VirSCAN VirSCAN

1, Você pode enviar qualquer arquivo, porém com um limite de 20Mb por arquivo.
2, VirSCAN suporta arquivos Rar/Zip, porém ele deve conter menos que 20 arquivos.
3, VirSCAN consegue verificar arquivos compactados com senha 'infected' ou 'virus'.

Idioma
Carga do sistema
Server Load

Informação de arquivo
Classificação de segurança:79
Lista de comportamento
Informação básica
MD5:53e5ca7efdaf1e95fbe9e498b6704843
Tipo de arquivo:EXE
Empresa de produção:
Versão:
Informações sobre shell ou compilador:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [Overlay] *
Comportamento chave
Descrição do comportamento:跨进程写入数据
Detalhes:TargetProcess = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe, WriteAddress = 0x00040000, Size = 0x00000020 TargetPID = 0x00000c70
TargetProcess = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe, WriteAddress = 0x00040020, Size = 0x00000034 TargetPID = 0x00000c70
TargetProcess = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe, WriteAddress = 0x7ffd9238, Size = 0x00000004 TargetPID = 0x00000c70
Descrição do comportamento:直接获取CPU时钟
Detalhes:EAX = 0x0defbe4c, EDX = 0x0000039d
EAX = 0x80809986, EDX = 0x0000039d
Comportamento de processo
Descrição do comportamento:创建进程
Detalhes:[0x00000c70]ImagePath = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe, CmdLine = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe
Descrição do comportamento:跨进程写入数据
Detalhes:TargetProcess = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe, WriteAddress = 0x00040000, Size = 0x00000020 TargetPID = 0x00000c70
TargetProcess = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe, WriteAddress = 0x00040020, Size = 0x00000034 TargetPID = 0x00000c70
TargetProcess = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe, WriteAddress = 0x7ffd9238, Size = 0x00000004 TargetPID = 0x00000c70
Comportamento de arquivos
Descrição do comportamento:创建文件
Detalhes:C:\Users\Administrator\AppData\Local\Temp\_MEI30642\M1Tool.exe.manifest
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\Microsoft.VC90.CRT.manifest
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\PyCSC.pycsc.pyd
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\_hashlib.pyd
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\bz2.pyd
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\msvcm90.dll
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\msvcp90.dll
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\msvcr90.dll
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\python27.dll
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\select.pyd
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\unicodedata.pyd
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\wx._adv.pyd
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\wx._aui.pyd
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\wx._core.pyd
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\wx.siplib.pyd
Descrição do comportamento:创建可执行文件
Detalhes:C:\Users\Administrator\AppData\Local\Temp\_MEI30642\PyCSC.pycsc.pyd
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\_hashlib.pyd
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\bz2.pyd
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\msvcm90.dll
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\msvcp90.dll
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\msvcr90.dll
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\python27.dll
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\select.pyd
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\unicodedata.pyd
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\wx._adv.pyd
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\wx._aui.pyd
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\wx._core.pyd
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\wx.siplib.pyd
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\wxbase30u_net_vc90.dll
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\wxbase30u_vc90.dll
Descrição do comportamento:修改文件内容
Detalhes:C:\Users\Administrator\AppData\Local\Temp\_MEI30642\M1Tool.exe.manifest ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\Microsoft.VC90.CRT.manifest ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\PyCSC.pycsc.pyd ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\_hashlib.pyd ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\bz2.pyd ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\bz2.pyd ---> Offset = 69632
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\msvcm90.dll ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\msvcp90.dll ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\msvcp90.dll ---> Offset = 569344
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\msvcr90.dll ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\msvcr90.dll ---> Offset = 651264
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\python27.dll ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\python27.dll ---> Offset = 2646016
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\select.pyd ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\select.pyd ---> Offset = 8192
Descrição do comportamento:查找文件
Detalhes:FileName = C:\Users
FileName = C:\Users\ADMINI~1
FileName = C:\Users\ADMINI~1\AppData
FileName = C:\Users\ADMINI~1\AppData\Local
FileName = C:\Users\ADMINI~1\AppData\Local\Temp
