VirSCAN VirSCAN

1, คุณสามารถอัพโหลดไฟล์ไดๆก็ได้ที่มีขนาดไม่ใหญ่กว่า 20 เมกกะไบต์
2, VirSCAN สามารถสแกนไฟล์ที่ถูกบีบอัดในรูปแบบของ ZIP และ RAR โดยจะต้องมีไฟล์ในนั้นไม่สูงกว่า 20 ไฟล์
3, VirSCAN สามารถสแกนไฟล์บีบอัดที่มีรหัสผ่านด้วยคำว่า 'infected' และ 'virus' ได้

ภาษา
การทำงานของเซิฟเวอร์
Server Load

文件信息
安全评分 :77
基本信息
MD5:842f58aa673cbe2ff4fdb97c0a4686e8
文件类型:Microsoft Office Word(doc)文档
出品公司:
版本:
壳或编译器信息:
文件行为
行为描述:创建文件
详情信息:C:\Users\Administrator\AppData\Local\Temp\~DF95C99344A43471F1.TMP
C:\Users\Administrator\AppData\Roaming\Microsoft\Templates\~$Normal.dot
C:\Users\Administrator\AppData\Local\Temp\~DFA8AED1DD5F2F605D.TMP
C:\Users\Administrator\AppData\Local\%temp%\****.doc
C:\Users\Administrator\AppData\Roaming\Microsoft\Office\%temp%\****.LNK
C:\Users\Administrator\AppData\Roaming\Microsoft\Office\%temp%.LNK
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\65227994.emf
C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
行为描述:删除文件
详情信息:C:\Users\Administrator\AppData\Local\Temp\~DF95C99344A43471F1.TMP
C:\Users\Administrator\AppData\Local\Temp\~DFA8AED1DD5F2F605D.TMP
行为描述:修改文件内容
详情信息:C:\Users\Administrator\AppData\Roaming\Microsoft\Templates\~$Normal.dot ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Microsoft\Templates\~$Normal.dot ---> Offset = 54
C:\Users\Administrator\AppData\Local\%temp%\****.doc ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\****.doc ---> Offset = 54
C:\Users\Administrator\AppData\Roaming\Microsoft\Office\%temp%\****.LNK ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\index.dat ---> Offset = 80
C:\Users\Administrator\AppData\Roaming\Microsoft\Office\%temp%.LNK ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\index.dat ---> Offset = 40
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\65227994.emf ---> Offset = 0
行为描述:查找文件
详情信息:FileName = C:\Program Files\Common Files\Microsoft Shared\office11
FileName = C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll
FileName = C:\Program Files\Common Files\Microsoft Shared\office11\*.*
FileName = C:\Program Files
FileName = C:\Program Files\Microsoft Office
FileName = C:\Program Files\Microsoft Office\OFFICE11\Normal.dot
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\Templates\Normal.dot
FileName = C:\Users\Administrator\AppData\Local\%temp%\****.doc
FileName = C:\Users\Administrator
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\Word\STARTUP\*.*
FileName = C:\Program Files\Microsoft Office\OFFICE11\STARTUP\*.*
FileName = C:\Program Files\Microsoft Office\OFFICE11\mssp3??.dll
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\Proof\mssp3??.dll
FileName = C:\Program Files\Common Files\Microsoft Shared\PROOF\mssp3??.dll
FileName = C:\Program Files\Microsoft Office\OFFICE11\mssp??32.dll
行为描述:复制文件
详情信息:C:\PROGRA~2\MICROS~1\OFFICE\DATA\OPA11.BAK ---> C:\PROGRA~2\MICROS~1\OFFICE\DATA\opa11.dat
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\!#
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\MTTT
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\I$
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4080110900063D11C8EF10054038389C\Usage\WORDFiles
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4080110900063D11C8EF10054038389C\Usage\ProductFiles
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\M&
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Common\ReviewCycle\ReviewToken
