VirSCAN VirSCAN

1, Você pode enviar qualquer arquivo, porém com um limite de 20Mb por arquivo.
2, VirSCAN suporta arquivos Rar/Zip, porém ele deve conter menos que 20 arquivos.
3, VirSCAN consegue verificar arquivos compactados com senha 'infected' ou 'virus'.

Idioma
Carga do sistema
Server Load

Informação de arquivo
Classificação de segurança:60
Lista de comportamento
Informação básica
MD5:939d4902985418ea0990b22b1317472e
Tipo de arquivo:7z
Empresa de produção:Oleg N. Scherbakov
Versão:1.2.0.715---1, 2, 0, 715
Informações sobre shell ou compilador:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Informacje o segregatorze:adb.exe / 31cec1a6366c83c5240cb7b6a9236284 / EXE
1.apk / 7404bcee5b610a7aec2e23f8a862df4a / zip
Superuser.apk / a5f4510da7f7f0925743c4e0d8202849 / zip
busybox-armv6l / 89310129900f9d2ecd1c214378fea713 / ELF
busybox-armv6l / 26d429e0541c42684225a880dc331053 / ELF
busybox / 861d3e6771dc2005848817eb7410d830 / ELF
sh / a8e20a66939a26dfb524dc7844b1fde9 / ELF
2.apk / fe0d8e905ac97298cb7ae7b8e8928d0b / zip
fastboot.exe / 967f5ba1c1af6ff2f9f9142ec6824603 / EXE
su / 8cb84e26ec00c100f67556b815908645 / ELF
AdbWinApi.dll / 47a6ee3f186b2c2f5057028906bac0c6 / DLL
root.exe / 22f9a35e825fdd88392c3b7035f629fe / EXE
backup.tar / 02d82a93c11a27b0ad6a2a0ad77edfa2 / tar
AdbWinUsbApi.dll / 5f23f2f936bdfac90bb0a4970ad365cf / DLL
run_root_shell / 2c2d09180ef4e2e2015abc0af0f3c498 / ELF
usbux.ab / e2fbfa8abe4e256b175aca9262fd6d19 / Unknown
onLoadHook.c / da04932f5c4802ef35d696e6bffdc16b / Unknown
run.sh / 8e26b84e56e55bcc84557df3c68c55e8 / Unknown
step2.sh / 894da6b8db5f3e2b3c38d7b1a3c410ab / Unknown
Comportamento de processo
Descrição do comportamento:隐藏窗口创建进程
Detalhes:ImagePath = , CmdLine = cmd.exe /c c:\docume~1\admini~1\locals~1\temp\bt03875.bat "c:\docume~1\admini~1\locals~1\temp\7zipsfx.000\root.exe"
Descrição do comportamento:创建进程
Detalhes:ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd.exe /c C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bt03875.bat "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\root.exe"
Descrição do comportamento:创建新文件进程
Detalhes:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\root.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\root.exe"
Descrição do comportamento:枚举进程
Detalhes:N/A
Descrição do comportamento:创建本地线程
Detalhes:C:\Documents and Settings\Administrator\Local Settings\%temp%\1457835062.912696.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\1457835062.913021.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\1457835062.913343.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\1457835062.913660.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\root.exe
C:\WINDOWS\system32\cmd.exe
Descrição do comportamento:进程退出
Detalhes:N/A
Comportamento de arquivos
Descrição do comportamento:创建文件
Detalhes:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\busybox
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\mjs\busybox-armv6l
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\busybox-armv6l
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\doomed2
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\mjs\ric
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\ric
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\run_root_shell
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\sh
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\su
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\mjs\backup.tar
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\z_rootkit\src\onloadhook\jni\onLoadHook.c
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\doomed.sh
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\z_rootkit\getroot.sh
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\install-recovery.sh
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\z_rootkit\onload.sh
Descrição do comportamento:创建可执行文件
Detalhes:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\adb.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\fastboot.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\root.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\AdbWinApi.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\AdbWinUsbApi.dll
Descrição do comportamento:查找文件
Detalhes:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\root.exe
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\root.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data
Descrição do comportamento:删除文件
Detalhes:C:\Documents and Settings\Administrator\Local Settings\Temp\bt03875.bat
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\root.exe
Descrição do comportamento:修改BAT脚本文件
Detalhes:C:\Documents and Settings\Administrator\Local Settings\Temp\bt03875.bat ---> Offset = 0
Descrição do comportamento:修改文件内容
Detalhes:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\busybox ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\mjs\busybox-armv6l ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\busybox-armv6l ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\doomed2 ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\mjs\ric ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\ric ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\run_root_shell ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\sh ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\su ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\mjs\backup.tar ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\z_rootkit\src\onloadhook\jni\onLoadHook.c ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\doomed.sh ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\z_rootkit\getroot.sh ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\install-recovery.sh ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\z_rootkit\onload.sh ---> Offset = 0
Comportamento do registro
Descrição do comportamento:修改注册表
Detalhes:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\root.exe
Outro comportamento
Descrição do comportamento:创建互斥体
Detalhes:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
SHIMLIB_LOG_MUTEX
Descrição do comportamento:创建事件对象
Detalhes:EventName = Global\userenv: User Profile setup event
EventName = DINPUTWINMM
Descrição do comportamento:获取系统权限
Detalhes:SE_LOAD_DRIVER_PRIVILEGE
Descrição do comportamento:窗口信息
Detalhes:Pid = 2924, Hwnd=0x402a4, Text = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\root.exe, ClassName = ConsoleWindowClass.
Pid = 2924, Hwnd=0x402a4, Text = 超级鱼雷免解锁ROOT助手 android.zone.it.sohu.com, ClassName = ConsoleWindowClass.
Descrição do comportamento:可执行文件签名信息
Detalhes:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\adb.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\fastboot.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\root.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\AdbWinApi.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\AdbWinUsbApi.dll(签名验证: 未通过)
Descrição do comportamento:可执行文件MD5
Detalhes:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\adb.exe ---> 31cec1a6366c83c5240cb7b6a9236284
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\fastboot.exe ---> 967f5ba1c1af6ff2f9f9142ec6824603
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\root.exe ---> 22f9a35e825fdd88392c3b7035f629fe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\AdbWinApi.dll ---> 47a6ee3f186b2c2f5057028906bac0c6
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\yulei\AdbWinUsbApi.dll ---> 5f23f2f936bdfac90bb0a4970ad365cf
Executar captura de tela
VirSCAN

Sobre o VirSCAN | Política de Privacidade | Contate-nos | Link amigável | Ajude o VirSCAN
Traduzido por Luis A S C Junior, (Brasil)
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号