VirSCAN VirSCAN

1, Możesz wysyłać dowolne pliki, ale nie większe niż 20Mb.
2, VirSCAN obsługuje dekompresję Rar/Zip, ale archiwum musi zawierać mniej niż 20 plików.
3, VirSCAN może skanować pliki skompresowane i zaszyfrowane hasłem "infected" lub "virus".

Język
Obciążenie serwera
Server Load

Informacje o pliku
Ocena bezpieczeństwa:50
Lista zachowań
Raport analizy zachowania:         Raport analizy zachowania pliku Threatbook
Podstawowe informacje
MD5:781dde2c9f23f4f2e4a55fcfac3ca342
Typ pliku:EXE
Firma produkcyjna:
Wersja:
Informacje o powłoce lub kompilatorze:COMPILER:Borland Delphi 6.0 - 7.0
Kluczowe zachowanie
Opis zachowania:设置特殊文件属性
Szczegóły:C:\ginstall.exe
C:\222c25ed\IE8-Setup-Full\gIE-REDIST.EXE
C:\222c25ed\IE8-Setup-Full\ginstallservices.exe
C:\Python27\gpython.exe
C:\Python27\gpython2.7.exe
C:\Python27\gpython2.exe
C:\Python27\gpythonw.exe
C:\Python27\gpythonw2.7.exe
C:\Python27\gpythonw2.exe
C:\Python27\gw9xpopen.exe
C:\Python27\Lib\distutils\command\gwininst-6.0.exe
C:\Python27\Lib\distutils\command\gwininst-7.1.exe
C:\Python27\Lib\distutils\command\gwininst-8.0.exe
C:\Python27\Lib\distutils\command\gwininst-9.0-amd64.exe
C:\Python27\Lib\distutils\command\gwininst-9.0.exe
Opis zachowania:查找文件方式探测虚拟机
Szczegóły:FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序\Oracle VM VirtualBox Guest Additions\*.exe*
FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序\Oracle VM VirtualBox Guest Additions\*.*
FindFirstFileEx: FileName = C:\WINDOWS\Temp\vmware-SYSTEM\*.exe*
FindFirstFileEx: FileName = C:\WINDOWS\Temp\vmware-SYSTEM\*.*
Zachowanie pliku
Opis zachowania:创建文件
Szczegóły:C:\Documents and Settings\Administrator\Application Data\Ground.exe
C:\install.exe
C:\ginstall.ico
C:\RCX3.tmp
C:\222c25ed\IE8-Setup-Full\IE-REDIST.EXE
C:\222c25ed\IE8-Setup-Full\gIE-REDIST.ico
C:\222c25ed\IE8-Setup-Full\installservices.exe
C:\222c25ed\IE8-Setup-Full\ginstallservices.ico
C:\222c25ed\IE8-Setup-Full\RCX4.tmp
C:\Python27\python.exe
C:\Python27\gpython.ico
C:\Python27\RCX5.tmp
C:\Python27\python2.7.exe
C:\Python27\gpython2.7.ico
C:\Python27\RCX6.tmp
Opis zachowania:创建可执行文件
Szczegóły:C:\Documents and Settings\Administrator\Application Data\Ground.exe
C:\install.exe
C:\RCX3.tmp
C:\222c25ed\IE8-Setup-Full\IE-REDIST.EXE
C:\222c25ed\IE8-Setup-Full\installservices.exe
C:\222c25ed\IE8-Setup-Full\RCX4.tmp
C:\Python27\python.exe
C:\Python27\RCX5.tmp
C:\Python27\python2.7.exe
C:\Python27\RCX6.tmp
C:\Python27\python2.exe
C:\Python27\RCX7.tmp
C:\Python27\pythonw.exe
C:\Python27\RCX8.tmp
C:\Python27\pythonw2.7.exe
Opis zachowania:删除文件
Szczegóły:C:\install.exe
C:\ginstall.ico
C:\222c25ed\IE8-Setup-Full\installservices.exe
C:\222c25ed\IE8-Setup-Full\ginstallservices.ico
C:\Python27\python.exe
C:\Python27\gpython.ico
C:\Python27\python2.7.exe
C:\Python27\gpython2.7.ico
C:\Python27\python2.exe
C:\Python27\gpython2.ico
C:\Python27\pythonw.exe
C:\Python27\gpythonw.ico
