VirSCAN VirSCAN

1, Puteți ÎNCĂRCA orice tip de fișier, însă limita este de 20Mb per fișier.
2, VirSCAN suportă decompresie Rar/Zip, însă arhiva nu trebuie să conțină mai mult de 20 fișiere.
3, VirSCAN poate scana fișiere arhivate cu parola 'infected' sau 'virus'

Limba
Nivelul de încărcare a serverului
Server Load

Informații despre fișiere
Evaluarea siguranței:71
Listă de comportamente
Informații de bază
MD5:0943461e2d0c063daba969a67bee833e
Tip fișier:EXE
Compania producatoare:
Versiune:1.0.0.0---1.0.0.0
Shell sau informații despre compilator:COMPILER:Microsoft Visual C++ vx.x DLL
Subfile informații:rlpack_12x_full_aplib_9213661bdumpFile / d8c5c1f2ba0c6d816d6e0007758f8e34 / EXE
Comportamentul cheie
Descrierea comportamentului:设置特殊文件夹属性
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Descrierea comportamentului:直接获取CPU时钟
Pentru mai multe informații:EAX = 0x923217bf, EDX = 0x000000ba
EAX = 0x9232180b, EDX = 0x000000ba
EAX = 0x92321857, EDX = 0x000000ba
EAX = 0x923218a3, EDX = 0x000000ba
EAX = 0x923218ef, EDX = 0x000000ba
EAX = 0x9232193b, EDX = 0x000000ba
EAX = 0x92321987, EDX = 0x000000ba
EAX = 0x923219d3, EDX = 0x000000ba
EAX = 0x92321a1f, EDX = 0x000000ba
EAX = 0x92321a6b, EDX = 0x000000ba
Descrierea comportamentului:尝试打开调试器或监控软件的驱动设备对象
Pentru mai multe informații:\??\SICE
\??\SIWVID
\??\NTICE
Descrierea comportamentului:查找反病毒常用工具窗口
Pentru mai multe informații:NtUserFindWindowEx: [Class,Window] = [FileMonClass,]
NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
Descrierea comportamentului:获取窗口截图信息
Pentru mai multe informații:Foreground window Info: HWND = 0x0001037a, DC = 0x03010624.
Foreground window Info: HWND = 0x0001037a, DC = 0x03010623.
Foreground window Info: HWND = 0x00010364, DC = 0x03010624.
Foreground window Info: HWND = 0x00000000, DC = 0x00000000.
Foreground window Info: HWND = 0x00010364, DC = 0x15010657.
Foreground window Info: HWND = 0x0001036e, DC = 0x15010657.
Comportamentul procesului
Descrierea comportamentului:创建本地线程
Pentru mai multe informații:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2640, ThreadID = 2840, StartAddress = 004109C4, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2640, ThreadID = 2884, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2640, ThreadID = 2912, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2640, ThreadID = 2916, StartAddress = 7C930230, Parameter = 00000000
Descrierea comportamentului:枚举进程
Pentru mai multe informații:N/A
Fișier comportament
Descrierea comportamentului:创建文件
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\%temp%\hrttp.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\1.she
C:\全局配置.ini
C:\雨天灭神辅助配置\版本信息.ini
C:\雨天灭神辅助配置\文件.zip
C:\雨天灭神辅助配置\t\1.bmp
C:\雨天灭神辅助配置\t\10.bmp
C:\雨天灭神辅助配置\t\11.bmp
C:\雨天灭神辅助配置\t\12.bmp
C:\雨天灭神辅助配置\t\13.bmp
C:\雨天灭神辅助配置\t\14.bmp
C:\雨天灭神辅助配置\t\15.bmp
C:\雨天灭神辅助配置\t\16.bmp
C:\雨天灭神辅助配置\t\17.bmp
C:\雨天灭神辅助配置\t\18.bmp
Descrierea comportamentului:创建可执行文件
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\%temp%\hrttp.dll
C:\雨天灭神辅助配置\dm.dll
C:\雨天灭神辅助配置\自带浏览器.exe
Descrierea comportamentului:查找文件
Pentru mai multe informații:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
FileName = C:\雨天灭神辅助配置\
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\226546\*.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\226546\TemporaryFile\*.*
FileName = C:\雨天灭神辅助配置\文件.zip
FileName = C:\雨天灭神辅助配置\dm.dll
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\辅助文件.txt
FileName = c:\windows\system32\drivers\etc\hosts
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
