VirSCAN VirSCAN

1, 당신은 모든 파일을 업로드할 수 있지만 최대 20Mb의 용량제한이 있다.
2, Rar/Zip 파일은 자동압축해제를 하지만 내부에 20개 파일보다 적어야 한다.
3, 압축된 파일이 'infected' 또는 'virus'로 암호화된 경우 진단할 수 있다.

언어선택
서비스 로드
Server Load

파일 정보
안전 등급:50
행동 목록
기본 정보
MD5:ee3141abb76462e553c63a8a51c40dd8
파일 형식 :zip
생산 회사 :
버전 :
쉘 또는 컴파일러 정보 :
서브 파일 정보:00001.dll / 6d106ac24d967665185b14ba058249ba / DLL
360FileKiller.exe / 341edff6144f324e79c65e8fef2824bc / EXE
iext.fnr / 8fc38a56bab9cfe08b48eb6ee3fa997c / DLL
edroptarget.fne / db8fc3e8927ad7829d2fe1d0257cb1a9 / DLL
dp1.fne / a062fbf36321864ac8e7e2e408ff0d90 / DLL
spec.fne / a3d91dfe08bbde277f73eb28edc1aff6 / DLL
shell.fne / 0974a88b64ff8b06c80b88ddf251c597 / DLL
VerifyFile.dll / f790164db1eee73e57f864331c34a9d6 / DLL
Readme-说明.htm / a59029ce16322dbd57343463ae17df56 / Unknown
주요 행동
동작 설명:屏蔽窗口关闭消息
세부 정보:hWnd = 0x00010372, Text = 超级文件粉碎器 1.6 By MJ0011, ClassName = Afx:10000000:b:10011:1900015:0.
프로세스 동작
동작 설명:隐藏窗口创建进程
세부 정보:ImagePath = , CmdLine = net start cryptsvc
ImagePath = , CmdLine = sc delete 360IceBreaker
동작 설명:创建进程
세부 정보:[0x00000d94]ImagePath = C:\WINDOWS\system32\net.exe, CmdLine = net start cryptsvc
[0x00000db4]ImagePath = C:\WINDOWS\system32\net1.exe, CmdLine = net1 start cryptsvc
[0x00000fdc]ImagePath = C:\WINDOWS\system32\sc.exe, CmdLine = sc delete 360IceBreaker
동작 설명:创建新文件进程
세부 정보:[0x00000d3c]ImagePath = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\704AC5AC770E.exe, CmdLine = .\704AC5AC770E.exe
파일 동작
동작 설명:创建文件
세부 정보:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\704AC5AC770E.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\iext.fnr
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\shell.fne
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\spec.fne
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\VerifyFile.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\dp1.fne
동작 설명:创建可执行文件
세부 정보:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\704AC5AC770E.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\iext.fnr
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\shell.fne
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\spec.fne
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\VerifyFile.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\dp1.fne
동작 설명:查找文件
세부 정보:FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\net.exe
FileName = C:\WINDOWS\system32\net1.exe
FileName = C:\WINDOWS\system32\sc.exe
동작 설명:删除文件
세부 정보:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\iext.fnr
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\shell.fne
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\spec.fne
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\VerifyFile.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\dp1.fne
동작 설명:复制文件
세부 정보:.\360FileKiller.exe ---> .\704AC5AC770E.exe
동작 설명:修改文件内容
세부 정보:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\edroptarget.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\edroptarget.fne ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\edroptarget.fne ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\704AC5AC770E.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\704AC5AC770E.exe ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\704AC5AC770E.exe ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\704AC5AC770E.exe ---> Offset = 196608
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\704AC5AC770E.exe ---> Offset = 262144
