VirSCAN VirSCAN

1, Puteți ÎNCĂRCA orice tip de fișier, însă limita este de 20Mb per fișier.
2, VirSCAN suportă decompresie Rar/Zip, însă arhiva nu trebuie să conțină mai mult de 20 fișiere.
3, VirSCAN poate scana fișiere arhivate cu parola 'infected' sau 'virus'

Limba
Nivelul de încărcare a serverului
Server Load

Informații despre fișiere
Evaluarea siguranței:77
Listă de comportamente
Informații de bază
MD5:998e781601c42fa7b8c16a02508914be
Tip fișier:EXE
Compania producatoare:
Versiune:
Shell sau informații despre compilator:PACKER:UPolyX v0.5
Comportamentul cheie
Descrierea comportamentului:获取TickCount值
Pentru mai multe informații:TickCount = 223990, SleepMilliseconds = 100.
Comportamentul procesului
Descrierea comportamentului:创建进程
Pentru mai multe informații:[0x00000b40]ImagePath = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe, CmdLine = "C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe"
Fișier comportament
Descrierea comportamentului:创建文件
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\Microsoft.VC90.CRT.manifest
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_ctypes.pyd
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_hashlib.pyd
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_socket.pyd
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_ssl.pyd
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\bz2.pyd
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\msvcm90.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\msvcp90.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\msvcr90.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\poc.exe.manifest
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\python27.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\pywintypes27.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\select.pyd
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\unicodedata.pyd
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\win32wnet.pyd
Descrierea comportamentului:删除文件
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\bz2.pyd
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\Microsoft.VC90.CRT.manifest
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\msvcm90.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\msvcp90.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\msvcr90.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\poc.exe.manifest
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\python27.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\pywintypes27.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\select.pyd
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\unicodedata.pyd
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\win32wnet.pyd
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_ctypes.pyd
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_hashlib.pyd
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_socket.pyd
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_ssl.pyd
Descrierea comportamentului:创建可执行文件
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_ctypes.pyd
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_hashlib.pyd
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_socket.pyd
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_ssl.pyd
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\bz2.pyd
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\msvcm90.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\msvcp90.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\msvcr90.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\python27.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\pywintypes27.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\select.pyd
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\unicodedata.pyd
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\win32wnet.pyd
Descrierea comportamentului:修改文件内容
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\Microsoft.VC90.CRT.manifest ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_ctypes.pyd ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_ctypes.pyd ---> Offset = 90112
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_hashlib.pyd ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_hashlib.pyd ---> Offset = 1015808
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_socket.pyd ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_socket.pyd ---> Offset = 45056
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_ssl.pyd ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_ssl.pyd ---> Offset = 1409024
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\bz2.pyd ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\bz2.pyd ---> Offset = 69632
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\msvcm90.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\msvcp90.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\msvcp90.dll ---> Offset = 569344
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\msvcr90.dll ---> Offset = 0
Descrierea comportamentului:查找文件
Pentru mai multe informații:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_MEI26802\Microsoft.VC90.CRT.manifest
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_MEI26802\_ctypes.pyd
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_MEI26802\_hashlib.pyd
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_MEI26802\_socket.pyd
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_MEI26802\_ssl.pyd
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_MEI26802\bz2.pyd
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_MEI26802\msvcm90.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_MEI26802\msvcp90.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_MEI26802\msvcr90.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_MEI26802\poc.exe.manifest
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_MEI26802\python27.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_MEI26802\pywintypes27.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_MEI26802\select.pyd
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_MEI26802\unicodedata.pyd
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_MEI26802\win32wnet.pyd
Alt comportament
Descrierea comportamentului:创建事件对象
Pentru mai multe informații:EventName = Global\crypt32LogoffEvent
Descrierea comportamentului:样本控制台输出内容
Pentru mai multe informații:N/A
Descrierea comportamentului:获取TickCount值
Pentru mai multe informații:TickCount = 223990, SleepMilliseconds = 100.
Descrierea comportamentului:打开事件
Pentru mai multe informații:HookSwitchHookEnabledEvent
Global\crypt32LogoffEvent
Descrierea comportamentului:可执行文件签名信息
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_ctypes.pyd(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_hashlib.pyd(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_socket.pyd(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_ssl.pyd(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\bz2.pyd(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\msvcm90.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\msvcp90.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\msvcr90.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\python27.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\pywintypes27.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\select.pyd(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\unicodedata.pyd(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\win32wnet.pyd(签名验证: 未通过)
Descrierea comportamentului:调用Sleep函数
Pentru mai multe informații:[1]: MilliSeconds = 100.
[2]: MilliSeconds = 100.
[3]: MilliSeconds = 100.
[4]: MilliSeconds = 100.
[5]: MilliSeconds = 100.
[6]: MilliSeconds = 100.
[7]: MilliSeconds = 100.
[8]: MilliSeconds = 100.
[9]: MilliSeconds = 100.
[10]: MilliSeconds = 100.
Descrierea comportamentului:可执行文件MD5
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_ctypes.pyd ---> 9e6c48ec9508423d0ce6b6e4d4a10d90
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_hashlib.pyd ---> b1dbd52e5da083e5b5613a2b4c17a4ef
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_socket.pyd ---> 600de8a82e2204e88df27714687f88b9
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\_ssl.pyd ---> 9b59be1fa8427368c4e0e763f578d74c
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\bz2.pyd ---> 58c57a662cde57fea311444cc8dadc24
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\msvcm90.dll ---> 2326b79a5b3ccf433e00aa1782e8e84c
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\msvcp90.dll ---> 5433ee6ee9ad64b8d45729815221866b
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\msvcr90.dll ---> 31d858c6f1c453af516343758a4b2c69
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\python27.dll ---> cb0be986e1805358d49d6c172f3418f2
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\pywintypes27.dll ---> f0469abb4f2914c78ce875a430425958
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\select.pyd ---> efb6435cb9fb6462132181738c729885
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\unicodedata.pyd ---> a13020f231b588d46aaf82fe9314efdc
C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI26802\win32wnet.pyd ---> bae272192df2cfd83408cc2fa5ac6572
Descrierea comportamentului:打开互斥体
Pentru mai multe informații:ShimCacheMutex
Descrierea comportamentului:加载新释放的文件
Pentru mai multe informații:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_MEI26802\python27.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_MEI26802\msvcr90.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_MEI26~1\_ctypes.pyd.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_MEI26~1\_hashlib.pyd.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_MEI26~1\_socket.pyd.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_MEI26~1\_ssl.pyd.
Rulați captura de ecran
VirSCAN

Despre VirSCAN | Politica de confidențialitate | Contact | Linie prietenoasă | Ajută VirSCAN
Tradus de Viorel Petrișor Neculai & Mihai Chiş, România
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号