Descrierea comportamentului:删除文件
Pentru mai multe informații:C:\雨天灭神辅助配置\文件.zip
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\io[1].php
Descrierea comportamentului:重命名文件
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\Temp\226546\... ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\226546\TemporaryFile
Descrierea comportamentului:设置特殊文件夹属性
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Descrierea comportamentului:修改文件内容
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\%temp%\hrttp.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\1.she ---> Offset = 0
C:\全局配置.ini ---> Offset = 0
C:\雨天灭神辅助配置\版本信息.ini ---> Offset = 0
C:\雨天灭神辅助配置\文件.zip ---> Offset = 0
C:\雨天灭神辅助配置\t\1.bmp ---> Offset = 0
C:\雨天灭神辅助配置\t\10.bmp ---> Offset = 0
C:\雨天灭神辅助配置\t\11.bmp ---> Offset = 0
C:\雨天灭神辅助配置\t\12.bmp ---> Offset = 0
C:\雨天灭神辅助配置\t\13.bmp ---> Offset = 0
C:\雨天灭神辅助配置\t\14.bmp ---> Offset = 0
C:\雨天灭神辅助配置\t\15.bmp ---> Offset = 0
C:\雨天灭神辅助配置\t\16.bmp ---> Offset = 0
C:\雨天灭神辅助配置\t\17.bmp ---> Offset = 0
C:\雨天灭神辅助配置\t\18.bmp ---> Offset = 0
Comportamentul rețelei
Descrierea comportamentului:连接指定站点
Pentru mai multe informații:InternetConnectA: ServerName = ww****in, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
Descrierea comportamentului:打开HTTP连接
Pentru mai multe informații:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
Descrierea comportamentului:建立到一个指定的套接字连接
Pentru mai multe informații:URL: ww****in, IP: **.133.40.**:80, SOCKET = 0x00000374
URL: ww****in, IP: **.133.40.**:80, SOCKET = 0x00000370
URL: ww****in, IP: **.133.40.**:80, SOCKET = 0x00000180
URL: ww****in, IP: **.133.40.**:80, SOCKET = 0x00000384
URL: ww****in, IP: **.133.40.**:80, SOCKET = 0x00000380
URL: ww****in, IP: **.133.40.**:80, SOCKET = 0x0000039c
Descrierea comportamentului:读取网络文件
Pentru mai multe informații:hFile = 0x00cc000c, BytesToRead =4096, BytesRead = 4096.
Descrierea comportamentului:发送HTTP包
Pentru mai multe informații:GET /kss_api/io.php?a=uplog&apiver=905&c=0&gdata=1&softcode=1000010&&lgid=0&f=&x=36121229734 HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSiE 6.0; Windows NT 5.1;) Accept-Encoding: gzip, deflate Host: ww****in Connection: Keep-Alive
GET /kss_api/io.php?a=uplog&apiver=905&c=0&gdata=1&softcode=1000010&lgid=0&f=&x=36121230890 HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSiE 6.0; Windows NT 5.1;) Accept-Encoding: gzip, deflate Host: ww****in Connection: Keep-Alive
GET /kss_api/io.php?a=uplog&apiver=905&c=0&gdata=1&softcode=1000010&&lgid=0&f=&x=36121231031 HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSiE 6.0; Windows NT 5.1;) Accept-Encoding: gzip, deflate Host: ww****in Connection: Keep-Alive
GET /kss_api/io.php?a=uplog&apiver=905&c=0&gdata=1&softcode=1000010&lgid=0&f=&x=36121231078 HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSiE 6.0; Windows NT 5.1;) Accept-Encoding: gzip, deflate Host: ww****in Connection: Keep-Alive
GET /kss_api/io.php?a=uplog&apiver=905&c=0&gdata=1&softcode=1000010&&lgid=0&f=110&x=36121231140 HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSiE 6.0; Windows NT 5.1;) Accept-Encoding: gzip, deflate Host: ww****in Connection: Keep-Alive
GET /kss_api/io.php?a=uplog&apiver=905&c=0&gdata=1&softcode=1000010&lgid=0&f=110&x=36121231171 HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSiE 6.0; Windows NT 5.1;) Accept-Encoding: gzip, deflate Host: ww****in Connection: Keep-Alive
POST /kss_api/io.php?apiver=905&&lgid=0&f=110&x=36121232671 HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSiE 6.0; Windows NT 5.1;) Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate Host: ww****in Content-Length: 201 Connection: Keep-Alive Cache-Control: no-cache
