chm
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Compiler\ANSI 32-bit.bin
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Compiler\Unicode 32-bit.bin
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Compiler\Unicode 64-bit.bin
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\license.txt
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Compiler\readme.txt
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Compiler\Ahk2Exe.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\AutoHotkeyA32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\AutoHotkeyU32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\AutoHotkeyU64.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\setup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Installer.ahk
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Template.ahk
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\WindowSpy.ahk
Descrizione del comportamento:创建可执行文件
Per ulteriori informazioni:C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Compiler\ANSI 32-bit.bin
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Compiler\Unicode 32-bit.bin
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Compiler\Unicode 64-bit.bin
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Compiler\Ahk2Exe.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\AutoHotkeyA32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\AutoHotkeyU32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\AutoHotkeyU64.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\setup.exe
Descrizione del comportamento:查找文件
Per ulteriori informazioni:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7z36D3CD14
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7z36D3CD14\AutoHotkey.chm
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7z36D3CD14\Compiler\ANSI 32-bit.bin
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7z36D3CD14\Compiler\Unicode 32-bit.bin
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7z36D3CD14\Compiler\Unicode 64-bit.bin
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7z36D3CD14\license.txt
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7z36D3CD14\Compiler\readme.txt
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7z36D3CD14\Compiler\Ahk2Exe.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7z36D3CD14\AutoHotkeyA32.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7z36D3CD14\AutoHotkeyU32.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7z36D3CD14\AutoHotkeyU64.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7z36D3CD14\setup.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7z36D3CD14\Installer.ahk
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7z36D3CD14\Template.ahk
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7z36D3CD14\WindowSpy.ahk
Descrizione del comportamento:删除文件
Per ulteriori informazioni:C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\AutoHotkey.chm
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\AutoHotkeyA32.exe
Descrizione del comportamento:设置特殊文件夹属性
Per ulteriori informazioni:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Descrizione del comportamento:修改文件内容
Per ulteriori informazioni:C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\AutoHotkey.chm ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Compiler\ANSI 32-bit.bin ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Compiler\Unicode 32-bit.bin ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Compiler\Unicode 64-bit.bin ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\license.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Compiler\readme.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Compiler\Ahk2Exe.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\AutoHotkeyA32.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\AutoHotkeyU32.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\AutoHotkeyU64.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\setup.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Installer.ahk ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Template.ahk ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\WindowSpy.ahk ---> Offset = 0
Altro comportamento
Descrizione del comportamento:创建互斥体
Per ulteriori informazioni:SHIMLIB_LOG_MUTEX
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.IBO
Descrizione del comportamento:创建事件对象
Per ulteriori informazioni:EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.IBO.IC
EventName = MSCTF.SendReceiveConection.Event.IBO.IC
Descrizione del comportamento:窗口信息
Per ulteriori informazioni:Pid = 3604, Hwnd=0x1033e, Text = AutoHotkey Setup, ClassName = AutoHotkeyGUI.
Descrizione del comportamento:查找指定窗口
Per ulteriori informazioni:NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Descrizione del comportamento:打开事件
Per ulteriori informazioni:HookSwitchHookEnabledEvent
Global\SvcctrlStartEvent_A3752DX
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
MSFT.VSA.COM.DISABLE.3604
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceive.Event.IOH.IC
MSCTF.SendReceiveConection.Event.IOH.IC
Descrizione del comportamento:获取TickCount值
Per ulteriori informazioni:TickCount = 283937, SleepMilliseconds = 60000.
TickCount = 283953, SleepMilliseconds = 60000.
Descrizione del comportamento:获取光标位置
Per ulteriori informazioni:CursorPos = (80,18468), SleepMilliseconds = 60000.
CursorPos = (6373,26501), SleepMilliseconds = 60000.
CursorPos = (19208,15725), SleepMilliseconds = 60000.
CursorPos = (11517,29359), SleepMilliseconds = 60000.
CursorPos = (27001,24465), SleepMilliseconds = 60000.
CursorPos = (5744,28146), SleepMilliseconds = 60000.
CursorPos = (23320,16828), SleepMilliseconds = 60000.
CursorPos = (10000,492), SleepMilliseconds = 60000.
CursorPos = (3034,11943), SleepMilliseconds = 60000.
CursorPos = (4866,5437), SleepMilliseconds = 60000.
CursorPos = (32430,14605), SleepMilliseconds = 60000.
CursorPos = (3941,154), SleepMilliseconds = 60000.
CursorPos = (331,12383), SleepMilliseconds = 60000.
CursorPos = (17460,18717), SleepMilliseconds = 60000.
CursorPos = (19757,19896), SleepMilliseconds = 60000.
Descrizione del comportamento:枚举窗口
Per ulteriori informazioni:N/A
Descrizione del comportamento:可执行文件签名信息
Per ulteriori informazioni:C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Compiler\ANSI 32-bit.bin(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Compiler\Unicode 32-bit.bin(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Compiler\Unicode 64-bit.bin(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Compiler\Ahk2Exe.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\AutoHotkeyA32.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\AutoHotkeyU32.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\AutoHotkeyU64.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\setup.exe(签名验证: 未通过)
Descrizione del comportamento:调用Sleep函数
Per ulteriori informazioni:[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 0.
[3]: MilliSeconds = 250.
Descrizione del comportamento:隐藏指定窗口
Per ulteriori informazioni:[Window,Class] = [C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\setup.exe,AutoHotkey]
[Window,Class] = [AutoHotkey Setup,AutoHotkeyGUI]
[Window,Class] = [,Shell Embedding]
[Window,Class] = [,Internet Explorer_Server]
Descrizione del comportamento:可执行文件MD5
Per ulteriori informazioni:C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Compiler\ANSI 32-bit.bin ---> 823e9b1a044c3a67948459e80c20f32f
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Compiler\Unicode 32-bit.bin ---> a39d5db2dd76a3229267b2e9c529bb24
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Compiler\Unicode 64-bit.bin ---> bcb9dc9dec30db9fda021243eb6a27aa
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\Compiler\Ahk2Exe.exe ---> ebc1e8c709d5f1a4c1b41eaee5bcf8cf
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\AutoHotkeyA32.exe ---> 262c2d5c42a35961b438f136073c8487
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\AutoHotkeyU32.exe ---> 3b02391b4546307dcae5a57b0bbd7041
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\AutoHotkeyU64.exe ---> b7f69206ce622662cf399c3d4e847d7b
C:\Documents and Settings\Administrator\Local Settings\Temp\7z36D3CD14\setup.exe ---> 680ca8a1c751942113d62a481d1aed06
Descrizione del comportamento:打开互斥体
Per ulteriori informazioni:ShimCacheMutex
Local\!IETld!Mutex
CtfmonInstMutexDefaultS-*
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Esegui screenshot
VirSCAN

A proposito di VirSCAN | Tutela della privacy | Contattaci | Collegamento amichevole | Aiuta VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号