VirSCAN VirSCAN

1, Вы можете высылать файлы для проверки размером не более 20 мб.
2, VirSCAN поддерживает Rar/Zip сжатия, но не более 20-ти файлов.
3, VirSCAN может проверять сжатые файлы со следующими паролями 'infected' или 'virus'.

Язык
Server load
Server Load

Информация о файле
Рейтинг безопасности:50
Список действий
Основная информация
MD5:8ee7b8e8589d3115f0f65f7442d049ee
Тип файла:EXE
Производственная компания:
Версия:1.0.0.0---1.0.0.0
Информация оболочки или компилятора:COMPILER:Elan
Ключевое поведение
Описание поведения:直接获取CPU时钟
Для получения более подробной информации:EAX = 0x86cd4bdb, EDX = 0x000000b6
EAX = 0x86cd4c27, EDX = 0x000000b6
EAX = 0x86cd4c73, EDX = 0x000000b6
EAX = 0x86cd4cbf, EDX = 0x000000b6
EAX = 0x86cd4d0b, EDX = 0x000000b6
EAX = 0x86cd4d57, EDX = 0x000000b6
EAX = 0xb634ef5e, EDX = 0x000000b6
EAX = 0xb634efaa, EDX = 0x000000b6
EAX = 0xb634eff6, EDX = 0x000000b6
EAX = 0xb634f042, EDX = 0x000000b6
Описание поведения:获取TickCount值
Для получения более подробной информации:TickCount = 220328, SleepMilliseconds = 1000.
TickCount = 220343, SleepMilliseconds = 1000.
TickCount = 220375, SleepMilliseconds = 1000.
TickCount = 220390, SleepMilliseconds = 1000.
TickCount = 220421, SleepMilliseconds = 1000.
TickCount = 220515, SleepMilliseconds = 1000.
TickCount = 220531, SleepMilliseconds = 1000.
TickCount = 220546, SleepMilliseconds = 1000.
TickCount = 220609, SleepMilliseconds = 1000.
TickCount = 220625, SleepMilliseconds = 1000.
TickCount = 220718, SleepMilliseconds = 1000.
TickCount = 220734, SleepMilliseconds = 1000.
TickCount = 220796, SleepMilliseconds = 1000.
TickCount = 220812, SleepMilliseconds = 1000.
TickCount = 220890, SleepMilliseconds = 1000.
Поведение процесса
Описание поведения:创建本地线程
Для получения более подробной информации:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2452, ThreadID = 2644, StartAddress = 004051F8, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2452, ThreadID = 2684, StartAddress = 004051F8, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2452, ThreadID = 2712, StartAddress = 004051F8, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2452, ThreadID = 2868, StartAddress = 004051F8, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2452, ThreadID = 2964, StartAddress = 004051F8, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2452, ThreadID = 2992, StartAddress = 004051F8, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2452, ThreadID = 3028, StartAddress = 004051F8, Parameter = 00000000
Сетевое поведение
Описание поведения:连接指定站点
Для получения более подробной информации:WinHttpConnect: ServerName = pu****om, PORT = 80, UserName = , Password = , hSession = 0x01033100, hConnect = 0x01033200, Flags = 0x00000000
WinHttpConnect: ServerName = pu****om, PORT = 80, UserName = , Password = , hSession = 0x01221100, hConnect = 0x01221200, Flags = 0x00000000
WinHttpConnect: ServerName = pu****om, PORT = 80, UserName = , Password = , hSession = 0x01033100, hConnect = 0x01033300, Flags = 0x00000000
WinHttpConnect: ServerName = pu****om, PORT = 80, UserName = , Password = , hSession = 0x01221100, hConnect = 0x01221300, Flags = 0x00000000
WinHttpConnect: ServerName = pu****om, PORT = 80, UserName = , Password = , hSession = 0x01231100, hConnect = 0x01231200, Flags = 0x00000000
WinHttpConnect: ServerName = pu****om, PORT = 80, UserName = , Password = , hSession = 0x01241100, hConnect = 0x01241200, Flags = 0x00000000
WinHttpConnect: ServerName = pu****om, PORT = 80, UserName = , Password = , hSession = 0x012b1100, hConnect = 0x012b1200, Flags = 0x00000000
WinHttpConnect: ServerName = pu****om, PORT = 80, UserName = , Password = , hSession = 0x012b1100, hConnect = 0x012b1300, Flags = 0x00000000
WinHttpConnect: ServerName = pu****om, PORT = 80, UserName = , Password = , hSession = 0x012a1100, hConnect = 0x012a1200, Flags = 0x00000000
WinHttpConnect: ServerName = pu****om, PORT = 80, UserName = , Password = , hSession = 0x01281100, hConnect = 0x01281200, Flags = 0x00000000
WinHttpConnect: ServerName = pu****om, PORT = 80, UserName = , Password = , hSession = 0x01281100, hConnect = 0x01281300, Flags = 0x00000000
WinHttpConnect: ServerName = pu****om, PORT = 80, UserName = , Password = , hSession = 0x012a1100, hConnect = 0x012a1300, Flags = 0x00000000
WinHttpConnect: ServerName = pu****om, PORT = 80, UserName = , Password = , hSession = 0x01291100, hConnect = 0x01291200, Flags = 0x00000000
WinHttpConnect: ServerName = pu****om, PORT = 80, UserName = , Password = , hSession = 0x01291100, hConnect = 0x01291300, Flags = 0x00000000
WinHttpConnect: ServerName = pu****om, PORT = 80, UserName = , Password = , hSession = 0x012d1100, hConnect = 0x012d1200, Flags = 0x00000000
Описание поведения:打开HTTP连接
Для получения более подробной информации:WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x01033100
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x01221100
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x01231100