Descrierea comportamentului:打开HTTP请求
Pentru mai multe informații:HttpOpenRequestA: ww****in:80/kss_api/io.php?a=uplog&apiver=905&c=0&gdata=1&softcode=1000010&&lgid=0&f=&x=36121229734, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400000
HttpOpenRequestA: ww****in:80/kss_api/io.php?a=uplog&apiver=905&c=0&gdata=1&softcode=1000010&lgid=0&f=&x=36121230890, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400000
HttpOpenRequestA: ww****in:80/kss_api/io.php?a=uplog&apiver=905&c=0&gdata=1&softcode=1000010&&lgid=0&f=&x=36121231031, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400000
HttpOpenRequestA: ww****in:80/kss_api/io.php?a=uplog&apiver=905&c=0&gdata=1&softcode=1000010&lgid=0&f=&x=36121231078, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400000
HttpOpenRequestA: ww****in:80/kss_api/io.php?a=uplog&apiver=905&c=0&gdata=1&softcode=1000010&&lgid=0&f=110&x=36121231140, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400000
HttpOpenRequestA: ww****in:80/kss_api/io.php?a=uplog&apiver=905&c=0&gdata=1&softcode=1000010&lgid=0&f=110&x=36121231171, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400000
HttpOpenRequestA: ww****in:80/kss_api/io.php?apiver=905&&lgid=0&f=110&x=36121232671, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: POST, Referer: , Flags = 0x04600000
Descrierea comportamentului:按名称获取主机地址
Pentru mai multe informații:GetAddrInfoW: ww****in
Înregistrare comportament
Descrierea comportamentului:修改注册表
Pentru mai multe informații:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x32(BGR 0)
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Descrierea comportamentului:删除注册表键值
Pentru mai multe informații:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\DWFileTreeRoot
Descrierea comportamentului:删除注册表键
Pentru mai multe informații:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\
Alt comportament
Descrierea comportamentului:检测自身是否被调试
Pentru mai multe informații:IsDebuggerPresent
Descrierea comportamentului:创建互斥体
Pentru mai multe informații:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
ini_read_write
MSCTF.Shared.MUTEX.IOH
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
Lock-b1385f9f491c3fc6
Descrierea comportamentului:创建事件对象
Pentru mai multe informații:EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
Descrierea comportamentului:打开事件
Pentru mai multe informații:HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
Descrierea comportamentului:打开互斥体
Pentru mai multe informații:ShimCacheMutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!IETld!Mutex
RasPbFile
Descrierea comportamentului:查找指定窗口
Pentru mai multe informații:NtUserFindWindowEx: [Class,Window] = [18467-41,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Descrierea comportamentului:尝试打开调试器或监控软件的驱动设备对象
Pentru mai multe informații:\??\SICE
\??\SIWVID
\??\NTICE
Descrierea comportamentului:调整进程token权限
Pentru mai multe informații:SE_DEBUG_PRIVILEGE
Descrierea comportamentului:窗口信息
Pentru mai multe informații:Pid = 2640, Hwnd=0x10378, Text = 免费试用, ClassName = Button.
Pid = 2640, Hwnd=0x10376, Text = 视频教程, ClassName = Button.
Pid = 2640, Hwnd=0x10374, Text = 购买充值卡, ClassName = Button.
Pid = 2640, Hwnd=0x10370, Text = 正在初始化请稍等......., ClassName = _EL_Label.
Pid = 2640, Hwnd=0x1036e, Text = 账号登陆, ClassName = Button.
Pid = 2640, Hwnd=0x10368, Text = 密码:, ClassName = _EL_Label.
Pid = 2640, Hwnd=0x10366, Text = 账号:, ClassName = _EL_Label.
