VirSCAN VirSCAN

1, 당신은 모든 파일을 업로드할 수 있지만 최대 20Mb의 용량제한이 있다.
2, Rar/Zip 파일은 자동압축해제를 하지만 내부에 20개 파일보다 적어야 한다.
3, 압축된 파일이 'infected' 또는 'virus'로 암호화된 경우 진단할 수 있다.

언어선택
서비스 로드
Server Load

파일 정보
안전 등급:85
행동 목록
기본 정보
MD5:6b2356f801d13e46cbaaf79dbf86d204
파일 형식 :EXE
생산 회사 :
버전 :
쉘 또는 컴파일러 정보 :PACKER:Enigma Protector V1.1X-V1.3X -> Sukhov Vladimir & Serge N. Markin *
주요 행동
동작 설명:屏蔽窗口关闭消息
세부 정보:hWnd = 0x00160306, Text = Cadsoft Eagle v7.7.0 win32 Patch, ClassName = #32770.
동작 설명:获取窗口截图信息
세부 정보:Foreground window Info: HWND = 0x00000000, DC = 0x5901051e.
Foreground window Info: HWND = 0x00000000, DC = 0x80010690.
Foreground window Info: HWND = 0x00000000, DC = 0xd10105a4.
동작 설명:获取TickCount值
세부 정보:TickCount = 5434265, SleepMilliseconds = 1000.
TickCount = 5434390, SleepMilliseconds = 1000.
TickCount = 5434421, SleepMilliseconds = 1000.
TickCount = 5434437, SleepMilliseconds = 1000.
TickCount = 5434453, SleepMilliseconds = 1000.
TickCount = 5434468, SleepMilliseconds = 1000.
TickCount = 5434578, SleepMilliseconds = 1000.
TickCount = 5433952, SleepMilliseconds = 46.
TickCount = 5435218, SleepMilliseconds = 1000.
TickCount = 5435531, SleepMilliseconds = 1000.
TickCount = 5434889, SleepMilliseconds = 46.
TickCount = 5436156, SleepMilliseconds = 1000.
TickCount = 5436468, SleepMilliseconds = 1000.
TickCount = 5435827, SleepMilliseconds = 46.
TickCount = 5437093, SleepMilliseconds = 1000.
프로세스 동작
동작 설명:创建本地线程
세부 정보:TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1996, ThreadID = 412, StartAddress = 005A9A80, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1996, ThreadID = 780, StartAddress = 004E81E0, Parameter = 00F9D19C
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1996, ThreadID = 1956, StartAddress = 004038F5, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1996, ThreadID = 1188, StartAddress = 00401BAC, Parameter = 0040C81B
파일 동작
동작 설명:创建文件
세부 정보:C:\Documents and Settings\Administrator\Local Settings\Temp\bassmod.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\Pocket Calculator.ttf
동작 설명:创建可执行文件
세부 정보:C:\Documents and Settings\Administrator\Local Settings\Temp\bassmod.dll
동작 설명:修改文件内容
세부 정보:C:\Documents and Settings\Administrator\Local Settings\Temp\bassmod.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Pocket Calculator.ttf ---> Offset = 0
동작 설명:查找文件
세부 정보:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\
FileName = C:\DOCUME~1\ADMINI~1\
FileName = C:\DOCUME~1\
FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
기타 행동
동작 설명:创建互斥体
세부 정보:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.AEC
동작 설명:隐藏指定窗口
세부 정보:[Window,Class] = [,ListBox]
[Window,Class] = [BTN_PATCH_UP,Static]
[Window,Class] = [BTN_ABOUT_UP,Static]
[Window,Class] = [BTN_EXIT_UP,Static]
[Window,Class] = [<scrolltext placeholder>,Static]
동작 설명:样本控制台输出内容
세부 정보:N/A
동작 설명:打开事件
세부 정보:HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000052
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000052
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
Global\SvcctrlStartEvent_A3752DX
