VirSCAN VirSCAN

1, Możesz wysyłać dowolne pliki, ale nie większe niż 20Mb.
2, VirSCAN obsługuje dekompresję Rar/Zip, ale archiwum musi zawierać mniej niż 20 plików.
3, VirSCAN może skanować pliki skompresowane i zaszyfrowane hasłem "infected" lub "virus".

Język
Obciążenie serwera
Server Load

Informacje o pliku
Ocena bezpieczeństwa:78
Lista zachowań
Podstawowe informacje
MD5:908d6d9b55027e0823df08c020074f2a
Typ pliku:EXE
Firma produkcyjna:
Wersja:0.0.0.0---
Informacje o powłoce lub kompilatorze:COMPILER:Borland Delphi 6.0 - 7.0 [Overlay]
Informacje o segregatorze:DefItemName_29572ac4dumpFile / dae5ed5f828c64e0a2adc0a98a08ca46 / DLL
Kluczowe zachowanie
Opis zachowania:屏蔽窗口关闭消息
Szczegóły:hWnd = 0x00010344, Text = Установка, ClassName = TApplication.
Opis zachowania:查找PE资源信息
Szczegóły:(FindResourceW) hModule = 0x00400000, ResName: SHFOLDERDLL, ResType: a(ID)
Opis zachowania:获取TickCount值
Szczegóły:TickCount = 242550, SleepMilliseconds = 50.
TickCount = 242612, SleepMilliseconds = 50.
TickCount = 242675, SleepMilliseconds = 50.
TickCount = 242737, SleepMilliseconds = 50.
TickCount = 242800, SleepMilliseconds = 50.
TickCount = 242862, SleepMilliseconds = 50.
TickCount = 242925, SleepMilliseconds = 50.
TickCount = 242987, SleepMilliseconds = 50.
TickCount = 243050, SleepMilliseconds = 50.
TickCount = 243112, SleepMilliseconds = 50.
TickCount = 243175, SleepMilliseconds = 50.
TickCount = 243237, SleepMilliseconds = 50.
TickCount = 243300, SleepMilliseconds = 50.
TickCount = 243362, SleepMilliseconds = 50.
TickCount = 243425, SleepMilliseconds = 50.
Zachowanie procesowe
Opis zachowania:创建本地线程
Szczegóły:TargetProcess: 996E.tmp, InheritedFromPID = 2588, ProcessID = 2696, ThreadID = 2804, StartAddress = 4AEA7456, Parameter = 00000000
Opis zachowania:创建新文件进程
Szczegóły:[0x00000a88]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-600M0.tmp\996E.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-600M0.tmp\996E.tmp" /SL5="$1033C,1958267,478720,C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe"
Zachowanie pliku
Opis zachowania:创建文件
Szczegóły:C:\Documents and Settings\Administrator\Local Settings\Temp\is-600M0.tmp\996E.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\_isetup\_shfoldr.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\ISDone.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\isskin.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\b2p.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\botva2.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\CallbackCtrl.dll
Opis zachowania:删除文件
Szczegóły:C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\b2p.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\botva2.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\CallbackCtrl.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\ISDone.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\isskin.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\_isetup\_shfoldr.dll
Opis zachowania:创建可执行文件
Szczegóły:C:\Documents and Settings\Administrator\Local Settings\Temp\is-600M0.tmp\996E.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\_isetup\_shfoldr.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\ISDone.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\isskin.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\b2p.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\botva2.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\CallbackCtrl.dll
Opis zachowania:修改文件内容
Szczegóły:C:\Documents and Settings\Administrator\Local Settings\Temp\is-600M0.tmp\996E.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\is-600M0.tmp\996E.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\is-600M0.tmp\996E.tmp ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\is-600M0.tmp\996E.tmp ---> Offset = 196608
C:\Documents and Settings\Administrator\Local Settings\Temp\is-600M0.tmp\996E.tmp ---> Offset = 262144
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\_isetup\_shfoldr.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\ISDone.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\ISDone.dll ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\ISDone.dll ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\ISDone.dll ---> Offset = 196608
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\ISDone.dll ---> Offset = 262144