C:\Python27\pythonw2.7.exe
C:\Python27\gpythonw2.7.ico
C:\Python27\pythonw2.exe
Opis zachowania:覆盖已有文件
Szczegóły:C:\RCX3.tmp
C:\222c25ed\IE8-Setup-Full\RCX4.tmp
C:\Python27\RCX5.tmp
C:\Python27\RCX6.tmp
C:\Python27\RCX7.tmp
C:\Python27\RCX8.tmp
C:\Python27\RCX9.tmp
C:\Python27\RCXA.tmp
C:\Python27\Lib\site-packages\pythonwin\RCXB.tmp
C:\WINDOWS\RCXC.tmp
C:\WINDOWS\RCXD.tmp
C:\WINDOWS\RCXE.tmp
C:\WINDOWS\RCXF.tmp
C:\WINDOWS\RCX10.tmp
C:\WINDOWS\RCX11.tmp
Opis zachowania:查找文件
Szczegóły:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\Program Files
FileName = C:\*.exe*
FileName = C:\*.*
FileName = C:\222c25ed\*.exe*
FileName = C:\222c25ed\*.*
FileName = C:\222c25ed\IE8-Setup-Full\*.exe*
FileName = C:\222c25ed\IE8-Setup-Full\*.*
FileName = C:\222c25ed\IE8-Setup-Full\log\*.exe*
FileName = C:\222c25ed\IE8-Setup-Full\log\*.*
FileName = C:\AnalyzeControl\*.exe*
FileName = C:\AnalyzeControl\*.*
FileName = C:\DiskD\*.exe*
Opis zachowania:设置特殊文件属性
Szczegóły:C:\ginstall.exe
C:\222c25ed\IE8-Setup-Full\gIE-REDIST.EXE
C:\222c25ed\IE8-Setup-Full\ginstallservices.exe
C:\Python27\gpython.exe
C:\Python27\gpython2.7.exe
C:\Python27\gpython2.exe
C:\Python27\gpythonw.exe
C:\Python27\gpythonw2.7.exe
C:\Python27\gpythonw2.exe
C:\Python27\gw9xpopen.exe
C:\Python27\Lib\distutils\command\gwininst-6.0.exe
C:\Python27\Lib\distutils\command\gwininst-7.1.exe
C:\Python27\Lib\distutils\command\gwininst-8.0.exe
C:\Python27\Lib\distutils\command\gwininst-9.0-amd64.exe
C:\Python27\Lib\distutils\command\gwininst-9.0.exe
Opis zachowania:重命名文件
Szczegóły:C:\install.exe ---> C:\ginstall.exe
C:\RCX3.tmp ---> C:\install.exe
C:\222c25ed\IE8-Setup-Full\IE-REDIST.EXE ---> C:\222c25ed\IE8-Setup-Full\gIE-REDIST.EXE
C:\222c25ed\IE8-Setup-Full\installservices.exe ---> C:\222c25ed\IE8-Setup-Full\ginstallservices.exe
C:\222c25ed\IE8-Setup-Full\RCX4.tmp ---> C:\222c25ed\IE8-Setup-Full\installservices.exe
C:\Python27\python.exe ---> C:\Python27\gpython.exe
C:\Python27\RCX5.tmp ---> C:\Python27\python.exe
C:\Python27\python2.7.exe ---> C:\Python27\gpython2.7.exe
C:\Python27\RCX6.tmp ---> C:\Python27\python2.7.exe
C:\Python27\python2.exe ---> C:\Python27\gpython2.exe
C:\Python27\RCX7.tmp ---> C:\Python27\python2.exe
C:\Python27\pythonw.exe ---> C:\Python27\gpythonw.exe
C:\Python27\RCX8.tmp ---> C:\Python27\pythonw.exe
C:\Python27\pythonw2.7.exe ---> C:\Python27\gpythonw2.7.exe
C:\Python27\RCX9.tmp ---> C:\Python27\pythonw2.7.exe
Opis zachowania:修改文件内容
Szczegóły:C:\Documents and Settings\Administrator\Application Data\Ground.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Ground.exe ---> Offset = 1024
C:\Documents and Settings\Administrator\Application Data\Ground.exe ---> Offset = 2048
C:\Documents and Settings\Administrator\Application Data\Ground.exe ---> Offset = 3072
C:\Documents and Settings\Administrator\Application Data\Ground.exe ---> Offset = 4096
C:\install.exe ---> Offset = 0
C:\install.exe ---> Offset = 1024
