VirSCAN VirSCAN

1, Możesz wysyłać dowolne pliki, ale nie większe niż 20Mb.
2, VirSCAN obsługuje dekompresję Rar/Zip, ale archiwum musi zawierać mniej niż 20 plików.
3, VirSCAN może skanować pliki skompresowane i zaszyfrowane hasłem "infected" lub "virus".

Język
Obciążenie serwera
Server Load

Informacje o pliku
Ocena bezpieczeństwa:50
Lista zachowań
Raport analizy zachowania:         Raport analizy zachowania pliku Threatbook
Podstawowe informacje
MD5:ab95ab2a7d1f35bca9eb8df1a5322f3d
Typ pliku:EXE
Firma produkcyjna:http://www.GeeM2.com
Wersja:2.0.0.54---2.0.0.54
Informacje o powłoce lub kompilatorze:PACKER:ASPack 2.12 -> Alexey Solodovnikov
Informacje o segregatorze:aspack22_0f0d0aa5dumpFile / 9b8628c75d8a28f2af46dc5f0561aaf5 / EXE
Kluczowe zachowanie
Opis zachowania:屏蔽窗口关闭消息
Szczegóły:hWnd = 0x00010342, Text = 数据库服务器-GeeM2 [C:\Documents and Settings\Administrator\Local Settings\%temp%\], ClassName = TFrmMain.
hWnd = 0x00010336, Text = 996e, ClassName = TApplication.
Opis zachowania:获取TickCount值
Szczegóły:TickCount = 217126, SleepMilliseconds = 1.
TickCount = 217188, SleepMilliseconds = 1.
TickCount = 217204, SleepMilliseconds = 1.
TickCount = 217219, SleepMilliseconds = 1.
TickCount = 217235, SleepMilliseconds = 1.
TickCount = 217251, SleepMilliseconds = 1.
TickCount = 217266, SleepMilliseconds = 1.
TickCount = 217282, SleepMilliseconds = 1.
TickCount = 217297, SleepMilliseconds = 1.
TickCount = 217313, SleepMilliseconds = 1.
TickCount = 217329, SleepMilliseconds = 1.
TickCount = 217344, SleepMilliseconds = 1.
TickCount = 217360, SleepMilliseconds = 1.
TickCount = 217376, SleepMilliseconds = 1.
TickCount = 217391, SleepMilliseconds = 1.
Zachowanie procesowe
Opis zachowania:创建本地线程
Szczegóły:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2588, ThreadID = 2600, StartAddress = 00404F64, Parameter = 00E55230
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2588, ThreadID = 2692, StartAddress = 719CD33A, Parameter = 00193310
Zachowanie pliku
Opis zachowania:创建文件
Szczegóły:C:\Documents and Settings\Administrator\Local Settings\%temp%\Log\2019-03-26.02-41.txt
C:\Documents and Settings\Administrator\Local Settings\%temp%\Dbsrc.ini
C:\Documents and Settings\Administrator\Local Settings\%temp%\!AddrTable.txt
C:\Documents and Settings\Administrator\Local Settings\%temp%\!ServerInfo.txt
C:\Documents and Settings\Administrator\Local Settings\%temp%\FilterNewHumanNameString.txt
C:\Documents and Settings\Administrator\Local Settings\%temp%\FilterRankingNameString.txt
Opis zachowania:修改文件内容
Szczegóły:C:\Documents and Settings\Administrator\Local Settings\%temp%\Log\2019-03-26.02-41.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\Dbsrc.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\Dbsrc.ini ---> Offset = 26
C:\Documents and Settings\Administrator\Local Settings\%temp%\!AddrTable.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\!ServerInfo.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\FilterNewHumanNameString.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\FilterRankingNameString.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\Log\2019-03-26.02-41.txt ---> Offset = 45
Opis zachowania:查找文件
Szczegóły:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\\Log\2019-03-26.02-41.txt
FileName = .\!AddrTable.txt
FileName = .\SelectID.txt
FileName = .\!ServerInfo.txt
FileName = .\!GateList.ini
FileName =
FileName = DenyChrName.txt
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\FilterNewHumanNameString.txt
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\FilterRankingNameString.txt
FileName = .\FDB\RoleData.db
Zachowanie sieci
Opis zachowania:建立到一个指定的套接字连接