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\DocumentRecovery\BA6CA\BA6CA
\REGISTRY\USER\S-*\Software\Microsoft\GDIPlus\FontCachePath
\REGISTRY\USER\S-*\Software\Microsoft\Office\Common\Assistant\CurrAsstState
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4080110900063D11C8EF10054038389C\Usage\SpellingAndGrammarFiles_1033
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4080110900063D11C8EF10054038389C\Usage\SpellingAndGrammarFiles_2052
\REGISTRY\USER\S-*\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.0\1033\Options Version
\REGISTRY\USER\S-*\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.0\1033\Option Set 0\Name
\REGISTRY\USER\S-*\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.0\1033\Option Set 0\Data
行为描述:删除注册表键值
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\I$
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\M&
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\!#
行为描述:删除注册表键
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\
其他行为
行为描述:检测自身是否被调试
详情信息:IsDebuggerPresent
行为描述:创建互斥体
详情信息:Local\Mutex_MSOSharedMem
Local\Mso97SharedDg19211105606Mutex
Local\Mso97SharedDg20321105606Mutex
Global\MTX_MSO_Formal1_S-*
Global\MTX_MSO_AdHoc1_S-*
Local\Mso97SharedDg19521105606Mutex
Skd5yLHImeSCMutextCfgPersist_H_S-*
Local\Mso97SharedDg19531105606Mutex
Local\Mso97SharedDg19541105606Mutex
OfficeAssistantStateMutex
KYIMEShareCachedData.MutexObject.Administrator
KYTransactionServer.MutexObject.Administrator
Local\SqmSysTray
行为描述:创建事件对象
详情信息:EventName = PrimaryWord11Mutex
EventName = OleDfRoot8F9DBDD23C2EBC94
EventName = OleDfRootB1D9268F9BD0FADD
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [MSOBALLOON,]
NtUserFindWindowEx: [Class,Window] = [MsoHelp10,]
NtUserFindWindowEx: [Class,Window] = [AgentAnim,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
行为描述:窗口信息
详情信息:Pid = 1068, Hwnd=0x1b01dc, Text = MsoDockTop, ClassName = MsoCommandBarDock.
Pid = 1068, Hwnd=0x21016c, Text = 格式, ClassName = MsoCommandBar.
Pid = 1068, Hwnd=0x17016a, Text = 常用, ClassName = MsoCommandBar.
Pid = 1068, Hwnd=0x8033a, Text = 菜单栏, ClassName = MsoCommandBar.
Pid = 1068, Hwnd=0x1a0116, Text = b70c, ClassName = _WwB.
Pid = 1068, Hwnd=0x160302, Text = MSO Generic Control Container, ClassName = MsoCommandBar.
Pid = 1068, Hwnd=0x190114, Text = MSO Generic Control Container, ClassName = MsoCommandBar.
Pid = 1068, Hwnd=0x280184, Text = Microsoft Word 文档, ClassName = _WwG.
Pid = 1068, Hwnd=0x150144, Text = b70c - Microsoft Word, ClassName = OpusApp.
行为描述:打开事件
详情信息:Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
\KernelObjects\MaximumCommitCondition
MSFT.VSA.COM.DISABLE.1068
MSFT.VSA.IEC.STATUS.6c736db0
Global\TermSrvReadyEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
行为描述:打开互斥体
详情信息:Local\Mutex_MSOSharedMem
Local\Mso97SharedDg19211105606Mutex
Local\Mso97SharedDg20321105606Mutex
Local\MU_ACBPIDS08
Local\MSCTF.Asm.MutexDefault1
Global\MTX_MSO_Formal1_S-*
Global\MTX_MSO_AdHoc1_S-*
Local\Mso97SharedDg19521105606Mutex
Local\Mso97SharedDg19531105606Mutex
Local\Mso97SharedDg19541105606Mutex
OfficeAssistantStateMutex
Local\SqmSysTray
运行截图
VirSCAN

เกี่ยวกับ VirSCAN | ข้อตกลงด้านความเป็นส่วนตัว | ติดต่อเรา | 友情链接 | ช่วยเหลือ VirSCAN
แปลโดย Maethasit Hongmanee, Thailand
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号