C:\install.exe ---> Offset = 2048
C:\install.exe ---> Offset = 3072
C:\install.exe ---> Offset = 4096
C:\ginstall.ico ---> Offset = 0
C:\RCX3.tmp ---> Offset = 0
C:\RCX3.tmp ---> Offset = 864
C:\RCX3.tmp ---> Offset = 1024
C:\RCX3.tmp ---> Offset = 5120
Zachowanie rejestru
Opis zachowania:修改注册表
Szczegóły:\REGISTRY\MACHINE\SOFTWARE\Ground\Ground
Inne zachowanie
Opis zachowania:创建互斥体
Szczegóły:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Paint
Opis zachowania:调整进程token权限
Szczegóły:SE_LOAD_DRIVER_PRIVILEGE
Opis zachowania:打开事件
Szczegóły:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
Opis zachowania:可执行文件签名信息
Szczegóły:C:\Documents and Settings\Administrator\Application Data\Ground.exe(签名验证: 未通过)
C:\install.exe(签名验证: 未通过)
C:\RCX3.tmp(签名验证: 未通过)
C:\222c25ed\IE8-Setup-Full\IE-REDIST.EXE(签名验证: 未通过)
C:\222c25ed\IE8-Setup-Full\installservices.exe(签名验证: 未通过)
C:\222c25ed\IE8-Setup-Full\RCX4.tmp(签名验证: 未通过)
C:\Python27\python.exe(签名验证: 未通过)
C:\Python27\RCX5.tmp(签名验证: 未通过)
C:\Python27\python2.7.exe(签名验证: 未通过)
C:\Python27\RCX6.tmp(签名验证: 未通过)
C:\Python27\python2.exe(签名验证: 未通过)
C:\Python27\RCX7.tmp(签名验证: 未通过)
C:\Python27\pythonw.exe(签名验证: 未通过)
C:\Python27\RCX8.tmp(签名验证: 未通过)
C:\Python27\pythonw2.7.exe(签名验证: 未通过)
Opis zachowania:可执行文件MD5
Szczegóły:C:\Documents and Settings\Administrator\Application Data\Ground.exe ---> 781dde2c9f23f4f2e4a55fcfac3ca342
C:\install.exe ---> 781dde2c9f23f4f2e4a55fcfac3ca342
C:\RCX3.tmp ---> 9fc40740717d5d874777f5fdfd686705
C:\222c25ed\IE8-Setup-Full\IE-REDIST.EXE ---> 781dde2c9f23f4f2e4a55fcfac3ca342
C:\222c25ed\IE8-Setup-Full\installservices.exe ---> 781dde2c9f23f4f2e4a55fcfac3ca342
C:\222c25ed\IE8-Setup-Full\RCX4.tmp ---> d63264f8c7ae0c764e7c5e87a292f589
C:\Python27\python.exe ---> 781dde2c9f23f4f2e4a55fcfac3ca342
C:\Python27\RCX5.tmp ---> 06be40f2ac0c85b6ff527f5bdf1b6872
C:\Python27\python2.7.exe ---> 781dde2c9f23f4f2e4a55fcfac3ca342
C:\Python27\RCX6.tmp ---> 06be40f2ac0c85b6ff527f5bdf1b6872
C:\Python27\python2.exe ---> 781dde2c9f23f4f2e4a55fcfac3ca342
C:\Python27\RCX7.tmp ---> 06be40f2ac0c85b6ff527f5bdf1b6872
C:\Python27\pythonw.exe ---> 781dde2c9f23f4f2e4a55fcfac3ca342
C:\Python27\RCX8.tmp ---> 06be40f2ac0c85b6ff527f5bdf1b6872
C:\Python27\pythonw2.7.exe ---> 781dde2c9f23f4f2e4a55fcfac3ca342
Opis zachowania:打开互斥体
Szczegóły:ShimCacheMutex
Paint
Opis zachowania:查找文件方式探测虚拟机
Szczegóły:FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序\Oracle VM VirtualBox Guest Additions\*.exe*
FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序\Oracle VM VirtualBox Guest Additions\*.*
FindFirstFileEx: FileName = C:\WINDOWS\Temp\vmware-SYSTEM\*.exe*
FindFirstFileEx: FileName = C:\WINDOWS\Temp\vmware-SYSTEM\*.*
Uruchom zrzut ekranu
VirSCAN

O VirSCAN | Polityka prywatności | Kontakt z nami | Przyjazny link | Pomóż VirSCAN
Przetłumaczony przez Łukasz 'ZeeWolf' Kieres, Polska
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号