VirSCAN VirSCAN

1, คุณสามารถอัพโหลดไฟล์ไดๆก็ได้ที่มีขนาดไม่ใหญ่กว่า 20 เมกกะไบต์
2, VirSCAN สามารถสแกนไฟล์ที่ถูกบีบอัดในรูปแบบของ ZIP และ RAR โดยจะต้องมีไฟล์ในนั้นไม่สูงกว่า 20 ไฟล์
3, VirSCAN สามารถสแกนไฟล์บีบอัดที่มีรหัสผ่านด้วยคำว่า 'infected' และ 'virus' ได้

ภาษา
การทำงานของเซิฟเวอร์
Server Load
文件信息
安全评分 :75
基本信息
MD5:393c5705bc30de3cc5981066a69a8f19
文件类型:zip
出品公司:
版本:
壳或编译器信息:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 (Delphi) stub -> Markus & Laszlo [Overlay]
子文件信息:deadlink.exe / 8159e03564ee5137572ae5cec1d5f899 / EXE
deadlink.chm / ed880795a1b8b95496f96f151a874ebd / Chm
checkend.wav / 5c88dd607cce746f2eb886a262e6968a / Unknown
Chinese_GB.lng / f343d584c2cbd052b6145e4580f397f7 / Unknown
english.lng / 5e3f86b9c57c7ab71403affab16e342b / Unknown
chinese_big5.lng / 2d881ec49b9fb6748583336e69c3a88a / Unknown
taiwan.lng / 2f63c0203e43390afd5ea39f9e2dc21a / Unknown
东坡下载说明.txt / d9763b6c4c842bbf2a56b2300ee88b0d / Unknown
deadlink.ini / d5ffcce9f4e6013d73d001baeebd5780 / Unknown
deadlink.ext / 29f1550b0a7e29dfc5d915d7b186103f / Unknown
Internet Explorer.dat / 4ef6cf97d205e5f66d546f0da4ddac7a / Unknown
东坡软件下载基地.url / 122e953f3a92541c27cc62db2d9bb0f7 / Unknown
dlcommon.ini / 15b84c0629e44180251b18c81c5c81ea / Unknown
deadlink_grdumpFile / d41d8cd98f00b204e9800998ecf8427e / Unknown
关键行为
行为描述:获取窗口截图信息
详情信息:Foreground window Info: HWND = 0x0001035e, DC = 0x0a010375.
Foreground window Info: HWND = 0x0001035e, DC = 0x0c0101e7.
行为描述:获取TickCount值
详情信息:TickCount = 244656, SleepMilliseconds = 250.
进程行为
行为描述:创建本地线程
详情信息:TargetProcess: deadlink.exe, InheritedFromPID = 2000, ProcessID = 2832, ThreadID = 2844, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: deadlink.exe, InheritedFromPID = 2000, ProcessID = 2832, ThreadID = 2848, StartAddress = 00459158, Parameter = 00000000
行为描述:枚举进程
详情信息:N/A
文件行为
行为描述:覆盖已有文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\deadlink_gr\data\Internet Explorer.dat
行为描述:修改文件内容
详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\deadlink_gr\data\Internet Explorer.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\deadlink_gr\data\Internet Explorer.dat ---> Offset = 128
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\deadlink_gr\data\Internet Explorer.dat ---> Offset = 256
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\deadlink_gr\data\Internet Explorer.dat ---> Offset = 384
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\deadlink_gr\data\Internet Explorer.dat ---> Offset = 512
行为描述:查找文件
详情信息:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\deadlink.madExcept\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\deadlink_gr\deadlink.zh-CN
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\deadlink_gr\deadlink.zh-Hans
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\deadlink_gr\deadlink.zh
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\deadlink_gr\deadlink.CHS
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\deadlink_gr\deadlink.CH
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\deadlink_gr\deadlink.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Favorites
FileName = C:\Documents and Settings\Administrator\Favorites\*.*
FileName = C:\Documents and Settings\Administrator\Favorites\Microsoft Websites\*.*
FileName = C:\Documents and Settings\Administrator\Favorites\Microsoft 网站\*.*
FileName = C:\Documents and Settings\Administrator\Favorites\MSN 网站\*.*
FileName = C:\Documents and Settings\Administrator\Favorites\Windows Live\*.*
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\deadlink.exe
行为描述:删除注册表键值
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\deadlink.exe
其他行为
行为描述:创建互斥体
详情信息:oleacc-msaa-loaded
madExceptSettingsMtx$b10
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
AM-DeadLink
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.EBL
行为描述:创建事件对象
详情信息:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.EBL.IC
EventName = MSCTF.SendReceiveConection.Event.EBL.IC
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
_fCanRegisterWithShellService
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述:窗口信息
详情信息:Pid = 2832, Hwnd=0x1036e, Text = MainMenu1, ClassName = TSpTBXToolbar.
Pid = 2832, Hwnd=0x1035e, Text = TBToolbar1, ClassName = TSpTBXToolbar.
Pid = 2832, Hwnd=0x10360, Text = Internet Explorer, ClassName = TComboBox.
Pid = 2832, Hwnd=0x1034a, Text = AM-DeadLink 4.6 / Portable , ClassName = TfrmMain.
Pid = 2832, Hwnd=0x1036a, Text = 书签: 21, ClassName = TStatusBar.
行为描述:获取TickCount值
详情信息:TickCount = 244656, SleepMilliseconds = 250.
行为描述:调整进程token权限
详情信息:SE_LOAD_DRIVER_PRIVILEGE
行为描述:枚举窗口
详情信息:N/A
行为描述:获取窗口截图信息
详情信息:Foreground window Info: HWND = 0x0001035e, DC = 0x0a010375.
Foreground window Info: HWND = 0x0001035e, DC = 0x0c0101e7.
行为描述:调用Sleep函数
详情信息:[1]: MilliSeconds = 250.
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,ComboLBox]
[Window,Class] = [AM-DeadLink 4.6 / Portable [C:\Documents and Settings\Administrator\Favorites],TfrmMain]
行为描述:打开互斥体
详情信息:ShimCacheMutex
运行截图
VirSCAN

เกี่ยวกับ VirSCAN | ข้อตกลงด้านความเป็นส่วนตัว | ติดต่อเรา | 友情链接 | ช่วยเหลือ VirSCAN
แปลโดย Maethasit Hongmanee, Thailand
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号