VirSCAN VirSCAN

1, あなた、しかしいずれもファイルする20MbあるUPLOADがファイル.
2, VirSCANがRar/Zip減圧を支持しますが、それが20個未満のファイル.
3, であるに違いない、VirSCAN缶のスキャンがパスワー

言語
サーバーロード
Server Load

文件信息
安全评分 :41
基本信息
MD5:fac49e580c30b4a652306a6b5a420a89
文件类型:EXE
出品公司:
版本:
壳或编译器信息:COMPILER:Elan
关键行为
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\996E
C:\DiskX\Recycler
行为描述:获取TickCount值
详情信息:TickCount = 5435687, SleepMilliseconds = 2000.
TickCount = 5437875, SleepMilliseconds = 2000.
TickCount = 5441781, SleepMilliseconds = 2000.
TickCount = 5446703, SleepMilliseconds = 2000.
TickCount = 5451703, SleepMilliseconds = 2000.
TickCount = 5456687, SleepMilliseconds = 2000.
TickCount = 5461687, SleepMilliseconds = 2000.
TickCount = 5466718, SleepMilliseconds = 2000.
行为描述:设置特殊文件属性
详情信息:C:\DiskX\Recycler\S-1-2-06 87119119468910298974667111109.exe
行为描述:在根目录创建自运行文件
详情信息:C:\DiskX\AutoRun.inf
行为描述:修改敏感的系统文件
详情信息:C:\boot.ini ---> Offset = 23
C:\boot.ini ---> Offset = 34
C:\boot.ini ---> Offset = 175
C:\boot.ini ---> Offset = 184
行为描述:修改注册表_启动项
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Run\W32Time
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\W32Time
进程行为
行为描述:隐藏窗口创建进程
详情信息:ImagePath = , CmdLine = C:\WINDOWS\system32\cmd.exe /c C:\WINDOWS\Inf\svchost.exe
行为描述:创建进程
详情信息:[0x00000678]ImagePath = C:\WINDOWS\explorer.exe, CmdLine = explorer.exe C:\Documents and Settings\Administrator\Local Settings\%temp%\996E
[0x000002cc]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = C:\WINDOWS\system32\cmd.exe /c C:\WINDOWS\Inf\svchost.exe
行为描述:创建新文件进程
详情信息:[0x000002e4]ImagePath = C:\WINDOWS\inf\svchost.exe, CmdLine = C:\WINDOWS\Inf\svchost.exe
文件行为
行为描述:创建文件
详情信息:C:\WINDOWS\inf\svchost.exe
C:\mkldr
C:\boot.ima
C:\DiskX\Recycler\S-1-2-06 87119119468910298974667111109.exe
行为描述:创建可执行文件
详情信息:C:\WINDOWS\inf\svchost.exe
C:\DiskX\Recycler\S-1-2-06 87119119468910298974667111109.exe
行为描述:复制文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe ---> C:\WINDOWS\Inf\svchost.exe
C:\WINDOWS\Inf\svchost.exe ---> E:\Recycler\S-1-2-06 87119119468910298974667111109.exe
C:\WINDOWS\Inf\svchost.exe ---> F:\Recycler\S-1-2-06 87119119468910298974667111109.exe
C:\WINDOWS\Inf\svchost.exe ---> G:\Recycler\S-1-2-06 87119119468910298974667111109.exe
C:\WINDOWS\Inf\svchost.exe ---> H:\Recycler\S-1-2-06 87119119468910298974667111109.exe
C:\WINDOWS\Inf\svchost.exe ---> I:\Recycler\S-1-2-06 87119119468910298974667111109.exe
C:\WINDOWS\Inf\svchost.exe ---> J:\Recycler\S-1-2-06 87119119468910298974667111109.exe
C:\WINDOWS\Inf\svchost.exe ---> K:\Recycler\S-1-2-06 87119119468910298974667111109.exe
C:\WINDOWS\Inf\svchost.exe ---> L:\Recycler\S-1-2-06 87119119468910298974667111109.exe
C:\WINDOWS\Inf\svchost.exe ---> M:\Recycler\S-1-2-06 87119119468910298974667111109.exe
C:\WINDOWS\Inf\svchost.exe ---> N:\Recycler\S-1-2-06 87119119468910298974667111109.exe
C:\WINDOWS\Inf\svchost.exe ---> O:\Recycler\S-1-2-06 87119119468910298974667111109.exe
C:\WINDOWS\Inf\svchost.exe ---> P:\Recycler\S-1-2-06 87119119468910298974667111109.exe
