VirSCAN VirSCAN

1, Você pode enviar qualquer arquivo, porém com um limite de 20Mb por arquivo.
2, VirSCAN suporta arquivos Rar/Zip, porém ele deve conter menos que 20 arquivos.
3, VirSCAN consegue verificar arquivos compactados com senha 'infected' ou 'virus'.

Idioma
Carga do sistema
Server Load

Informação de arquivo
Classificação de segurança:77
Lista de comportamento
Informação básica
MD5:a1ac0924166f89bbdc572a29f1c202d2
Tipo de arquivo:EXE
Empresa de produção:Oracle Corporation
Versão:2.8.141.15---2.8.141.15
Informações sobre shell ou compilador:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [Overlay] *
Comportamento chave
Descrição do comportamento:设置特殊文件夹属性
Detalhes:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Comportamento de processo
Descrição do comportamento:创建本地线程
Detalhes:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2472, ThreadID = 2484, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2472, ThreadID = 2516, StartAddress = 0040B522, Parameter = 0012C6D0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2472, ThreadID = 2668, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2472, ThreadID = 2672, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2472, ThreadID = 2676, StartAddress = 7C949B6F, Parameter = 00000000
Comportamento de arquivos
Descrição do comportamento:设置特殊文件夹属性
Detalhes:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Descrição do comportamento:修改文件内容
Detalhes:C:\Documents and Settings\Administrator\Local Settings\Temp\jusched.log ---> Offset = 80308
C:\Documents and Settings\Administrator\Local Settings\Temp\jusched.log ---> Offset = 80436
C:\Documents and Settings\Administrator\Local Settings\Temp\jusched.log ---> Offset = 80589
C:\Documents and Settings\Administrator\Local Settings\Temp\jusched.log ---> Offset = 80817
C:\Documents and Settings\Administrator\Local Settings\Temp\jusched.log ---> Offset = 81024
C:\Documents and Settings\Administrator\Local Settings\Temp\jusched.log ---> Offset = 81241
C:\Documents and Settings\Administrator\Local Settings\Temp\jusched.log ---> Offset = 81450
C:\Documents and Settings\Administrator\Local Settings\Temp\jusched.log ---> Offset = 81655
C:\Documents and Settings\Administrator\Local Settings\Temp\jusched.log ---> Offset = 81907
C:\Documents and Settings\Administrator\Local Settings\Temp\jusched.log ---> Offset = 82135
C:\Documents and Settings\Administrator\Local Settings\Temp\jusched.log ---> Offset = 82322
C:\Documents and Settings\Administrator\Local Settings\Temp\jusched.log ---> Offset = 82480
C:\Documents and Settings\Administrator\Local Settings\Temp\jusched.log ---> Offset = 82675
C:\Documents and Settings\Administrator\Local Settings\Temp\jusched.log ---> Offset = 82898
C:\Documents and Settings\Administrator\Local Settings\Temp\jusched.log ---> Offset = 83051
Descrição do comportamento:查找文件
Detalhes:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates\*
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs\*
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs\*
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
Comportamento de rede
Descrição do comportamento:连接指定站点
Detalhes:InternetConnectA: ServerName = ja****om, PORT = 443, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
Descrição do comportamento:打开HTTP连接
Detalhes:InternetOpenA: UserAgent: jupdate, hSession = 0x00cc0004
Descrição do comportamento:建立到一个指定的套接字连接
Detalhes:URL: ja****om, IP: **.133.40.**:443, SOCKET = 0x000002ac
Descrição do comportamento:打开HTTP请求
