VirSCAN VirSCAN

1, Możesz wysyłać dowolne pliki, ale nie większe niż 20Mb.
2, VirSCAN obsługuje dekompresję Rar/Zip, ale archiwum musi zawierać mniej niż 20 plików.
3, VirSCAN może skanować pliki skompresowane i zaszyfrowane hasłem "infected" lub "virus".

Język
Obciążenie serwera
Server Load

Informacje o pliku
Ocena bezpieczeństwa:80
behaviorlist
Podstawowe informacje
MD5:57800e09b7bd3119d03590cad4e11775
Typ pliku:EXE
Firma produkcyjna:
Wersja:
Informacje o powłoce lub kompilatorze:COMPILER:NSIS
Informacje o segregatorze:vcredist_x86.exe / f031c0d2b460209b47b91c46a3d202fe / EXE
iProfessionalLibrary.ocx / 078ed859d0e49902a4251ea064664a0c / DLL
MSVBVM60.DLL / 6a76af7a3bd2b73a8b0e51e5b56ae46d / DLL
Edt32x30.ocx / f01bd585d0bac33f3d09b5b7de445692 / DLL
isAnalogLibrary.ocx / 0ddb9b110733303cdf9109b0d153fe69 / DLL
mfc80.dll / 56931baf613550ce64141be8153d03ac / DLL
isDigitalLibrary.ocx / 26cdb96492ef1224eab124d6ae161b53 / DLL
mfc70.dll / 09aef167eb1531e965053d0dcf6cc573 / DLL
EasyGrid.ocx / 1b8b0fc8caf5eee5db22e930810d8754 / DLL
registrator.exe / c17b4cf49f810050d210a2ce3c2a78f0 / EXE
惕_绣汨耱疣蝾 / 898acee17cbddcdd047d843ff8f0ac3e / EXE
Flp32a30.ocx / 1bfd40909a21137cb5c2c9d0d9659bf1 / DLL
DynaPlot3.ocx / acc691bcfd6acc549f93c7aaf7ae3379 / DLL
msvcr80.dll / 16d7ddf3b659f7cf1cb9f4dcff4219f0 / DLL
msvcp80.dll / 2bc650257fb0867abd54fd460ec2bafc / DLL
msvcm80.dll / cdcc63e967d64ece3729246720af4fcc / DLL
btn32a20.ocx / a48b861c2b5e7e5fc5eb0a01b6ef3030 / DLL
msvcr70.dll / 9972a6ed4f2388dbfa8e0a96f6f3fdf1 / DLL
WMInterfaceXPFree.ocx / f0e687c7ff38fc8399724040b020bb9b / DLL
Kluczowe zachowanie
Opis zachowania:屏蔽窗口关闭消息
Szczegóły:hWnd = 0x00010344, Text = 玉蜞眍怅?惕?绣汨耱疣蝾?1.1.14 (DEMO), ClassName = #32770.
Zachowanie pliku
Opis zachowania:创建文件
Szczegóły:C:\Documents and Settings\Administrator\Local Settings\Temp\nso7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\up.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\modern-wizard.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\InstallOptions.dll
C:\WINDOWS\wininit.ini
Opis zachowania:删除文件
Szczegóły:C:\Documents and Settings\Administrator\Local Settings\Temp\nso7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\InstallOptions.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\modern-wizard.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\up.ini
Opis zachowania:创建可执行文件
Szczegóły:C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\InstallOptions.dll
Opis zachowania:修改文件内容
Szczegóły:C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\up.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\up.ini ---> Offset = 27
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini ---> Offset = 36
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\modern-wizard.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini ---> Offset = 124
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini ---> Offset = 33
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini ---> Offset = 43
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini ---> Offset = 60
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini ---> Offset = 277