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x01241100
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x012b1100
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x01281100
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x012a1100
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x01291100
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x01211100
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x012d1100
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x012f1100
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x012e1100
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x01301100
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x01261100
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x01551100
Описание поведения:建立到一个指定的套接字连接
Для получения более подробной информации:URL: pu****om, IP: **.133.40.**:80, SOCKET = 0x0000017c
URL: pu****om, IP: **.133.40.**:80, SOCKET = 0x00000130
URL: pu****om, IP: **.133.40.**:80, SOCKET = 0x00000174
URL: pu****om, IP: **.133.40.**:80, SOCKET = 0x00000180
URL: pu****om, IP: **.133.40.**:80, SOCKET = 0x00000178
URL: pu****om, IP: **.133.40.**:80, SOCKET = 0x000001cc
URL: pu****om, IP: **.133.40.**:80, SOCKET = 0x000001d4
URL: pu****om, IP: **.133.40.**:80, SOCKET = 0x000001d8
URL: pu****om, IP: **.133.40.**:80, SOCKET = 0x000001c4
URL: pu****om, IP: **.133.40.**:80, SOCKET = 0x000001c8
URL: pu****om, IP: **.133.40.**:80, SOCKET = 0x00000184
URL: pu****om, IP: **.133.40.**:80, SOCKET = 0x00000150
URL: pu****om, IP: **.133.40.**:80, SOCKET = 0x00000158
URL: pu****om, IP: **.133.40.**:80, SOCKET = 0x0000013c
URL: pu****om, IP: **.133.40.**:80, SOCKET = 0x000001a4
Описание поведения:发送HTTP包
Для получения более подробной информации:GET /push.js HTTP/1.1 Referer: 123456.html User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 Accept: */* Accept-Language: zh-cn Content-Type: application/x-www-form-urlencoded Host: pu****om Connection: Keep-Alive
GET /push.js HTTP/1.1 Referer: .html User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 Accept: */* Accept-Language: zh-cn Content-Type: application/x-www-form-urlencoded Host: pu****om Connection: Keep-Alive
Описание поведения:打开HTTP请求
Для получения более подробной информации:WinHttpOpenRequest: pu****om:80/push.js, hConnect = 0x01033200, hRequest = 0x010c0000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: pu****om:80/push.js, hConnect = 0x01221200, hRequest = 0x01290000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: pu****om:80/push.js, hConnect = 0x01033200, hRequest = 0x01280000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: pu****om:80/push.js, hConnect = 0x01221200, hRequest = 0x01280000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: pu****om:80/push.js, hConnect = 0x01033200, hRequest = 0x01290000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: pu****om:80/push.js, hConnect = 0x01033300, hRequest = 0x01290000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: pu****om:80/push.js, hConnect = 0x01221300, hRequest = 0x01280000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: pu****om:80/push.js, hConnect = 0x01221200, hRequest = 0x012a0000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: pu****om:80/push.js, hConnect = 0x01033300, hRequest = 0x01280000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: pu****om:80/push.js, hConnect = 0x01221300, hRequest = 0x01290000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: pu****om:80/push.js, hConnect = 0x01033200, hRequest = 0x012a0000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: pu****om:80/push.js, hConnect = 0x01221200, hRequest = 0x01260000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: pu****om:80/push.js, hConnect = 0x01221300, hRequest = 0x01260000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: pu****om:80/push.js, hConnect = 0x01033300, hRequest = 0x012a0000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: pu****om:80/push.js, hConnect = 0x01033200, hRequest = 0x01270000, Verb: GET, Referer: , Flags = 0x00000080
Описание поведения:按名称获取主机地址
Для получения более подробной информации:GetAddrInfoW: pu****om
Другое поведение
Описание поведения:创建互斥体
Для получения более подробной информации:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.IJJ
Описание поведения:创建事件对象
Для получения более подробной информации:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.IJJ.IC
EventName = MSCTF.SendReceiveConection.Event.IJJ.IC
Описание поведения:打开互斥体
Для получения более подробной информации:ShimCacheMutex
Описание поведения:查找指定窗口
Для получения более подробной информации:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Описание поведения:打开事件
Для получения более подробной информации:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceive.Event.IOH.IC
MSCTF.SendReceiveConection.Event.IOH.IC
Описание поведения:获取TickCount值
Для получения более подробной информации:TickCount = 220328, SleepMilliseconds = 1000.