Detalhes:HttpOpenRequestA: ja****om:443/update/1.7.0/map-m-1.7.0.xml, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x04c00200
Descrição do comportamento:按名称获取主机地址
Detalhes:GetAddrInfoW: ja****om
Comportamento do registro
Descrição do comportamento:修改注册表
Detalhes:\REGISTRY\MACHINE\SOFTWARE\JavaSoft\Java Update\Policy\jucheck\LastUpdateBeginTime
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\MACHINE\SOFTWARE\JavaSoft\Java Update\Policy\jucheck\LastUDCheckTime
\REGISTRY\MACHINE\SOFTWARE\JavaSoft\Java Update\Policy\jucheck\LastUpdateFinishTime
Descrição do comportamento:删除注册表键值
Detalhes:\REGISTRY\MACHINE\SOFTWARE\JavaSoft\Java Update\Policy\jucheck\LocalFileName
\REGISTRY\MACHINE\SOFTWARE\JavaSoft\Java Update\Policy\jucheck\InstallOptions
\REGISTRY\MACHINE\SOFTWARE\JavaSoft\Java Update\Policy\jucheck\UpdateDescription
\REGISTRY\MACHINE\SOFTWARE\JavaSoft\Java Update\Policy\jucheck\UpdateTitle1
\REGISTRY\MACHINE\SOFTWARE\JavaSoft\Java Update\Policy\jucheck\UpdateTitle2
\REGISTRY\MACHINE\SOFTWARE\JavaSoft\Java Update\Policy\jucheck\UpdateMoreInfoUrl
\REGISTRY\MACHINE\SOFTWARE\JavaSoft\Java Update\Policy\jucheck\BalloonTitle
\REGISTRY\MACHINE\SOFTWARE\JavaSoft\Java Update\Policy\jucheck\BalloonTip
\REGISTRY\MACHINE\SOFTWARE\JavaSoft\Java Update\Policy\jucheck\DlgCaption
\REGISTRY\MACHINE\SOFTWARE\JavaSoft\Java Update\Policy\jucheck\MoreInfoTxt
\REGISTRY\MACHINE\SOFTWARE\JavaSoft\Java Update\Policy\jucheck\PreDownld
\REGISTRY\MACHINE\SOFTWARE\JavaSoft\Java Update\Policy\jucheck\UrlInfo
\REGISTRY\MACHINE\SOFTWARE\JavaSoft\Java Update\Policy\jucheck\NumTries
\REGISTRY\MACHINE\SOFTWARE\JavaSoft\Java Update\Policy\jucheck\LastUDCheckTime
\REGISTRY\MACHINE\SOFTWARE\JavaSoft\Java Update\Policy\jucheck\VersionXmlChecksum
Outro comportamento
Descrição do comportamento:创建互斥体
Detalhes:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
SunJavaUpdateCheckerMutex
RasPbFile
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.MKJ
Descrição do comportamento:创建事件对象
Detalhes:EventName = Global\crypt32LogoffEvent
EventName = SunJavaUpdateShutdownEvent
EventName = SunJavaUpdateRecheckUpdateEvent
EventName = Global\userenv: User Profile setup event
EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.MKJ.IC
EventName = MSCTF.SendReceiveConection.Event.MKJ.IC
Descrição do comportamento:查找指定窗口
Detalhes:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Descrição do comportamento:窗口信息
Detalhes:Pid = 2472, Hwnd=0x10344, Text = 确定, ClassName = Button.
Pid = 2472, Hwnd=0x10346, Text = 遇到未知错误: HTTP 状态代码 = 0, ClassName = Static.
Pid = 2472, Hwnd=0x50340, Text = 未知错误 - Java Update, ClassName = #32770.
Pid = 2472, Hwnd=0x20344, Text = 确定, ClassName = Button.
Pid = 2472, Hwnd=0x20348, Text = 无法下载所需安装文件。, ClassName = Static.
Pid = 2472, Hwnd=0x60340, Text = 错误 - Java Update, ClassName = #32770.
Descrição do comportamento:打开事件
Detalhes:HookSwitchHookEnabledEvent
Global\crypt32LogoffEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
\INSTALLATION_SECURITY_HOLD
Global\SvcctrlStartEvent_A3752DX
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Descrição do comportamento:隐藏指定窗口
Detalhes:[Window,Class] = [JavaUpdate SysTray Icon,CDownloadTracker 00400000]
Descrição do comportamento:打开互斥体
Detalhes:ShimCacheMutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
RasPbFile
Local\!IETld!Mutex
Executar captura de tela
VirSCAN

Sobre o VirSCAN | Política de Privacidade | Contate-nos | Link amigável | Ajude o VirSCAN
Traduzido por Luis A S C Junior, (Brasil)
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号