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini ---> Offset = 347
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini ---> Offset = 402
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini ---> Offset = 410
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\ioSpecial.ini ---> Offset = 422
C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\InstallOptions.dll ---> Offset = 0
Opis zachowania:查找文件
Szczegóły:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nso8.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nso8.tmp\*.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nso8.tmp\InstallOptions.dll.AmBackup1
Zachowanie rejestru
Opis zachowania:修改注册表_延迟重命名项
Szczegóły:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Inne zachowanie
Opis zachowania:创建互斥体
Szczegóły:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.MEJ
Opis zachowania:隐藏指定窗口
Szczegóły:[Window,Class] = [,Button]
[Window,Class] = [Copyright 2003 by MICROL ENT.,Static]
[Window,Class] = [Copyright 2003 by MICROL ENT. ,Static]
[Window,Class] = [,Static]
Opis zachowania:查找指定窗口
Szczegóły:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Opis zachowania:打开事件
Szczegóły:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Opis zachowania:调整进程token权限
Szczegóły:SE_LOAD_DRIVER_PRIVILEGE
Opis zachowania:屏蔽窗口关闭消息
Szczegóły:hWnd = 0x00010344, Text = 玉蜞眍怅?惕?绣汨耱疣蝾?1.1.14 (DEMO), ClassName = #32770.
Opis zachowania:窗口信息
Szczegóły:Pid = 2376, Hwnd=0x1034a, Text = &泥脲?>, ClassName = Button.
Pid = 2376, Hwnd=0x1034c, Text = 悟戾磬, ClassName = Button.
Pid = 2376, Hwnd=0x10358, Text = Copyright 2003 by MICROL ENT. , ClassName = Static.
Pid = 2376, Hwnd=0x1035a, Text = Copyright 2003 by MICROL ENT., ClassName = Static.
Pid = 2376, Hwnd=0x10368, Text = 锣?镳桠弪耱怏弪 爨耱屦 篑蜞眍怅?惕?绣汨耱疣蝾?1.1.14 (DEMO), ClassName = Static.
Pid = 2376, Hwnd=0x1036a, Text = 蒡?镳钽疣祆?篑蜞眍忤?惕?绣汨耱疣蝾?1.1.14 (DEMO) 磬 忄?觐祜蝈? 襄疱?磬鬣腩?篑蜞眍怅?疱觐戾礓箦蝰 玎牮?怦?疣犷蜞桢 镳桦铈屙?. 蒡?镱玮铍栩 镳钽疣祆?篑蜞眍怅?钺眍忤螯 耔耱屐睇?羿殡?徨?镥疱玎沭箸觇 觐祜蝈疣. 袜骒栩?觏铒牦 "泥脲? 潆 镳钿铍驽龛., ClassName = Static.
Pid = 2376, Hwnd=0x10344, Text = 玉蜞眍怅?惕?绣汨耱疣蝾?1.1.14 (DEMO), ClassName = #32770.
Pid = 2376, Hwnd=0x3042c, Text = 是(&Y), ClassName = Button.
Pid = 2376, Hwnd=0x2042e, Text = 否(&N), ClassName = Button.
Pid = 2376, Hwnd=0x10432, Text = 蔓 溴轳蜮栩咫?躅蜩蝈 铗戾龛螯 篑蜞眍怅?惕?绣汨耱疣蝾?1.1.14 (DEMO)?, ClassName = Static.
Pid = 2376, Hwnd=0xc039e, Text = 玉蜞眍怅?惕?绣汨耱疣蝾?1.1.14 (DEMO), ClassName = #32770.
Opis zachowania:可执行文件签名信息
Szczegóły:C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\InstallOptions.dll(签名验证: 未通过)
Opis zachowania:创建事件对象
Szczegóły:EventName = MSCTF.SendReceive.Event.MEJ.IC
EventName = MSCTF.SendReceiveConection.Event.MEJ.IC
Opis zachowania:可执行文件MD5
Szczegóły:C:\Documents and Settings\Administrator\Local Settings\Temp\nso8.tmp\InstallOptions.dll ---> 06bef96b91bfa75b7f7817341a6cd597
Opis zachowania:打开互斥体
Szczegóły:ShimCacheMutex
Opis zachowania:加载新释放的文件
Szczegóły:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nso8.tmp\InstallOptions.dll.
Uruchom zrzut ekranu
VirSCAN

O VirSCAN | Polityka prywatności | Kontakt z nami | 友情链接 | Pomóż VirSCAN
Przetłumaczony przez Łukasz 'ZeeWolf' Kieres, Polska
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号