C:\WINDOWS\Inf\svchost.exe ---> Q:\Recycler\S-1-2-06 87119119468910298974667111109.exe
C:\WINDOWS\Inf\svchost.exe ---> R:\Recycler\S-1-2-06 87119119468910298974667111109.exe
行为描述:设置特殊文件属性
详情信息:C:\DiskX\Recycler\S-1-2-06 87119119468910298974667111109.exe
行为描述:查找文件
详情信息:FileName = C:\WINDOWS
FileName = C:\WINDOWS\explorer.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\cmd.exe
FileName = C:\WINDOWS\Inf\svchost.exe
FileName = C:\WINDOWS\Inf
FileName = C:\WINDOWS\inf
FileName = C:\WINDOWS\inf\svchost.exe
FileName = E:\*
行为描述:在根目录创建自运行文件
详情信息:C:\DiskX\AutoRun.inf
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\996E
C:\DiskX\Recycler
行为描述:修改文件内容
详情信息:C:\WINDOWS\inf\svchost.exe ---> Offset = 0
C:\WINDOWS\inf\svchost.exe ---> Offset = 65536
C:\WINDOWS\inf\svchost.exe ---> Offset = 131072
C:\WINDOWS\inf\svchost.exe ---> Offset = 196608
C:\WINDOWS\inf\svchost.exe ---> Offset = 262144
C:\mkldr ---> Offset = 0
C:\boot.ima ---> Offset = 0
C:\DiskX\AutoRun.inf ---> Offset = 0
C:\DiskX\Recycler\S-1-2-06 87119119468910298974667111109.exe ---> Offset = 0
C:\DiskX\Recycler\S-1-2-06 87119119468910298974667111109.exe ---> Offset = 65536
C:\DiskX\Recycler\S-1-2-06 87119119468910298974667111109.exe ---> Offset = 131072
C:\DiskX\Recycler\S-1-2-06 87119119468910298974667111109.exe ---> Offset = 196608
C:\DiskX\Recycler\S-1-2-06 87119119468910298974667111109.exe ---> Offset = 262144
C:\DiskX\AutoRun.inf ---> Offset = 16
行为描述:修改敏感的系统文件
详情信息:C:\boot.ini ---> Offset = 23
C:\boot.ini ---> Offset = 34
C:\boot.ini ---> Offset = 175
C:\boot.ini ---> Offset = 184
注册表行为
行为描述:修改注册表_启动项
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Run\W32Time
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\W32Time
其他行为
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
行为描述:创建事件对象
详情信息:EventName = DINPUTWINMM
EventName = myappname
行为描述:获取TickCount值
详情信息:TickCount = 5435687, SleepMilliseconds = 2000.
TickCount = 5437875, SleepMilliseconds = 2000.
TickCount = 5441781, SleepMilliseconds = 2000.
TickCount = 5446703, SleepMilliseconds = 2000.
TickCount = 5451703, SleepMilliseconds = 2000.
TickCount = 5456687, SleepMilliseconds = 2000.
TickCount = 5461687, SleepMilliseconds = 2000.
TickCount = 5466718, SleepMilliseconds = 2000.
行为描述:调整进程token权限
详情信息:SE_LOAD_DRIVER_PRIVILEGE
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
myappname
行为描述:可执行文件签名信息
详情信息:C:\WINDOWS\inf\svchost.exe(签名验证: 未通过)
C:\DiskX\Recycler\S-1-2-06 87119119468910298974667111109.exe(签名验证: 未通过)
行为描述:调用Sleep函数
详情信息:[1]: MilliSeconds = 2000.
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,Afx:400000:8:10011:1900015:0]
行为描述:可执行文件MD5
详情信息:C:\WINDOWS\inf\svchost.exe ---> fac49e580c30b4a652306a6b5a420a89
C:\DiskX\Recycler\S-1-2-06 87119119468910298974667111109.exe ---> fac49e580c30b4a652306a6b5a420a89
行为描述:打开互斥体
详情信息:ShimCacheMutex
运行截图
VirSCAN

VirSCANについて | Privacy policy | コンタクト | 友情链接 | ヘルプ
Vit Rusych, Ukraine
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号