VirSCAN VirSCAN

1, Puteți ÎNCĂRCA orice tip de fișier, însă limita este de 20Mb per fișier.
2, VirSCAN suportă decompresie Rar/Zip, însă arhiva nu trebuie să conțină mai mult de 20 fișiere.
3, VirSCAN poate scana fișiere arhivate cu parola 'infected' sau 'virus'

Limba
Nivelul de încărcare a serverului
Server Load

Informații despre fișiere
Evaluarea siguranței:76
Listă de comportamente
Informații de bază
MD5:efdd5d847bf848104aa5c3ea6f0af230
Tip fișier:EXE
Compania producatoare:not by Acronis
Versiune:22.5.1.12510---1, 0, 0, 0
Shell sau informații despre compilator:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Subfile informații:libcrypto10.dll / 24f0e8981ec3088f570af6394feb5b18 / DLL
libcrypto10.dll / 9e054045d57e993693454356f89560f2 / DLL
libcrypto10.dll / 060ed28d979061b88a43f1abf539fbb4 / DLL
libcrypto10.dll / ebc12b096fa47195f6b477ddda0c7761 / DLL
libcrypto10.dll / e3708190587a12a2a71b724c0da0a7d3 / DLL
libcrypto10.dll / 4bcb3ea83d92f8d40af58d316053b8c6 / DLL
libcrypto10.dll / 4bcb3ea83d92f8d40af58d316053b8c6 / DLL
libcrypto10.dll / 4bcb3ea83d92f8d40af58d316053b8c6 / DLL
libcrypto10.dll / 4bcb3ea83d92f8d40af58d316053b8c6 / DLL
libcrypto10.dll / 4bcb3ea83d92f8d40af58d316053b8c6 / DLL
libcrypto10.dll / 4bcb3ea83d92f8d40af58d316053b8c6 / DLL
libcrypto10.dll / c70accf2bc9a65762445cea5f5b5dd17 / DLL
libcrypto10.dll / ce88e2feabfec84c535faa1921eb49b0 / DLL
libcrypto10.dll / 289ea832080ae0a557e4330135ba4d0a / DLL
libcrypto10.dll / ce88e2feabfec84c535faa1921eb49b0 / DLL
libcrypto10.dll / 289ea832080ae0a557e4330135ba4d0a / DLL
libcrypto10.dll / 289ea832080ae0a557e4330135ba4d0a / DLL
libcrypto10.dll / 289ea832080ae0a557e4330135ba4d0a / DLL
libcrypto10.dll / 2c751462f726b46ebd5651dcb0b2abd6 / DLL
Comportamentul cheie
Descrierea comportamentului:获取TickCount值
Pentru mai multe informații:TickCount = 225707, SleepMilliseconds = 20.
TickCount = 225723, SleepMilliseconds = 20.
TickCount = 225738, SleepMilliseconds = 20.
TickCount = 225754, SleepMilliseconds = 20.
TickCount = 225801, SleepMilliseconds = 20.
TickCount = 225816, SleepMilliseconds = 20.
TickCount = 225832, SleepMilliseconds = 20.
TickCount = 225895, SleepMilliseconds = 20.
TickCount = 225926, SleepMilliseconds = 20.
TickCount = 226051, SleepMilliseconds = 20.
TickCount = 226066, SleepMilliseconds = 20.
TickCount = 236660, SleepMilliseconds = 20.
TickCount = 236676, SleepMilliseconds = 20.
TickCount = 237598, SleepMilliseconds = 20.
TickCount = 237613, SleepMilliseconds = 20.
