VirSCAN VirSCAN

1, Você pode enviar qualquer arquivo, porém com um limite de 20Mb por arquivo.
2, VirSCAN suporta arquivos Rar/Zip, porém ele deve conter menos que 20 arquivos.
3, VirSCAN consegue verificar arquivos compactados com senha 'infected' ou 'virus'.

Idioma
Carga do sistema
Server Load

Informação de arquivo
Classificação de segurança:80
Lista de comportamento
Relatório de análise de comportamento:         Relatório de análise de comportamento de arquivos da lista de ameaças
Informação básica
MD5:d6e08ccea8f3b182985240c4021e3dc8
Tipo de arquivo:EXE
Empresa de produção:逍遥阁软件本地化工作小组(JY.Culture)
Versão:1.1.2.4---1.1.2.4
Informações sobre shell ou compilador:COMPILER:Borland Delphi 2.0 [Overlay]
Comportamento chave
Descrição do comportamento:在桌面创建快捷方式
Detalhes:C:\Documents and Settings\Administrator\桌面\EXECryptor汉化本.lnk
Descrição do comportamento:隐藏指定窗口
Detalhes:[Window,Class] = [,ComboLBox]
Descrição do comportamento:按名称获取主机地址
Detalhes:file3.qqhelper.com
Comportamento de processo
Descrição do comportamento:创建新文件进程
Detalhes:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-I5V8K.tmp\is-4CLH0.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-I5V8K.tmp\is-4CLH0.tmp" /SL4 $A0186 "c:\%temp%\1412142106.115515.exe" 3200401 72704
ImagePath = C:\WINDOWS\system32\embedded\bind.exe, CmdLine = "embedded\bind.exe"
Comportamento de arquivos
Descrição do comportamento:在系统敏感位置(如开始菜单等)释放链接或快捷方式
Detalhes:C:\Documents and Settings\All Users\「开始」菜单\程序\EXECryptor 汉化版\EXECryptor汉化版.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\EXECryptor 汉化版\帮助文件.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\EXECryptor 汉化版\软件主页.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\EXECryptor 汉化版\版本更新.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\EXECryptor 汉化版\使用说明.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\EXECryptor 汉化版\卸载EXECryptor汉化版本.lnk
Descrição do comportamento:重命名文件
Detalhes:C:\Program Files\EXECryptor\is-H6LKT.tmp ---> C:\Program Files\EXECryptor\unins000.exe
C:\Program Files\EXECryptor\is-MNIIE.tmp ---> C:\Program Files\EXECryptor\eckeygen.dll
C:\Program Files\EXECryptor\is-6F0MC.tmp ---> C:\Program Files\EXECryptor\EXECrypt.exe
C:\Program Files\EXECryptor\is-BB2RC.tmp ---> C:\Program Files\EXECryptor\execryptor.chm
C:\Program Files\EXECryptor\is-JIVAH.tmp ---> C:\Program Files\EXECryptor\EXECryptor.exe
C:\Program Files\EXECryptor\is-O2E5J.tmp ---> C:\Program Files\EXECryptor\EXECryptor.url
C:\Program Files\EXECryptor\is-QF2P6.tmp ---> C:\Program Files\EXECryptor\history.txt
C:\Program Files\EXECryptor\is-SV5OB.tmp ---> C:\Program Files\EXECryptor\license.txt
C:\Program Files\EXECryptor\is-7986E.tmp ---> C:\Program Files\EXECryptor\LoadDLL.exe
C:\Program Files\EXECryptor\is-PLU83.tmp ---> C:\Program Files\EXECryptor\说明.txt
C:\Program Files\EXECryptor\Example\CBuilder\CustomSerials\is-8S5OK.tmp ---> C:\Program Files\EXECryptor\Example\CBuilder\CustomSerials\CustomSerialsDemo.bpr
C:\Program Files\EXECryptor\Example\CBuilder\CustomSerials\is-QDHKH.tmp ---> C:\Program Files\EXECryptor\Example\CBuilder\CustomSerials\CustomSerialsDemo.cpp
C:\Program Files\EXECryptor\Example\CBuilder\CustomSerials\is-HGKEB.tmp ---> C:\Program Files\EXECryptor\Example\CBuilder\CustomSerials\CustomSerialsDemo.dsk
C:\Program Files\EXECryptor\Example\CBuilder\CustomSerials\is-RJFML.tmp ---> C:\Program Files\EXECryptor\Example\CBuilder\CustomSerials\CustomSerialsDemo.ep2
C:\Program Files\EXECryptor\Example\CBuilder\CustomSerials\is-7I24E.tmp ---> C:\Program Files\EXECryptor\Example\CBuilder\CustomSerials\EXECryptor.cpp
Descrição do comportamento:在桌面创建快捷方式
Detalhes:C:\Documents and Settings\Administrator\桌面\EXECryptor汉化本.lnk
Descrição do comportamento:创建可执行文件
Detalhes:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-I5V8K.tmp\is-4CLH0.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-QQ02R.tmp\_isetup\_shfoldr.dll
C:\Program Files\EXECryptor\is-H6LKT.tmp
C:\Program Files\EXECryptor\is-MNIIE.tmp
C:\Program Files\EXECryptor\is-6F0MC.tmp
C:\Program Files\EXECryptor\is-JIVAH.tmp
C:\Program Files\EXECryptor\is-7986E.tmp
C:\Program Files\EXECryptor\Example\MSVB\VBDemo\is-ED9SU.tmp
C:\Program Files\EXECryptor\SDK\MSVB\is-G9RJ1.tmp
C:\WINDOWS\system32\embedded\is-1A2O8.tmp
C:\WINDOWS\system32\embedded\is-O45LS.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd4.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd4.tmp\NSISdl.dll
Descrição do comportamento:修改文件内容
