VirSCAN VirSCAN

1, あなた、しかしいずれもファイルする20MbあるUPLOADがファイル.
2, VirSCANがRar/Zip減圧を支持しますが、それが20個未満のファイル.
3, であるに違いない、VirSCAN缶のスキャンがパスワー

言語
サーバーロード
Server Load

ファイル情報
安全性評価:45
行動リスト
基本情報
MD5:afc1aac76b58d39fd25f4251896d1d28
ファイルタイプ:EXE
制作会社:
バージョン:1.4.1.8---1.4.1.8
シェルまたはコンパイラ情報:COMPILER:Borland Delphi 2.0 [Overlay]
サブファイル情報:Lefasurem.txtdumpFile / 5acfb330b2a94aaa268e5c4be6cc1db9 / Unknown
主な行動
行動の説明:杀掉进程
詳細:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
行動の説明:设置特殊文件夹属性
詳細:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行動の説明:查询注册表_检测虚拟机相关
詳細:\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
行動の説明:获取TickCount值
詳細:TickCount = 220984, SleepMilliseconds = 500.
TickCount = 221015, SleepMilliseconds = 500.
TickCount = 221859, SleepMilliseconds = 500.
TickCount = 221984, SleepMilliseconds = 500.
TickCount = 222000, SleepMilliseconds = 500.
TickCount = 222031, SleepMilliseconds = 500.
TickCount = 222062, SleepMilliseconds = 500.
TickCount = 222078, SleepMilliseconds = 500.
TickCount = 222093, SleepMilliseconds = 500.
TickCount = 222109, SleepMilliseconds = 500.
TickCount = 222125, SleepMilliseconds = 500.
TickCount = 222140, SleepMilliseconds = 500.
TickCount = 222375, SleepMilliseconds = 500.
TickCount = 222421, SleepMilliseconds = 500.
TickCount = 222578, SleepMilliseconds = 500.
プロセスの動作
行動の説明:创建进程
詳細:[0x00000b94]ImagePath = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe, CmdLine = "C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe" /_ShowProgress /mnl
行動の説明:创建本地线程
詳細:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2656, ThreadID = 2816, StartAddress = 012CC284, Parameter = 015B3510
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2656, ThreadID = 2832, StartAddress = 012CC284, Parameter = 015B3750
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2656, ThreadID = 2836, StartAddress = 012CC284, Parameter = 015B3790
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2656, ThreadID = 2856, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2656, ThreadID = 2860, StartAddress = 012CC284, Parameter = 015B3810
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2656, ThreadID = 2864, StartAddress = 765E964D, Parameter = 001AF010
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2656, ThreadID = 2868, StartAddress = 012CC284, Parameter = 015B3810
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2656, ThreadID = 2872, StartAddress = 012CC284, Parameter = 015B3850
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2656, ThreadID = 2876, StartAddress = 012CC284, Parameter = 015B3890
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2656, ThreadID = 2880, StartAddress = 012CC284, Parameter = 015B38D0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2656, ThreadID = 2896, StartAddress = 012CC284, Parameter = 015B3990
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2656, ThreadID = 2912, StartAddress = 012E2EC0, Parameter = 015CC760
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2656, ThreadID = 2916, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2656, ThreadID = 2920, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2656, ThreadID = 2928, StartAddress = 6359727B, Parameter = 0027DA98
行動の説明:枚举进程
詳細:N/A
行動の説明:杀掉进程
詳細:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
ファイルの動作
行動の説明:创建文件
詳細:C:\Documents and Settings\Administrator\Local Settings\Temp\00035F38.log
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\csshover3.htc
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\form.bmp.Mask
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\ie6_main.css
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\ie6_main.scss
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\main.css
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\main.scss
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\_functions.scss
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\_helpers.scss
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\_variables.scss
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\helpers\_align.scss
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\helpers\_backgrounds.scss
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\helpers\_border-radius.scss
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\helpers\_border.scss
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\helpers\_clearfix.scss
行動の説明:删除文件
詳細:C:\Documents and Settings\Administrator\Local Settings\Temp\00035F38.log
C:\Documents and Settings\Administrator\Local Settings\Temp\000365B0.log
C:\Documents and Settings\Administrator\Local Settings\Temp\0003644F.log
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\bootstrap_17001.html
C:\Documents and Settings\Administrator\Local Settings\Temp\in6804F1F7\44B47923.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\00038823.log
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\helpers\_align.scss
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\helpers\_backgrounds.scss
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\helpers\_border-radius.scss
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\helpers\_border.scss
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\helpers\_clearfix.scss
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\helpers\_colors.scss
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\helpers\_display.scss
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\helpers\_float.scss
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\helpers\_lists.scss
行動の説明:设置特殊文件夹属性
詳細:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行動の説明:修改文件内容
