VirSCAN VirSCAN

1, U kunt elk bestandstype UPLOADEN, bestandsgrootte max. 20 Mb.
2, VirSCAN ondersteunt Rar/Zip decompressie, max. 20 bestanden per Rar/Zip
3, VirSCAN kan Rar/Zip bestanden scannen die beveiligd zijn met wachtwoord 'infected' of 'virus'.

Taal
Serverbelasting
Server Load
文件信息
安全评分 :35
基本信息
MD5:0c6198a58a2eb943827e8a9db0968ae7
文件类型:EXE
出品公司:Microsoft
版本:1.0.0.1---1, 9, 2, 1
壳或编译器信息:COMPILER:Microsoft Visual C++ 6.0
关键行为
行为描述:对比可疑进程名
详情信息:lstrcmpiA: System <------> avp.exe Des: 卡巴斯基
lstrcmpiA: smss.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: csrss.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: winlogon.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: services.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: lsass.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: 33oxService.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: 33acthlp.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: svchost.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: spoolsv.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: 33UpgradeHelper.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: alg.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: explorer.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: 33oxTray.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: ctfmon.exe <------> avp.exe Des: 卡巴斯基
行为描述:搜索可疑进程名
详情信息:strstr: avp.exe <------> Des: 卡巴斯基
行为描述:获取TickCount值
详情信息:TickCount = 5426143, SleepMilliseconds = 50.
TickCount = 5426159, SleepMilliseconds = 50.
TickCount = 5427081, SleepMilliseconds = 50.
TickCount = 5427190, SleepMilliseconds = 50.
TickCount = 5427768, SleepMilliseconds = 50.
TickCount = 5428503, SleepMilliseconds = 50.
TickCount = 5428534, SleepMilliseconds = 50.
TickCount = 5428550, SleepMilliseconds = 50.
TickCount = 5428581, SleepMilliseconds = 50.
TickCount = 5428596, SleepMilliseconds = 50.
TickCount = 5428706, SleepMilliseconds = 50.
TickCount = 5428721, SleepMilliseconds = 50.
TickCount = 5430753, SleepMilliseconds = 50.
TickCount = 5430768, SleepMilliseconds = 50.
行为描述:自删除
详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
行为描述:设置特殊文件属性
详情信息:C:\Program Files\Google\Vnfvn.exe
行为描述:创建系统服务
详情信息:[服务创建成功]: Vnfvnfopedc Wofwo, C:\Program Files\Google\Vnfvn.exe
进程行为
行为描述:隐藏窗口创建进程
详情信息:ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = "C:\WINDOWS\system32\cmd.exe" /c del C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\****.exe > nul
行为描述:创建进程
详情信息:ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = "C:\WINDOWS\system32\cmd.exe" /c del C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\****.exe > nul
行为描述:创建新文件进程
详情信息:ImagePath = C:\Program Files\Google\Vnfvn.exe, CmdLine = "C:\Program Files\Google\Vnfvn.exe"
行为描述:枚举进程
详情信息:N/A
行为描述:创建本地线程
详情信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1392, ThreadID = 1204, StartAddress = 77C0A341, Parameter = 003F4260
TargetProcess: Vnfvn.exe, InheritedFromPID = 656, ProcessID = 412, ThreadID = 780, StartAddress = 77C0A341, Parameter = 003F3F18
TargetProcess: Vnfvn.exe, InheritedFromPID = 656, ProcessID = 412, ThreadID = 740, StartAddress = 77DC3519, Parameter = 001AD2E0
TargetProcess: Vnfvn.exe, InheritedFromPID = 656, ProcessID = 412, ThreadID = 1136, StartAddress = 77C0A341, Parameter = 003F3F18
文件行为
行为描述:创建文件
详情信息:C:\Program Files\Google\Vnfvn.exe
行为描述:创建可执行文件
详情信息:C:\Program Files\Google\Vnfvn.exe
行为描述:查找文件
详情信息:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\cmd.exe
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\****.exe
行为描述:设置特殊文件属性
详情信息:C:\Program Files\Google\Vnfvn.exe
行为描述:复制文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe ---> C:\Program Files\Google\Vnfvn.exe
行为描述:修改文件内容
详情信息:C:\Program Files\Google\Vnfvn.exe ---> Offset = 0