Comportamentul procesului
Descrierea comportamentului:创建进程
Pentru mai multe informații:[0x00000c34]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c ""C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Activation.cmd" "
[0x00000c40]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = C:\WINDOWS\system32\cmd.exe /c REG QUERY "HKLM\SYSTEM\CurrentControlSet\Control\Nls\Language" /v InstallLanguage
[0x00000c48]ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = REG QUERY "HKLM\SYSTEM\CurrentControlSet\Control\Nls\Language" /v InstallLanguage
[0x00000c54]ImagePath = C:\WINDOWS\system32\mode.com, CmdLine = mode con:cols=86 lines=36
[0x00000c70]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = C:\WINDOWS\system32\cmd.exe /c REG QUERY "HKLM\SOFTWARE\Acronis\TrueImageHome\Settings" /v LicenseActivatorExePath 2>NUL
[0x00000c7c]ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = REG QUERY "HKLM\SOFTWARE\Acronis\TrueImageHome\Settings" /v LicenseActivatorExePath
[0x00000c84]ImagePath = C:\WINDOWS\system32\xcopy.exe, CmdLine = xcopy /y TrueImageReadme "C:\Documents and Settings\Administrator\Desktop\TrueImageReadme"
Descrierea comportamentului:创建本地线程
Pentru mai multe informații:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2096, ThreadID = 2300, StartAddress = 00401363, Parameter = 00B195D0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2096, ThreadID = 2352, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2096, ThreadID = 2432, StartAddress = 77C0A341, Parameter = 00B26DA8
Fișier comportament
Descrierea comportamentului:创建文件
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.5033\PropertyStorage
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.5534\PropertyStorage
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.5554\PropertyStorage
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.5555\PropertyStorage
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.8029\PropertyStorage
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.8041\PropertyStorage
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.8053\PropertyStorage
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.8058\PropertyStorage
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\21.0.0.6106\PropertyStorage
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\21.0.0.6116\PropertyStorage
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\21.0.0.6206\PropertyStorage
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\21.0.0.6209\PropertyStorage
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Activation.cmd
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Activation_de.cmd
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Activation_en.cmd
Descrierea comportamentului:创建可执行文件
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\filever.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\taskkill_xp.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\xdelta3.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\16.0.0.5551\libcrypto10.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\15.0.0.6131\libcrypto10.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\15.0.0.7133\libcrypto10.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\16.0.0.5587\libcrypto10.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\16.0.0.6514\libcrypto10.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\16.0.0.6528\libcrypto10.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\17.0.0.5560\libcrypto10.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\17.0.0.6614\libcrypto10.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\17.0.0.6673\libcrypto10.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\17.0.0.6688\libcrypto10.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\18.0.0.5539\libcrypto10.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\18.0.0.6055\libcrypto10.dll
Descrierea comportamentului:修改文件内容
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.5033\PropertyStorage ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.5534\PropertyStorage ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.5554\PropertyStorage ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.5555\PropertyStorage ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.8029\PropertyStorage ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.8041\PropertyStorage ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.8053\PropertyStorage ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.8058\PropertyStorage ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\21.0.0.6106\PropertyStorage ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\21.0.0.6116\PropertyStorage ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\21.0.0.6206\PropertyStorage ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\21.0.0.6209\PropertyStorage ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Activation.cmd ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Activation_de.cmd ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Activation_en.cmd ---> Offset = 0
Descrierea comportamentului:查找文件
Pentru mai multe informații:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Activation.cmd
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Activation.cmd
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\cmd.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\REG.*
Înregistrare comportament
Descrierea comportamentului:修改注册表
Pentru mai multe informații:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Activation.cmd
Alt comportament
Descrierea comportamentului:创建互斥体
Pentru mai multe informații:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.IBI
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Descrierea comportamentului:创建事件对象
Pentru mai multe informații:EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
EventName = MSCTF.SendReceiveConection.Event.IBI.IC
EventName = MSCTF.SendReceive.Event.IBI.IC
Descrierea comportamentului:查找指定窗口
Pentru mai multe informații:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Descrierea comportamentului:打开事件
Pentru mai multe informații:HookSwitchHookEnabledEvent
Global\crypt32LogoffEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
_fCanRegisterWithShellService
Descrierea comportamentului:获取TickCount值
Pentru mai multe informații:TickCount = 225707, SleepMilliseconds = 20.
TickCount = 225723, SleepMilliseconds = 20.
TickCount = 225738, SleepMilliseconds = 20.
TickCount = 225754, SleepMilliseconds = 20.
TickCount = 225801, SleepMilliseconds = 20.
TickCount = 225816, SleepMilliseconds = 20.
TickCount = 225832, SleepMilliseconds = 20.
TickCount = 225895, SleepMilliseconds = 20.
TickCount = 225926, SleepMilliseconds = 20.