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\isskin.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\isskin.dll ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\isskin.dll ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\isskin.dll ---> Offset = 196608
Opis zachowania:查找文件
Szczegóły:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-600M0.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-600M0.tmp\996E.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-JSAJ5.tmp\*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-JSAJ5.tmp\_isetup\*
Inne zachowanie
Opis zachowania:创建互斥体
Szczegóły:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.MIK
Opis zachowania:隐藏指定窗口
Szczegóły:[Window,Class] = [,ComboLBox]
Opis zachowania:查找指定窗口
Szczegóły:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Opis zachowania:枚举窗口
Szczegóły:N/A
Opis zachowania:获取TickCount值
Szczegóły:TickCount = 242550, SleepMilliseconds = 50.
TickCount = 242612, SleepMilliseconds = 50.
TickCount = 242675, SleepMilliseconds = 50.
TickCount = 242737, SleepMilliseconds = 50.
TickCount = 242800, SleepMilliseconds = 50.
TickCount = 242862, SleepMilliseconds = 50.
TickCount = 242925, SleepMilliseconds = 50.
TickCount = 242987, SleepMilliseconds = 50.
TickCount = 243050, SleepMilliseconds = 50.
TickCount = 243112, SleepMilliseconds = 50.
TickCount = 243175, SleepMilliseconds = 50.
TickCount = 243237, SleepMilliseconds = 50.
TickCount = 243300, SleepMilliseconds = 50.
TickCount = 243362, SleepMilliseconds = 50.
TickCount = 243425, SleepMilliseconds = 50.
Opis zachowania:打开事件
Szczegóły:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Opis zachowania:屏蔽窗口关闭消息
Szczegóły:hWnd = 0x00010344, Text = Установка, ClassName = TApplication.
Opis zachowania:窗口信息
Szczegóły:Pid = 2696, Hwnd=0x1035c, Text = Install, ClassName = Button.
Pid = 2696, Hwnd=0x1035e, Text = Close, ClassName = Button.
Opis zachowania:查找PE资源信息
Szczegóły:(FindResourceW) hModule = 0x00400000, ResName: SHFOLDERDLL, ResType: a(ID)
Opis zachowania:可执行文件签名信息
Szczegóły:C:\Documents and Settings\Administrator\Local Settings\Temp\is-600M0.tmp\996E.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\_isetup\_shfoldr.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\ISDone.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\isskin.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\b2p.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\botva2.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\CallbackCtrl.dll(签名验证: 未通过)
Opis zachowania:调用Sleep函数
Szczegóły:[1]: MilliSeconds = 50.
[2]: MilliSeconds = 50.
[3]: MilliSeconds = 50.
[4]: MilliSeconds = 50.
[5]: MilliSeconds = 50.
[6]: MilliSeconds = 50.
[7]: MilliSeconds = 50.
[8]: MilliSeconds = 50.
[9]: MilliSeconds = 50.
[10]: MilliSeconds = 50.
[2]: MilliSeconds = 250.
[3]: MilliSeconds = 250.
[4]: MilliSeconds = 250.
[5]: MilliSeconds = 250.
[6]: MilliSeconds = 250.
Opis zachowania:创建事件对象
Szczegóły:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.MIK.IC
EventName = MSCTF.SendReceiveConection.Event.MIK.IC
Opis zachowania:可执行文件MD5
Szczegóły:C:\Documents and Settings\Administrator\Local Settings\Temp\is-600M0.tmp\996E.tmp ---> b9268971a159b3db2dd7f527c0285486
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\_isetup\_shfoldr.dll ---> 92dc6ef532fbb4a5c3201469a5b5eb63
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\ISDone.dll ---> 4feafa8b5e8cdb349125c8af0ac43974
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\isskin.dll ---> 92c2e247392e0e02261dea67e1bb1a5e
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\botva2.dll ---> 67965a5957a61867d661f05ae1f4773e
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\b2p.dll ---> dae5ed5f828c64e0a2adc0a98a08ca46
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JSAJ5.tmp\CallbackCtrl.dll ---> f07e819ba2e46a897cfabf816d7557b2
Opis zachowania:打开互斥体
Szczegóły:ShimCacheMutex
Opis zachowania:加载新释放的文件
Szczegóły:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-JSAJ5.tmp\ISDone.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-JSAJ5.tmp\isskin.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-JSAJ5.tmp\b2p.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-JSAJ5.tmp\botva2.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-JSAJ5.tmp\CallbackCtrl.dll.
Uruchom zrzut ekranu
VirSCAN

O VirSCAN | Polityka prywatności | Kontakt z nami | Przyjazny link | Pomóż VirSCAN
Przetłumaczony przez Łukasz 'ZeeWolf' Kieres, Polska
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号