Pid = 2640, Hwnd=0x10360, Text = 可空, ClassName = _EL_Label.
Pid = 2640, Hwnd=0x1035e, Text = 辅助密码:, ClassName = _EL_Label.
Pid = 2640, Hwnd=0x1035a, Text = 购买充值卡, ClassName = Button.
Pid = 2640, Hwnd=0x10358, Text = 注册帐号, ClassName = Button.
Pid = 2640, Hwnd=0x10354, Text = 推 荐 人:, ClassName = _EL_Label.
Pid = 2640, Hwnd=0x10350, Text = 充值卡号:, ClassName = _EL_Label.
Pid = 2640, Hwnd=0x1034e, Text = 辅助账号:, ClassName = _EL_Label.
Pid = 2640, Hwnd=0x1034a, Text = 购买充值卡, ClassName = Button.
Descrierea comportamentului:加载新释放的文件
Pentru mai multe informații:Image: C:\Documents and Settings\Administrator\Local Settings\%temp%\hrttp.dll.
Descrierea comportamentului:可执行文件签名信息
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\%temp%\hrttp.dll(签名验证: 未通过)
C:\雨天灭神辅助配置\dm.dll(签名验证: 未通过)
C:\雨天灭神辅助配置\自带浏览器.exe(签名验证: 未通过)
Descrierea comportamentului:隐藏指定窗口
Pentru mai multe informații:[Window,Class] = [<,AfxWnd42s]
[Window,Class] = [>,AfxWnd42s]
[Window,Class] = [辅助账号:,_EL_Label]
[Window,Class] = [充值卡号:,_EL_Label]
[Window,Class] = [,Edit]
[Window,Class] = [充值帐号,Button]
[Window,Class] = [购买充值卡,Button]
[Window,Class] = [推 荐 人:,_EL_Label]
[Window,Class] = [注册帐号,Button]
[Window,Class] = [辅助密码:,_EL_Label]
[Window,Class] = [可空,_EL_Label]
[Window,Class] = [,Afx:400000:b:10011:0:0]
[Window,Class] = [,Afx:400000:8]
[Window,Class] = [,CPPToolTip]
Descrierea comportamentului:可执行文件MD5
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\%temp%\hrttp.dll ---> 2830671e3a788c69b2855d1803358091
C:\雨天灭神辅助配置\dm.dll ---> c578b6820bda5689940560147c6e5ffc
C:\雨天灭神辅助配置\自带浏览器.exe ---> 4a628f721e90aa4e313549b441cac14a
Descrierea comportamentului:直接获取CPU时钟
Pentru mai multe informații:EAX = 0x923217bf, EDX = 0x000000ba
EAX = 0x9232180b, EDX = 0x000000ba
EAX = 0x92321857, EDX = 0x000000ba
EAX = 0x923218a3, EDX = 0x000000ba
EAX = 0x923218ef, EDX = 0x000000ba
EAX = 0x9232193b, EDX = 0x000000ba
EAX = 0x92321987, EDX = 0x000000ba
EAX = 0x923219d3, EDX = 0x000000ba
EAX = 0x92321a1f, EDX = 0x000000ba
EAX = 0x92321a6b, EDX = 0x000000ba
Descrierea comportamentului:查找反病毒常用工具窗口
Pentru mai multe informații:NtUserFindWindowEx: [Class,Window] = [FileMonClass,]
NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
Descrierea comportamentului:获取窗口截图信息
Pentru mai multe informații:Foreground window Info: HWND = 0x0001037a, DC = 0x03010624.
Foreground window Info: HWND = 0x0001037a, DC = 0x03010623.
Foreground window Info: HWND = 0x00010364, DC = 0x03010624.
Foreground window Info: HWND = 0x00000000, DC = 0x00000000.
Foreground window Info: HWND = 0x00010364, DC = 0x15010657.
Foreground window Info: HWND = 0x0001036e, DC = 0x15010657.
Rulați captura de ecran
VirSCAN

Despre VirSCAN | Politica de confidențialitate | Contact | Linie prietenoasă | Ajută VirSCAN
Tradus de Viorel Petrișor Neculai & Mihai Chiş, România
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号