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\iext.fnr ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\shell.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\spec.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\VerifyFile.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\dp1.fne ---> Offset = 0
레지스트리 동작
동작 설명:修改注册表_延迟重命名项
세부 정보:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
기타 행동
동작 설명:创建互斥体
세부 정보:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.AEN
동작 설명:创建事件对象
세부 정보:EventName = DINPUTWINMM
EventName = Wait For Buffer Return
EventName = MSCTF.SendReceive.Event.AEN.IC
EventName = MSCTF.SendReceiveConection.Event.AEN.IC
동작 설명:查找指定窗口
세부 정보:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
동작 설명:启动系统服务
세부 정보:[服务已运行]: LocalSystem, Cryptographic Services, C:\WINDOWS\system32\svchost.exe -k netsvcs
동작 설명:打开事件
세부 정보:HookSwitchHookEnabledEvent
Global\SvcctrlStartEvent_A3752DX
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
동작 설명:屏蔽窗口关闭消息
세부 정보:hWnd = 0x00010372, Text = 超级文件粉碎器 1.6 By MJ0011, ClassName = Afx:10000000:b:10011:1900015:0.
동작 설명:窗口信息
세부 정보:Pid = 3388, Hwnd=0x10374, Text = 访问360安全论坛, ClassName = Afx:10000000:b:10011:1900015:0.
Pid = 3388, Hwnd=0x10376, Text = 下载360安全卫士, ClassName = Afx:10000000:b:10011:1900015:0.
Pid = 3388, Hwnd=0x10378, Text = 删除前备份为.bak文件, ClassName = Button(CheckBox).
Pid = 3388, Hwnd=0x1037a, Text = 不删除有签名的文件, ClassName = Button(CheckBox).
Pid = 3388, Hwnd=0x1037c, Text = Switch the user interface language:, ClassName = Afx:10000000:b:10011:1900015:0.
Pid = 3388, Hwnd=0x1037e, Text = 繁體中文, ClassName = Button(RadioButton).
Pid = 3388, Hwnd=0x10380, Text = 简体中文, ClassName = Button(RadioButton).
Pid = 3388, Hwnd=0x10382, Text = English, ClassName = Button(RadioButton).
Pid = 3388, Hwnd=0x10384, Text = 阻止被删除文件再次生成, ClassName = Button(CheckBox).
Pid = 3388, Hwnd=0x10386, Text = 版本:1.6.0003, ClassName = Afx:10000000:b:10011:1900015:0.
Pid = 3388, Hwnd=0x10388, Text = 导入文件列表, ClassName = Button.
Pid = 3388, Hwnd=0x1038a, Text = 删除进度, ClassName = Afx:10000000:b:10011:1900015:0.
Pid = 3388, Hwnd=0x1038c, Text = 从列表中移除, ClassName = Button.
Pid = 3388, Hwnd=0x10390, Text = 全选, ClassName = Button(CheckBox).
Pid = 3388, Hwnd=0x10394, Text = 粉碎选中文件, ClassName = Button.
동작 설명:可执行文件签名信息
세부 정보:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\704AC5AC770E.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\iext.fnr(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\shell.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\spec.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\VerifyFile.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\dp1.fne(签名验证: 未通过)
동작 설명:隐藏指定窗口
세부 정보:[Window,Class] = [,Afx:c30000:b:10011:1900010:0]
[Window,Class] = [,Afx:10000000:8:10011:1900015:0]
동작 설명:可执行文件MD5
세부 정보:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\704AC5AC770E.exe ---> 341edff6144f324e79c65e8fef2824bc
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\iext.fnr ---> 8fc38a56bab9cfe08b48eb6ee3fa997c
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\shell.fne ---> 0974a88b64ff8b06c80b88ddf251c597
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\spec.fne ---> a3d91dfe08bbde277f73eb28edc1aff6
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\VerifyFile.dll ---> f790164db1eee73e57f864331c34a9d6
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\dp1.fne ---> a062fbf36321864ac8e7e2e408ff0d90
동작 설명:打开互斥体
세부 정보:ShimCacheMutex
동작 설명:加载新释放的文件
세부 정보:Image: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\shell.fne.
스크린 샷 실행
VirSCAN

VirSCAN 이란 | 개인정책 | 연락 | 친숙한 링크 | 도움지원
거스 (Gus) 번역 (한국)
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号