Szczegóły:IP: **.0.0.**:5600, SOCKET = 0x00000110
Inne zachowanie
Opis zachowania:创建互斥体
Szczegóły:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.ACK
Opis zachowania:创建事件对象
Szczegóły:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.ACK.IC
EventName = MSCTF.SendReceiveConection.Event.ACK.IC
Opis zachowania:打开事件
Szczegóły:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Opis zachowania:查找指定窗口
Szczegóły:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
NtUserFindWindowEx: [Class,Window] = [MS_WINHELP,]
Opis zachowania:窗口信息
Szczegóły:Pid = 2588, Hwnd=0x1035c, Text = [2019-3-26 2:41:02] 正在启动数据库服务器... [2019-3-26 2:41:03] 正在启动服务器... [2019-3-26 2:41:04] unable to open database file , ClassName = TMemo.
Pid = 2588, Hwnd=0x10342, Text = 数据库服务器-GeeM2 [C:\Documents and Settings\Administrator\Local Settings\%temp%\], ClassName = TFrmMain.
Pid = 2588, Hwnd=0x10440, Text = 是(&Y), ClassName = Button.
Pid = 2588, Hwnd=0x10442, Text = 否(&N), ClassName = Button.
Pid = 2588, Hwnd=0x10446, Text = 是否确定退出数据库服务器?, ClassName = Static.
Pid = 2588, Hwnd=0x1043e, Text = 确认信息, ClassName = #32770.
Pid = 2588, Hwnd=0x60436, Text = 是(&Y), ClassName = Button.
Pid = 2588, Hwnd=0x20438, Text = 否(&N), ClassName = Button.
Pid = 2588, Hwnd=0x1043c, Text = 是否确定退出数据库服务器?, ClassName = Static.
Pid = 2588, Hwnd=0x403da, Text = 确认信息, ClassName = #32770.
Opis zachowania:获取TickCount值
Szczegóły:TickCount = 217126, SleepMilliseconds = 1.
TickCount = 217188, SleepMilliseconds = 1.
TickCount = 217204, SleepMilliseconds = 1.
TickCount = 217219, SleepMilliseconds = 1.
TickCount = 217235, SleepMilliseconds = 1.
TickCount = 217251, SleepMilliseconds = 1.
TickCount = 217266, SleepMilliseconds = 1.
TickCount = 217282, SleepMilliseconds = 1.
TickCount = 217297, SleepMilliseconds = 1.
TickCount = 217313, SleepMilliseconds = 1.
TickCount = 217329, SleepMilliseconds = 1.
TickCount = 217344, SleepMilliseconds = 1.
TickCount = 217360, SleepMilliseconds = 1.
TickCount = 217376, SleepMilliseconds = 1.
TickCount = 217391, SleepMilliseconds = 1.
Opis zachowania:获取光标位置
Szczegóły:CursorPos = (80,18468), SleepMilliseconds = 1.
CursorPos = (6373,26501), SleepMilliseconds = 1.
CursorPos = (19208,15725), SleepMilliseconds = 1.
CursorPos = (11517,29359), SleepMilliseconds = 1.
CursorPos = (27001,24465), SleepMilliseconds = 1.
CursorPos = (5744,28146), SleepMilliseconds = 1.
CursorPos = (23320,16828), SleepMilliseconds = 1.
CursorPos = (10000,492), SleepMilliseconds = 1.
CursorPos = (3034,11943), SleepMilliseconds = 1.
CursorPos = (4866,5437), SleepMilliseconds = 1.
CursorPos = (32430,14605), SleepMilliseconds = 1.
CursorPos = (3941,154), SleepMilliseconds = 1.
CursorPos = (331,12383), SleepMilliseconds = 1.
CursorPos = (17460,18717), SleepMilliseconds = 1.
CursorPos = (19757,19896), SleepMilliseconds = 1.
Opis zachowania:屏蔽窗口关闭消息
Szczegóły:hWnd = 0x00010342, Text = 数据库服务器-GeeM2 [C:\Documents and Settings\Administrator\Local Settings\%temp%\], ClassName = TFrmMain.
hWnd = 0x00010336, Text = 996e, ClassName = TApplication.
Opis zachowania:枚举窗口
Szczegóły:N/A
Opis zachowania:调用Sleep函数
Szczegóły:[1]: MilliSeconds = 1.
[2]: MilliSeconds = 1.
[3]: MilliSeconds = 1.
[4]: MilliSeconds = 1.
[5]: MilliSeconds = 1.
[6]: MilliSeconds = 1.
[7]: MilliSeconds = 1.
[8]: MilliSeconds = 1.
[9]: MilliSeconds = 1.
[10]: MilliSeconds = 1.
Opis zachowania:隐藏指定窗口
Szczegóły:[Window,Class] = [数据库服务器-GeeM2 [C:\Documents and Settings\Administrator\Local Settings\%temp%\],TFrmMain]
Opis zachowania:打开互斥体
Szczegóły:ShimCacheMutex
Uruchom zrzut ekranu
VirSCAN

O VirSCAN | Polityka prywatności | Kontakt z nami | Przyjazny link | Pomóż VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号