C:\Program Files\Google\Vnfvn.exe ---> Offset = 65536
C:\Program Files\Google\Vnfvn.exe ---> Offset = 131072
C:\Program Files\Google\Vnfvn.exe ---> Offset = 196608
C:\Program Files\Google\Vnfvn.exe ---> Offset = 262144
行为描述:自删除
详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
网络行为
行为描述:建立到一个指定的套接字连接
详情信息:URL: 84****rg, IP: **.133.40.**:52695, SOCKET = 0x0000010c
行为描述:按名称获取主机地址
详情信息:gethostbyname: 84****rg
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\Vnfvnfopedc Wofwo\MarkTime
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\Vnfvnfopedc Wofwo\Description
\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum\Version
其他行为
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
C:\Program Files\Google\Vnfvn.exe
vrq9vb65vb220Aizs7S00A/0B6Y=
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
eed3bd3a-a1ad-4e99-987b-d7cb3fcfa7f0 - S-1-5-18
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
行为描述:创建事件对象
详情信息:EventName = DINPUTWINMM
EventName = Global\crypt32LogoffEvent
行为描述:对比可疑进程名
详情信息:lstrcmpiA: System <------> avp.exe Des: 卡巴斯基
lstrcmpiA: smss.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: csrss.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: winlogon.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: services.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: lsass.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: 33oxService.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: 33acthlp.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: svchost.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: spoolsv.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: 33UpgradeHelper.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: alg.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: explorer.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: 33oxTray.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: ctfmon.exe <------> avp.exe Des: 卡巴斯基
行为描述:搜索可疑进程名
详情信息:strstr: avp.exe <------> Des: 卡巴斯基
行为描述:启动系统服务
详情信息:[服务启动成功]: LocalSystem, Skcskb Tlctlctk Dulduldt Meum Vnfvnfopedc, C:\Program Files\Google\Vnfvn.exe
行为描述:获取TickCount值
详情信息:TickCount = 5426143, SleepMilliseconds = 50.
TickCount = 5426159, SleepMilliseconds = 50.
TickCount = 5427081, SleepMilliseconds = 50.
TickCount = 5427190, SleepMilliseconds = 50.
TickCount = 5427768, SleepMilliseconds = 50.
TickCount = 5428503, SleepMilliseconds = 50.
TickCount = 5428534, SleepMilliseconds = 50.
TickCount = 5428550, SleepMilliseconds = 50.
TickCount = 5428581, SleepMilliseconds = 50.
TickCount = 5428596, SleepMilliseconds = 50.
TickCount = 5428706, SleepMilliseconds = 50.
TickCount = 5428721, SleepMilliseconds = 50.
TickCount = 5430753, SleepMilliseconds = 50.
TickCount = 5430768, SleepMilliseconds = 50.
行为描述:调整进程token权限
详情信息:SE_LOAD_DRIVER_PRIVILEGE
SE_INC_BASE_PRIORITY_PRIVILEGE
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
Global\SvcctrlStartEvent_A3752DX
_fCanRegisterWithShellService
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
N/A
行为描述:可执行文件签名信息
详情信息:C:\Program Files\Google\Vnfvn.exe(签名验证: 未通过)
行为描述:调用Sleep函数
详情信息:[1]: MilliSeconds = 0.
[2]: MilliSeconds = 0.
[3]: MilliSeconds = 0.
[4]: MilliSeconds = 0.
[5]: MilliSeconds = 0.
[6]: MilliSeconds = 0.
[7]: MilliSeconds = 0.
[8]: MilliSeconds = 0.
[9]: MilliSeconds = 0.
[10]: MilliSeconds = 0.
行为描述:可执行文件MD5
详情信息:C:\Program Files\Google\Vnfvn.exe ---> 0c6198a58a2eb943827e8a9db0968ae7
行为描述:打开互斥体
详情信息:DBWinMutex
Local\!IETld!Mutex
ShimCacheMutex
行为描述:创建系统服务
详情信息:[服务创建成功]: Vnfvnfopedc Wofwo, C:\Program Files\Google\Vnfvn.exe
运行截图
VirSCAN

Over VirSCAN | Privacybeleid | Neem contact met ons op | 友情链接 | Help VirSCAN
Vertaald door Ctrlaltdelete, Nederland
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号