Detalhes:C:\Program Files\EXECryptor\is-BB2RC.tmp---> Offset = 0
C:\Program Files\EXECryptor\is-O2E5J.tmp---> Offset = 0
C:\Program Files\EXECryptor\is-QF2P6.tmp---> Offset = 0
C:\Program Files\EXECryptor\is-SV5OB.tmp---> Offset = 0
C:\Program Files\EXECryptor\is-PLU83.tmp---> Offset = 0
C:\Program Files\EXECryptor\Example\CBuilder\CustomSerials\is-8S5OK.tmp---> Offset = 0
C:\Program Files\EXECryptor\Example\CBuilder\CustomSerials\is-QDHKH.tmp---> Offset = 0
C:\Program Files\EXECryptor\Example\CBuilder\CustomSerials\is-HGKEB.tmp---> Offset = 0
C:\Program Files\EXECryptor\Example\CBuilder\CustomSerials\is-RJFML.tmp---> Offset = 0
C:\Program Files\EXECryptor\Example\CBuilder\CustomSerials\is-7I24E.tmp---> Offset = 0
C:\Program Files\EXECryptor\Example\CBuilder\CustomSerials\is-L8OUL.tmp---> Offset = 0
C:\Program Files\EXECryptor\Example\CBuilder\CustomSerials\is-NCOC1.tmp---> Offset = 0
C:\Program Files\EXECryptor\Example\CBuilder\EXECryptorAPI\is-HF021.tmp---> Offset = 0
C:\Program Files\EXECryptor\Example\CBuilder\EXECryptorAPI\is-IT3GD.tmp---> Offset = 0
C:\Program Files\EXECryptor\Example\CBuilder\EXECryptorAPI\is-MQDPG.tmp---> Offset = 0
Comportamento de rede
Descrição do comportamento:发送一个已连接的套接字数据
Detalhes:SOCKET = 0x0000009c, TotalSize = 113, Offset = 0, ReadSize = 113.
Descrição do comportamento:建立到一个指定的套接字连接
Detalhes:219.133.40.1:80
Descrição do comportamento:按名称获取主机地址
Detalhes:file3.qqhelper.com
Comportamento do registro
Descrição do comportamento:修改注册表
Detalhes:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EXECryptor_is1\Inno Setup: Setup Version
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EXECryptor_is1\Inno Setup: App Path
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EXECryptor_is1\InstallLocation
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EXECryptor_is1\Inno Setup: Icon Group
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EXECryptor_is1\Inno Setup: User
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EXECryptor_is1\Inno Setup: Selected Tasks
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EXECryptor_is1\Inno Setup: Deselected Tasks
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EXECryptor_is1\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EXECryptor_is1\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EXECryptor_is1\QuietUninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EXECryptor_is1\Publisher
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EXECryptor_is1\URLInfoAbout
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EXECryptor_is1\HelpLink
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EXECryptor_is1\URLUpdateInfo
Outro comportamento
Descrição do comportamento:窗口信息
Detalhes:Pid = 1288, Hwnd=0xd01ac, Text = 逍遥阁软件本地化工作小组, ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xb01ce, Text = 欢迎使用 EXECryptor 安装向导 , ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xb0170, Text = 现在将安装 EXECryptor V2.2.6 汉化版 到您的电脑中。 推荐您在继续安装前关闭所有其它应用程序。 单击“下一步”继续,或单击“取消, ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xa018c, Text = This is a legal Agreement between you (either an single individual or an entity, herein referred to as Licensee) and SoftComplete, ClassName = TRichEditViewer.
Pid = 1288, Hwnd=0xb01be, Text = 下一步(&N) >, ClassName = TButton.
Pid = 1288, Hwnd=0xa0196, Text = 取消, ClassName = TButton.
Pid = 1288, Hwnd=0xd01c2, Text = 安装 - EXECryptor, ClassName = TWizardForm.
Pid = 1288, Hwnd=0xe01b8, Text = 欢迎使用 JY.Culture 汉化作品 , ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xc01b6, Text = 许可协议, ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xd0190, Text = 继续安装前请阅读下列重要信息。, ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xb016c, Text = 请仔细阅读下列许可协议。您在继续安装前必须同意这些协议条款。, ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xb0192, Text = 我同意此协议(&A), ClassName = TRadioButton.
Pid = 1288, Hwnd=0xb0164, Text = 我不同意此协议(&D), ClassName = TRadioButton.
Pid = 1288, Hwnd=0xb01e0, Text = < 上一步(&B), ClassName = TButton.
Pid = 1288, Hwnd=0xc01b6, Text = 信息, ClassName = TNewStaticText.
Descrição do comportamento:隐藏指定窗口
Detalhes:[Window,Class] = [,ComboLBox]
Descrição do comportamento:打开图片文件
Detalhes:\WINDOWS\system32\embedded\WizardImage.bmp
\WINDOWS\system32\embedded\WizardSmallImage.bmp
Descrição do comportamento:获取系统权限
Detalhes:SE_LOAD_DRIVER_PRIVILEGE
Executar captura de tela
VirSCAN

Sobre o VirSCAN | Política de Privacidade | Contate-nos | Link amigável | Ajude o VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号