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\_MEI30642\MSVCR90.dll
FileName = C:\Users\Administrator\AppData\Local\Temp\_MEI30642\Microsoft.VC90.CRT.manifest
FileName = C:\Users\Administrator
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\_MEI30642
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\_MEI30~1
FileName = C:\Users\ADMINI~1\AppData\Local\%temp%
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\_MEI30~1\*.*
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\_MEI30~1\encodings
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\_MEI30~1\wx
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\_MEI30~1\MSVCR90.dll
Outro comportamento
Descrição do comportamento:检测自身是否被调试
Detalhes:IsDebuggerPresent
Descrição do comportamento:隐藏指定窗口
Detalhes:[Window,Class] = [panel,wxWindowNR]
Descrição do comportamento:打开互斥体
Detalhes:Local\MSCTF.Asm.MutexDefault1
Descrição do comportamento:窗口信息
Detalhes:Pid = 3184, Hwnd=0xa023e, Text = panel, ClassName = wxWindowNR.
Pid = 3184, Hwnd=0x90180, Text = panel, ClassName = wxWindowNR.
Pid = 3184, Hwnd=0x902fa, Text = panel, ClassName = wxWindowNR.
Pid = 3184, Hwnd=0xa01ee, Text = panel, ClassName = wxWindowNR.
Pid = 3184, Hwnd=0x902ca, Text = Ready, ClassName = msctls_statusbar32.
Pid = 3184, Hwnd=0x10022e, Text = M1写卡工具, ClassName = wxWindowNR.
Descrição do comportamento:打开事件
Detalhes:HookSwitchHookEnabledEvent
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
\KernelObjects\SystemErrorPortReady
Descrição do comportamento:可执行文件签名信息
Detalhes:C:\Users\Administrator\AppData\Local\Temp\_MEI30642\PyCSC.pycsc.pyd(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\bz2.pyd(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\msvcm90.dll(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\_hashlib.pyd(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\msvcp90.dll(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\msvcr90.dll(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\python27.dll(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\select.pyd(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\unicodedata.pyd(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\wx._adv.pyd(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\wx._aui.pyd(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\wx.siplib.pyd(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\wx._core.pyd(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\wxbase30u_net_vc90.dll(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\wxbase30u_vc90.dll(签名验证: 未通过)
Descrição do comportamento:可执行文件MD5
Detalhes:C:\Users\Administrator\AppData\Local\Temp\_MEI30642\PyCSC.pycsc.pyd ---> 89c1c6d9c0cd76a84b1e822dcc0ec2a3
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\bz2.pyd ---> 8f0e80d06b6b6942f2b34a0eee5badb7
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\msvcm90.dll ---> fe419df303a1f7b1dc63c9b9a90bb08c
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\_hashlib.pyd ---> c1d6193563fc8a01e0553746094bad09
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\msvcp90.dll ---> 989d61bcb56ce788d7c39d59b83838e7
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\msvcr90.dll ---> 60847d262410edcc17decebcdbb2f320
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\select.pyd ---> 0a734bbcde69d7a780f5991558588dd0
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\python27.dll ---> 8fe90a20ab158f505e45dcd1f63af201
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\unicodedata.pyd ---> 901ae11d5e7648350343469a92fad606
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\wx._adv.pyd ---> 5a361c59718d99c694de890814305583
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\wx._aui.pyd ---> 39853ec5206ac2c0a10e726d378bdc8f
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\wx._core.pyd ---> 文件过大!
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\wx.siplib.pyd ---> f771bdbc66c133c27c79dd92f64e7644
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\wxbase30u_net_vc90.dll ---> 6629a53928cd2090e6b74a18a6d28ca3
C:\Users\Administrator\AppData\Local\Temp\_MEI30642\wxbase30u_vc90.dll ---> a0b2846d8092e8f3cbc2b1e0deec0ac0
Descrição do comportamento:直接获取CPU时钟
Detalhes:EAX = 0x0defbe4c, EDX = 0x0000039d
EAX = 0x80809986, EDX = 0x0000039d
Descrição do comportamento:加载新释放的文件
Detalhes:Image: C:\Users\ADMINI~1\AppData\Local\Temp\_MEI30642\python27.dll.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\_MEI30642\msvcr90.dll.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\_MEI30~1\wx._core.pyd.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\_MEI30~1\wxbase30u_vc90.dll.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\_MEI30~1\msvcp90.dll.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\_MEI30~1\wxbase30u_net_vc90.dll.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\_MEI30~1\wxmsw30u_core_vc90.dll.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\_MEI30~1\wx.siplib.pyd.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\_MEI30~1\wx._aui.pyd.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\_MEI30~1\wxmsw30u_aui_vc90.dll.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\_MEI30~1\PyCSC.pycsc.pyd.
Executar captura de tela
VirSCAN

Sobre o VirSCAN | Política de Privacidade | Contate-nos | Link amigável | Ajude o VirSCAN
Traduzido por Luis A S C Junior, (Brasil)
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号