詳細:C:\Documents and Settings\Administrator\Local Settings\Temp\00035F38.log ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\csshover3.htc ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\form.bmp.Mask ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\ie6_main.css ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\ie6_main.scss ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\main.css ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\main.scss ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\_functions.scss ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\_helpers.scss ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\_variables.scss ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\helpers\_align.scss ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\helpers\_backgrounds.scss ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\helpers\_border-radius.scss ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\helpers\_border.scss ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731\css\helpers\_clearfix.scss ---> Offset = 0
行動の説明:查找文件
詳細:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\inH2210158731
FileName = C:\Program Files\Internet Explorer\IEXPLORE.EXE
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\inH2210158731\bootstrap_17001.html
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\inH2210158731
ネットワークの動作
行動の説明:连接指定站点
詳細:InternetConnectA: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
行動の説明:打开HTTP连接
詳細:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E), hSession = 0x00cc0004
行動の説明:建立到一个指定的套接字连接
詳細:URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x000003fc
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x000004e8
行動の説明:读取网络文件
詳細:hFile = 0x00cc000c, BytesToRead =20480, BytesRead = 20480.
行動の説明:发送HTTP包
詳細:POST / HTTP/1.1 Accept: */* Host: ww****om User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E) Content-Length: 1296 Cache-Control: no-cache
POST / HTTP/1.1 Accept: */* Host: ww****om User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E) Content-Length: 1568 Cache-Control: no-cache
行動の説明:打开HTTP请求
詳細:HttpOpenRequestA: ww****om:80/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: POST, Referer: , Flags = 0x04080000
行動の説明:按名称获取主机地址
詳細:GetAddrInfoW: ww****om
レジストリの動作
行動の説明:修改注册表
詳細:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
行動の説明:删除注册表键值
詳細:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
行動の説明:查询注册表_检测虚拟机相关
詳細:\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
その他の動作
行動の説明:获取光标位置
詳細:CursorPos = (80,18468), SleepMilliseconds = 100.
CursorPos = (6373,26501), SleepMilliseconds = 100.
CursorPos = (19208,15725), SleepMilliseconds = 60000.
CursorPos = (11517,29359), SleepMilliseconds = 60000.
CursorPos = (27001,24465), SleepMilliseconds = 60000.
CursorPos = (5744,28146), SleepMilliseconds = 60000.
CursorPos = (23320,16828), SleepMilliseconds = 60000.
CursorPos = (10000,492), SleepMilliseconds = 60000.
CursorPos = (3034,11943), SleepMilliseconds = 100.
CursorPos = (4866,5437), SleepMilliseconds = 100.
CursorPos = (32430,14605), SleepMilliseconds = 100.
CursorPos = (3941,154), SleepMilliseconds = 100.
CursorPos = (331,12383), SleepMilliseconds = 100.
CursorPos = (17460,18717), SleepMilliseconds = 100.
CursorPos = (19757,19896), SleepMilliseconds = 100.
行動の説明:创建互斥体
詳細:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
Local\ZonesCounterMutex
Local\!PrivacIE!SharedMemory!Mutex
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.EGK
行動の説明:创建事件对象
詳細:EventName = Global\crypt32LogoffEvent
EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.EGK.IC
EventName = MSCTF.SendReceiveConection.Event.EGK.IC
行動の説明:窗口信息
詳細:Pid = 2656, Hwnd=0x1038a, Text = 确定, ClassName = Button.
Pid = 2656, Hwnd=0x1038c, Text = Product configuration is missing!, ClassName = Static.
Pid = 2656, Hwnd=0x40370, Text = Information, ClassName = #32770.
行動の説明:查找指定窗口
詳細:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行動の説明:打开事件
詳細:HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\crypt32LogoffEvent
Global\SvcctrlStartEvent_A3752DX
_fCanRegisterWithShellService
\INSTALLATION_SECURITY_HOLD
MSFT.VSA.COM.DISABLE.2656
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceive.Event.IOH.IC
MSCTF.SendReceiveConection.Event.IOH.IC
行動の説明:获取TickCount值
詳細:TickCount = 220984, SleepMilliseconds = 500.
TickCount = 221015, SleepMilliseconds = 500.
TickCount = 221859, SleepMilliseconds = 500.
TickCount = 221984, SleepMilliseconds = 500.
TickCount = 222000, SleepMilliseconds = 500.
TickCount = 222031, SleepMilliseconds = 500.
TickCount = 222062, SleepMilliseconds = 500.
TickCount = 222078, SleepMilliseconds = 500.
TickCount = 222093, SleepMilliseconds = 500.
TickCount = 222109, SleepMilliseconds = 500.
TickCount = 222125, SleepMilliseconds = 500.
TickCount = 222140, SleepMilliseconds = 500.
TickCount = 222375, SleepMilliseconds = 500.
TickCount = 222421, SleepMilliseconds = 500.
TickCount = 222578, SleepMilliseconds = 500.
行動の説明:调整进程token权限
詳細:SE_SHUTDOWN_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
行動の説明:枚举窗口
詳細:N/A
行動の説明:调用Sleep函数
詳細:[1]: MilliSeconds = 1.
[2]: MilliSeconds = 500.
[3]: MilliSeconds = 500.
[4]: MilliSeconds = 500.
[5]: MilliSeconds = 500.
[6]: MilliSeconds = 500.
[7]: MilliSeconds = 500.
[8]: MilliSeconds = 100.
[9]: MilliSeconds = 0.
[10]: MilliSeconds = 500.
行動の説明:隐藏指定窗口
詳細:[Window,Class] = [,TAejtcPrflc]
[Window,Class] = [,Internet Explorer_Server]
行動の説明:打开互斥体
詳細:ShimCacheMutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
RasPbFile
Local\!IETld!Mutex
CtfmonInstMutexDefaultS-*
スクリーンショットを実行する
VirSCAN

VirSCANについて | Privacy policy | コンタクト | フレンドリーなリンク | ヘルプ
Vit Rusych, Ukraine
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号