VirSCAN VirSCAN

1, Możesz wysyłać dowolne pliki, ale nie większe niż 20Mb.
2, VirSCAN obsługuje dekompresję Rar/Zip, ale archiwum musi zawierać mniej niż 20 plików.
3, VirSCAN może skanować pliki skompresowane i zaszyfrowane hasłem "infected" lub "virus".

Język
Obciążenie serwera
Server Load

文件信息
安全评分 :80
基本信息
MD5:57800e09b7bd3119d03590cad4e11775
文件类型:EXE
出品公司:
版本:
壳或编译器信息:COMPILER:NSIS
子文件信息:vcredist_x86.exe / f031c0d2b460209b47b91c46a3d202fe / EXE
iProfessionalLibrary.ocx / 078ed859d0e49902a4251ea064664a0c / DLL
MSVBVM60.DLL / 6a76af7a3bd2b73a8b0e51e5b56ae46d / DLL
Edt32x30.ocx / f01bd585d0bac33f3d09b5b7de445692 / DLL
isAnalogLibrary.ocx / 0ddb9b110733303cdf9109b0d153fe69 / DLL
mfc80.dll / 56931baf613550ce64141be8153d03ac / DLL
isDigitalLibrary.ocx / 26cdb96492ef1224eab124d6ae161b53 / DLL
mfc70.dll / 09aef167eb1531e965053d0dcf6cc573 / DLL
EasyGrid.ocx / 1b8b0fc8caf5eee5db22e930810d8754 / DLL
registrator.exe / c17b4cf49f810050d210a2ce3c2a78f0 / EXE
惕_绣汨耱疣蝾 / 898acee17cbddcdd047d843ff8f0ac3e / EXE
Flp32a30.ocx / 1bfd40909a21137cb5c2c9d0d9659bf1 / DLL
DynaPlot3.ocx / acc691bcfd6acc549f93c7aaf7ae3379 / DLL
msvcr80.dll / 16d7ddf3b659f7cf1cb9f4dcff4219f0 / DLL
msvcp80.dll / 2bc650257fb0867abd54fd460ec2bafc / DLL
msvcm80.dll / cdcc63e967d64ece3729246720af4fcc / DLL
btn32a20.ocx / a48b861c2b5e7e5fc5eb0a01b6ef3030 / DLL
msvcr70.dll / 9972a6ed4f2388dbfa8e0a96f6f3fdf1 / DLL
WMInterfaceXPFree.ocx / f0e687c7ff38fc8399724040b020bb9b / DLL
关键行为
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x00010344, Text = 玉蜞眍怅?惕?绣汨耱疣蝾?1.1.14 (DEMO), ClassName = #32770.
文件行为
行为描述:创建文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nso7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\up.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\modern-wizard.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\InstallOptions.dll
C:\WINDOWS\wininit.ini
行为描述:删除文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nso7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\InstallOptions.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\modern-wizard.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\up.ini
行为描述:创建可执行文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\InstallOptions.dll
行为描述:修改文件内容
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\up.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\up.ini ---> Offset = 27
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini ---> Offset = 36
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\modern-wizard.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini ---> Offset = 124
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini ---> Offset = 33
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini ---> Offset = 43
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini ---> Offset = 60
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini ---> Offset = 277
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini ---> Offset = 347
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini ---> Offset = 402
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini ---> Offset = 410
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini ---> Offset = 422
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\InstallOptions.dll ---> Offset = 0
行为描述:查找文件
详情信息:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nso8.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nso8.tmp\*.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nso8.tmp\InstallOptions.dll.AmBackup1
注册表行为
行为描述:修改注册表_延迟重命名项
详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
其他行为
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.MEJ
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,Button]
[Window,Class] = [Copyright 2003 by MICROL ENT.,Static]
[Window,Class] = [Copyright 2003 by MICROL ENT. ,Static]
[Window,Class] = [,Static]
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
行为描述:调整进程token权限
详情信息:SE_LOAD_DRIVER_PRIVILEGE
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x00010344, Text = 玉蜞眍怅?惕?绣汨耱疣蝾?1.1.14 (DEMO), ClassName = #32770.
行为描述:窗口信息
详情信息:Pid = 2376, Hwnd=0x1034a, Text = &泥脲?>, ClassName = Button.
Pid = 2376, Hwnd=0x1034c, Text = 悟戾磬, ClassName = Button.
Pid = 2376, Hwnd=0x10358, Text = Copyright 2003 by MICROL ENT. , ClassName = Static.
Pid = 2376, Hwnd=0x1035a, Text = Copyright 2003 by MICROL ENT., ClassName = Static.
Pid = 2376, Hwnd=0x10368, Text = 锣?镳桠弪耱怏弪 爨耱屦 篑蜞眍怅?惕?绣汨耱疣蝾?1.1.14 (DEMO), ClassName = Static.
Pid = 2376, Hwnd=0x1036a, Text = 蒡?镳钽疣祆?篑蜞眍忤?惕?绣汨耱疣蝾?1.1.14 (DEMO) 磬 忄?觐祜蝈? 襄疱?磬鬣腩?篑蜞眍怅?疱觐戾礓箦蝰 玎牮?怦?疣犷蜞桢 镳桦铈屙?. 蒡?镱玮铍栩 镳钽疣祆?篑蜞眍怅?钺眍忤螯 耔耱屐睇?羿殡?徨?镥疱玎沭箸觇 觐祜蝈疣. 袜骒栩?觏铒牦 "泥脲? 潆 镳钿铍驽龛., ClassName = Static.
Pid = 2376, Hwnd=0x10344, Text = 玉蜞眍怅?惕?绣汨耱疣蝾?1.1.14 (DEMO), ClassName = #32770.
Pid = 2376, Hwnd=0x3042c, Text = 是(&Y), ClassName = Button.
Pid = 2376, Hwnd=0x2042e, Text = 否(&N), ClassName = Button.
Pid = 2376, Hwnd=0x10432, Text = 蔓 溴轳蜮栩咫?躅蜩蝈 铗戾龛螯 篑蜞眍怅?惕?绣汨耱疣蝾?1.1.14 (DEMO)?, ClassName = Static.
Pid = 2376, Hwnd=0xc039e, Text = 玉蜞眍怅?惕?绣汨耱疣蝾?1.1.14 (DEMO), ClassName = #32770.
行为描述:可执行文件签名信息
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\InstallOptions.dll(签名验证: 未通过)
行为描述:创建事件对象
详情信息:EventName = MSCTF.SendReceive.Event.MEJ.IC
EventName = MSCTF.SendReceiveConection.Event.MEJ.IC
行为描述:可执行文件MD5
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\InstallOptions.dll ---> 06bef96b91bfa75b7f7817341a6cd597
行为描述:打开互斥体
详情信息:ShimCacheMutex
行为描述:加载新释放的文件
详情信息:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nso8.tmp\InstallOptions.dll.
运行截图
VirSCAN

O VirSCAN | Polityka prywatności | Kontakt z nami | 友情链接 | Pomóż VirSCAN
Przetłumaczony przez Łukasz 'ZeeWolf' Kieres, Polska
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号