TickCount = 220343, SleepMilliseconds = 1000.
TickCount = 220375, SleepMilliseconds = 1000.
TickCount = 220390, SleepMilliseconds = 1000.
TickCount = 220421, SleepMilliseconds = 1000.
TickCount = 220515, SleepMilliseconds = 1000.
TickCount = 220531, SleepMilliseconds = 1000.
TickCount = 220546, SleepMilliseconds = 1000.
TickCount = 220609, SleepMilliseconds = 1000.
TickCount = 220625, SleepMilliseconds = 1000.
TickCount = 220718, SleepMilliseconds = 1000.
TickCount = 220734, SleepMilliseconds = 1000.
TickCount = 220796, SleepMilliseconds = 1000.
TickCount = 220812, SleepMilliseconds = 1000.
TickCount = 220890, SleepMilliseconds = 1000.
Описание поведения:窗口信息
Для получения более подробной информации:Pid = 2452, Hwnd=0x1034c, Text = url:, ClassName = _EL_Label.
Pid = 2452, Hwnd=0x10346, Text = 1, ClassName = Edit.
Pid = 2452, Hwnd=0x10344, Text = 标签:[时间年][时间月][时间日][时间时][时间分][时间秒][随机数字][随机字母], ClassName = Edit.
Pid = 2452, Hwnd=0x10342, Text = 按钮, ClassName = Button.
Pid = 2452, Hwnd=0x1034a, Text = 123456123456.html:1 123456.html:2 123456.html:3 123456.html:4 123456.html:5 123456.html:6 123456.html:7 123456.html:8 123, ClassName = Edit.
Pid = 2452, Hwnd=0x10348, Text = 123456, ClassName = Edit.
Pid = 2452, Hwnd=0x1034a, Text = 123456.html:83 123456.html:84 123456.html:85 123456.html:86 123456.html:87 123456.html:88 123456.html:89 123456.html:90 1, ClassName = Edit.
Pid = 2452, Hwnd=0x1034a, Text = 123456.html:138 123456.html:140 123456.html:141 123456.html:140 123456.html:143 123456.html:143 123456.html:145 123456.htm, ClassName = Edit.
Pid = 2452, Hwnd=0x1034a, Text = 123456.html:170 123456.html:173 123456.html:174 123456.html:174 123456.html:176 123456.html:176 123456.html:177 123456.htm, ClassName = Edit.
Pid = 2452, Hwnd=0x1034a, Text = 123456.html:262 123456.html:262 123456.html:264 123456.html:264 123456.html:264 123456.html:267 123456.html:268 123456.htm, ClassName = Edit.
Pid = 2452, Hwnd=0x1034a, Text = 123456.html:120 123456.html:120 123456.html:122 123456.html:123 123456.html:123 123456.html:125 123456.html:126 123456.htm, ClassName = Edit.
Описание поведения:调用Sleep函数
Для получения более подробной информации:[1]: MilliSeconds = 1000.
[2]: MilliSeconds = 1000.
[3]: MilliSeconds = 1000.
[4]: MilliSeconds = 1000.
[5]: MilliSeconds = 1000.
[6]: MilliSeconds = 1000.
[7]: MilliSeconds = 1000.
Описание поведения:直接获取CPU时钟
Для получения более подробной информации:EAX = 0x86cd4bdb, EDX = 0x000000b6
EAX = 0x86cd4c27, EDX = 0x000000b6
EAX = 0x86cd4c73, EDX = 0x000000b6
EAX = 0x86cd4cbf, EDX = 0x000000b6
EAX = 0x86cd4d0b, EDX = 0x000000b6
EAX = 0x86cd4d57, EDX = 0x000000b6
EAX = 0xb634ef5e, EDX = 0x000000b6
EAX = 0xb634efaa, EDX = 0x000000b6
EAX = 0xb634eff6, EDX = 0x000000b6
EAX = 0xb634f042, EDX = 0x000000b6
Запустить снимок экрана
VirSCAN

Информация о VirSCAN | Privacy policy | Обратная связь | Дружественная ссылка | Содействие VirSCAN
Translated by Vit Rusych, Ukraine
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号