동작 설명:获取TickCount值
세부 정보:TickCount = 5434265, SleepMilliseconds = 1000.
TickCount = 5434390, SleepMilliseconds = 1000.
TickCount = 5434421, SleepMilliseconds = 1000.
TickCount = 5434437, SleepMilliseconds = 1000.
TickCount = 5434453, SleepMilliseconds = 1000.
TickCount = 5434468, SleepMilliseconds = 1000.
TickCount = 5434578, SleepMilliseconds = 1000.
TickCount = 5433952, SleepMilliseconds = 46.
TickCount = 5435218, SleepMilliseconds = 1000.
TickCount = 5435531, SleepMilliseconds = 1000.
TickCount = 5434889, SleepMilliseconds = 46.
TickCount = 5436156, SleepMilliseconds = 1000.
TickCount = 5436468, SleepMilliseconds = 1000.
TickCount = 5435827, SleepMilliseconds = 46.
TickCount = 5437093, SleepMilliseconds = 1000.
동작 설명:屏蔽窗口关闭消息
세부 정보:hWnd = 0x00160306, Text = Cadsoft Eagle v7.7.0 win32 Patch, ClassName = #32770.
동작 설명:窗口信息
세부 정보:Pid = 1996, Hwnd=0xa03b0, Text = _BACK, ClassName = Static.
Pid = 1996, Hwnd=0x303dc, Text = Eagle v7.7.0 (win32), ClassName = Static.
Pid = 1996, Hwnd=0x2102bc, Text = ftp://ftp.cadsoft.de/eagle/program/7.7/eagle-win32-7.7.0.exe, ClassName = Static.
Pid = 1996, Hwnd=0x16032e, Text = S.S.G.C Team, ClassName = Static.
Pid = 1996, Hwnd=0xf034a, Text = Install Eagle...Run patch! You dont need a license!! After patching you run as EAGLE Ultimate And all Ultimate features become, ClassName = Static.
Pid = 1996, Hwnd=0x603c6, Text = 05 - 10 - 2016, ClassName = Static.
Pid = 1996, Hwnd=0xc038a, Text = BTN_PATCH_UP, ClassName = Static.
Pid = 1996, Hwnd=0x15030c, Text = BTN_ABOUT_UP, ClassName = Static.
Pid = 1996, Hwnd=0x403ca, Text = BTN_EXIT_UP, ClassName = Static.
Pid = 1996, Hwnd=0x6037e, Text = SEK, ClassName = Static.
Pid = 1996, Hwnd=0x40394, Text = <scrolltext placeholder>, ClassName = Static.
Pid = 1996, Hwnd=0x160306, Text = Cadsoft Eagle v7.7.0 win32 Patch, ClassName = #32770.
동작 설명:获取窗口截图信息
세부 정보:Foreground window Info: HWND = 0x00000000, DC = 0x5901051e.
Foreground window Info: HWND = 0x00000000, DC = 0x80010690.
Foreground window Info: HWND = 0x00000000, DC = 0xd10105a4.
동작 설명:可执行文件签名信息
세부 정보:C:\Documents and Settings\Administrator\Local Settings\Temp\bassmod.dll(签名验证: 未通过)
동작 설명:调用Sleep函数
세부 정보:[1]: MilliSeconds = 1000.
[2]: MilliSeconds = 1000.
[3]: MilliSeconds = 1000.
[4]: MilliSeconds = 1000.
[5]: MilliSeconds = 3150.
[6]: MilliSeconds = 1000.
[7]: MilliSeconds = 1000.
[8]: MilliSeconds = 1000.
[9]: MilliSeconds = 1000.
[10]: MilliSeconds = 1000.
동작 설명:创建事件对象
세부 정보:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.AEC.IC
EventName = MSCTF.SendReceiveConection.Event.AEC.IC
동작 설명:可执行文件MD5
세부 정보:C:\Documents and Settings\Administrator\Local Settings\Temp\bassmod.dll ---> 780d14604d49e3c634200c523def8351
동작 설명:打开互斥体
세부 정보:ShimCacheMutex
동작 설명:查找指定窗口
세부 정보:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
동작 설명:加载新释放的文件
세부 정보:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bassmod.dll.
스크린 샷 실행
VirSCAN

VirSCAN 이란 | 개인정책 | 연락 | 친숙한 링크 | 도움지원
거스 (Gus) 번역 (한국)
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号