VirSCAN VirSCAN

1, Você pode enviar qualquer arquivo, porém com um limite de 20Mb por arquivo.
2, VirSCAN suporta arquivos Rar/Zip, porém ele deve conter menos que 20 arquivos.
3, VirSCAN consegue verificar arquivos compactados com senha 'infected' ou 'virus'.

Idioma
Carga do sistema
Server Load

Informação de arquivo
Classificação de segurança:75
Lista de comportamento
Informação básica
MD5:a2de31c2e07baf5a476673f26c744ba6
Tipo de arquivo:Word
Empresa de produção:
Versão:
Informações sobre shell ou compilador:
Informacje o segregatorze:WordDocument / 6ddc1b2eaa0a6f91a4ee10026e58c57f / Unknown
1Table / c7c22daaa0ea8fee8aaa7343a1c0e520 / zip
Data / 69ac672470fb7f17ff546cfea5fb9bcc / Unknown
[5]DocumentSummaryInformation / b4994c636e22f1e48517e95fa5f468a3 / Unknown
[5]SummaryInformation / ce2ca9c4af68c36fbb56b2f793a0fb64 / Unknown
ThisDocument / a73ebab3074e92794febaccd71a0a144 / Unknown
_VBA_PROJECT / 724e777d8a012b1aa0e878d5f7ccfd96 / Unknown
__SRP_0 / 55a3618b00659be1352906a4be490670 / Unknown
dir / 4f2be8bfd327bf18c61338ff1c92741a / Unknown
PROJECT / 94355b7ef70892137dc7cb64b795fad1 / Unknown
__SRP_2 / 183f0cbe20b39fb7306748e92db57c11 / Unknown
[1]CompObj / b775180e24ef85cb8266f88ecfc9e5e8 / Unknown
__SRP_1 / be7fdbda11e723dceab74d19d0d06363 / Unknown
__SRP_3 / f30e28c27ce2ed144a7b526a3662addf / Unknown
PROJECTwm / 50affd080678cfdcd0b5fbbd2d9b79f1 / Unknown
Comportamento chave
Descrição do comportamento:写权限映射文件
Detalhes:CiceroSharedMemDefaultS-*
Local\Mso97SharedDg19211108221
PrimaryWord11SharedMemoryArea
Local\Mso97SharedDg20321108221
MSCTF.GCompartListSFM.DefaultS-*
DfSharedHeap3D5118
DFMap0-4018467
DfRoot0003D5118
DFMap0-4018491
MSCTF.MarshalInterface.FileMap.IJF..KBAIH
Local\Mso97SharedDg19521108221
Local\Mso97SharedDg19531108221
MSCTF.MarshalInterface.FileMap.IJF.B.KDAIH
MSCTF.MarshalInterface.FileMap.IJF.C.KDAIH
MSCTF.MarshalInterface.FileMap.IJF.D.KDAIH
Descrição do comportamento:隐藏指定窗口
Detalhes:[Window,Class] = [,ThunderRT6Main]
Comportamento de processo
Descrição do comportamento:枚举进程
Detalhes:N/A
Comportamento de arquivos
Descrição do comportamento:写权限映射文件
Detalhes:CiceroSharedMemDefaultS-*
Local\Mso97SharedDg19211108221
PrimaryWord11SharedMemoryArea
Local\Mso97SharedDg20321108221
MSCTF.GCompartListSFM.DefaultS-*
DfSharedHeap3D5118
DFMap0-4018467
DfRoot0003D5118
DFMap0-4018491
MSCTF.MarshalInterface.FileMap.IJF..KBAIH
Local\Mso97SharedDg19521108221
Local\Mso97SharedDg19531108221
MSCTF.MarshalInterface.FileMap.IJF.B.KDAIH
MSCTF.MarshalInterface.FileMap.IJF.C.KDAIH
MSCTF.MarshalInterface.FileMap.IJF.D.KDAIH
Descrição do comportamento:重命名文件
Detalhes:C:\Documents and Settings\Administrator\Application Data\Microsoft\Proof\~WRI0000 ---> C:\Documents and Settings\Administrator\Application Data\Microsoft\Proof\CUSTOM.DIC
Descrição do comportamento:创建可执行文件
Detalhes:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI3.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI4.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI5.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI6.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI7.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI8.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI9.tmp
Descrição do comportamento:修改文件内容
Detalhes:C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\~$Normal.dot---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\~$996E.doc---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\996E.LNK---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\index.dat---> Offset = 28
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\EB93A6.LNK---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Microsoft\Proof\CUSTOM.DIC---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Microsoft\Proof\~$CUSTOM.DIC---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Microsoft\Proof\~WRI0000---> Offset = 0
Descrição do comportamento:查找文件
Detalhes:FileName = C:\Program Files
FileName = C:\Program Files\Microsoft Office
FileName = C:\Program Files\Microsoft Office\OFFICE11\Normal.dot
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dot
FileName = C:\WINDOWS\system32\Normal.dot
FileName = C:\WINDOWS
FileName = C:\WINDOWS\WinSxS
FileName = C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\996E.doc
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
Comportamento do registro
Descrição do comportamento:修改注册表
Detalhes:\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\I{
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\I}
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\MTTT
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\7~
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\U~
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\~
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\3~
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\=
\REGISTRY\USER\S-1-5-21-117609710-688789844-839522115-500\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\
\REGISTRY\USER\S-1-5-21-117609710-688789844-839522115-500\Software\Microsoft\Office\11.0\Word\MTTT
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040210900063D11C8EF10054038389C\Usage\WORDFiles
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\TypeLib\Version
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000C0300-0000-0000-C000-000000000046}\TypeLib\Version
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000C0301-0000-0000-C000-000000000046}\TypeLib\Version
Descrição do comportamento:删除注册表键
Detalhes:\REGISTRY\USER\S-1-5-21-117609710-688789844-839522115-500\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems
Descrição do comportamento:删除注册表键值
Detalhes:\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\I}
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\7~
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\U~
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\~
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\3~
\REGISTRY\USER\S-1-5-21-117609710-688789844-839522115-500\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\G,
\REGISTRY\USER\S-1-5-21-117609710-688789844-839522115-500\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\A-
\REGISTRY\USER\S-1-5-21-117609710-688789844-839522115-500\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\
Outro comportamento
Descrição do comportamento:创建互斥体
Detalhes:Local\Mutex_MSOSharedMem
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\Mso97SharedDg19211108221Mutex
Local\Mso97SharedDg20321108221Mutex
MSCTF.GCompartListMUTEX.DefaultS-*
Local\Mso97SharedDg19521108221Mutex
Local\Mso97SharedDg19531108221Mutex
MSCTF.Shared.MUTEX.ELH
Local\Mso97SharedDg19541108221Mutex
MSCTF.Shared.MUTEX.IJF
Descrição do comportamento:隐藏指定窗口
Detalhes:[Window,Class] = [,ThunderRT6Main]
Descrição do comportamento:查找指定窗口
Detalhes:NtUserFindWindowEx: [Class,Window] = [MSOBALLOON,]
NtUserFindWindowEx: [Class,Window] = [MsoHelp10,]
NtUserFindWindowEx: [Class,Window] = [AgentAnim,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [MsoHelp11,]
Descrição do comportamento:获取系统权限
Detalhes:SE_LOAD_DRIVER_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
SE_INCREASE_QUOTA_PRIVILEGE
SE_CREATE_TOKEN_PRIVILEGE
Executar captura de tela
VirSCAN

Sobre o VirSCAN | Política de Privacidade | Contate-nos | Link amigável | Ajude o VirSCAN
Traduzido por Luis A S C Junior, (Brasil)
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号