TickCount = 226051, SleepMilliseconds = 20.
TickCount = 226066, SleepMilliseconds = 20.
TickCount = 236660, SleepMilliseconds = 20.
TickCount = 236676, SleepMilliseconds = 20.
TickCount = 237598, SleepMilliseconds = 20.
TickCount = 237613, SleepMilliseconds = 20.
Descrierea comportamentului:调整进程token权限
Pentru mai multe informații:SE_LOAD_DRIVER_PRIVILEGE
Descrierea comportamentului:窗口信息
Pentru mai multe informații:Pid = 2096, Hwnd=0x1034c, Text = Cancel, ClassName = Button.
Pid = 2096, Hwnd=0x3033c, Text = 8% Extracting, ClassName = #32770.
Pid = 2096, Hwnd=0x10346, Text = 123456, ClassName = Edit.
Pid = 2096, Hwnd=0x3033c, Text = 38% Extracting, ClassName = #32770.
Pid = 2096, Hwnd=0x3033c, Text = 73% Extracting, ClassName = #32770.
Pid = 2096, Hwnd=0x3033c, Text = 100% Extracting, ClassName = #32770.
Descrierea comportamentului:可执行文件签名信息
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\filever.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\taskkill_xp.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\xdelta3.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\16.0.0.5551\libcrypto10.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\15.0.0.6131\libcrypto10.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\15.0.0.7133\libcrypto10.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\16.0.0.5587\libcrypto10.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\16.0.0.6514\libcrypto10.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\16.0.0.6528\libcrypto10.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\17.0.0.5560\libcrypto10.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\17.0.0.6614\libcrypto10.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\17.0.0.6673\libcrypto10.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\17.0.0.6688\libcrypto10.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\18.0.0.5539\libcrypto10.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\18.0.0.6055\libcrypto10.dll(签名验证: 未通过)
Descrierea comportamentului:调用Sleep函数
Pentru mai multe informații:[1]: MilliSeconds = 20.
[2]: MilliSeconds = 20.
Descrierea comportamentului:隐藏指定窗口
Pentru mai multe informații:[Window,Class] = [,Static]
[Window,Class] = [,Button]
Descrierea comportamentului:可执行文件MD5
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\filever.exe ---> 0e6c873a80940c9729bc8017ad67b2de
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\taskkill_xp.exe ---> 3add0c055c3794a384bdd5519ef913b5
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\xdelta3.exe ---> 70707830234212e86fb311f49be53459
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\16.0.0.5551\libcrypto10.dll ---> d623a36247044648977c8688bc3eb53e
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\15.0.0.6131\libcrypto10.dll ---> bea4e4ceae1ddb7697ed52b2c0e73986
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\15.0.0.7133\libcrypto10.dll ---> fbef3abed9b52ded52841b462bd06abc
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\16.0.0.5587\libcrypto10.dll ---> db82de21bc28bb8ff773c44654be90fd
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\16.0.0.6514\libcrypto10.dll ---> abd379efc199031ca55c57e0a588e612
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\16.0.0.6528\libcrypto10.dll ---> 7581f166afd9f025dd7c2e82dc4884ed
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\17.0.0.5560\libcrypto10.dll ---> 8881dcf53c311065052dc81a4a271d72
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\17.0.0.6614\libcrypto10.dll ---> 56b360ed11f95edc07b73229a63ccaf3
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\17.0.0.6673\libcrypto10.dll ---> d51b906dfc4a9fafa473422e9dae88e6
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\17.0.0.6688\libcrypto10.dll ---> 73fb3ca2bf6c7ef1c541476d2ff9fdc6
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\18.0.0.5539\libcrypto10.dll ---> 060ed28d979061b88a43f1abf539fbb4
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\18.0.0.6055\libcrypto10.dll ---> e3708190587a12a2a71b724c0da0a7d3
Descrierea comportamentului:打开互斥体
Pentru mai multe informații:ShimCacheMutex
Local\!IETld!Mutex
Rulați captura de ecran
VirSCAN

Despre VirSCAN | Politica de confidențialitate | Contact | Linie prietenoasă | Ajută VirSCAN
Tradus de Viorel Petrișor Neculai & Mihai Chiş, România
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号