VirSCAN VirSCAN

1, Herhangi bir dosyayı YÜKLEYEBİLİRSİNİZ, ancak dosya başına 20 MB sınır vardır.
2, VirSCAN, içeriğinde en fazla 20 dosya olmak kaydıyla Rar/Zip sıkıştırmasını destekler.
3, VirSCAN 'infected' ya da 'virus' kelimesiyle şifrelenip sıkıştırılmış dosyaları tarayabilir.

Dil
Sunucu Yükü
Server Load

文件信息
安全评分 :87
基本信息
MD5:0a73125befd8594874d857d3e678dc8a
文件类型:EXE
出品公司:
版本:5.9.0.390---5.9.0.390
壳或编译器信息:COMPILER:Borland C++ 1999
关键行为
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x00140306, Text = JoyToKey Ver5.9 (Not Registered) : Profile 1, ClassName = TMainForm.
hWnd = 0x00060380, Text = JoyToKey, ClassName = TApplication.
行为描述:设置消息钩子
详情信息:C:\WINDOWS\system32\DINPUT8.DLL
进程行为
行为描述:创建本地线程
详情信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 824, ThreadID = 2040, StartAddress = 76B2AEAF, Parameter = 00000000
文件行为
行为描述:创建文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\JoyToKey.log
行为描述:修改文件内容
详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\JoyToKey.log ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\JoyToKey.log ---> Offset = 57
C:\Documents and Settings\Administrator\Local Settings\%temp%\JoyToKey.log ---> Offset = 173
C:\Documents and Settings\Administrator\Local Settings\%temp%\JoyToKey.log ---> Offset = 283
C:\Documents and Settings\Administrator\Local Settings\%temp%\JoyToKey.log ---> Offset = 403
行为描述:查找文件
详情信息:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.zh-CN
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.zh-Hans
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.zh
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.CHS
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.CH
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\*.cfg
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\MediaProperties\PrivateProperties\DirectInput\VID_80EE&PID_0021\Calibration\0\GUID
\REGISTRY\USER\S-*\Software\Microsoft\DirectInput\%temp%\****.EXE58AEF137001E0000\Name
\REGISTRY\USER\S-*\Software\Microsoft\DirectInput\%temp%\****.EXE58AEF137001E0000\UsesMapper
\REGISTRY\USER\S-*\Software\Microsoft\DirectInput\MostRecentApplication\Name
\REGISTRY\USER\S-*\Software\Microsoft\DirectInput\MostRecentApplication\Id
\REGISTRY\USER\S-*\Software\Microsoft\DirectInput\MostRecentApplication\Version
\REGISTRY\USER\S-*\Software\Microsoft\DirectInput\MostRecentApplication\MostRecentStart
其他行为
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Mutex_JoyToKey
DirectInput.{89521361-AA8A-11CF-BFC7-444553540000}
DirectInput.{5944E682-C92E-11CF-BFC7-444553540000}
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.AKH
行为描述:创建事件对象
详情信息:EventName = DINPUTWINMM
EventName = Global\crypt32LogoffEvent
EventName = MSCTF.SendReceive.Event.AKH.IC
EventName = MSCTF.SendReceiveConection.Event.AKH.IC
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
Global\crypt32LogoffEvent
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000054
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000054
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述:窗口信息
详情信息:Pid = 824, Hwnd=0xa03c4, Text = OK, ClassName = TButton.
Pid = 824, Hwnd=0x903a2, Text = Thank you for downloading JoyToKey, ClassName = TGreetingDialog.
Pid = 824, Hwnd=0x13035e, Text = Copy, ClassName = TButton.
Pid = 824, Hwnd=0x503de, Text = Delete, ClassName = TButton.
Pid = 824, Hwnd=0x703bc, Text = Rename, ClassName = TButton.
Pid = 824, Hwnd=0x1c037a, Text = Create, ClassName = TButton.
Pid = 824, Hwnd=0xf03c8, Text = Joysticks, ClassName = TTabSheet.
Pid = 824, Hwnd=0x8036e, Text = Edit button assignment, ClassName = TButton.
Pid = 824, Hwnd=0xb037c, Text = Bulk assignment wizard, ClassName = TButton.
Pid = 824, Hwnd=0x140306, Text = JoyToKey Ver5.9 (Not Registered) : Profile 1, ClassName = TMainForm.
行为描述:调整进程token权限
详情信息:SE_LOAD_DRIVER_PRIVILEGE
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x00140306, Text = JoyToKey Ver5.9 (Not Registered) : Profile 1, ClassName = TMainForm.
hWnd = 0x00060380, Text = JoyToKey, ClassName = TApplication.
行为描述:枚举窗口
详情信息:N/A
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,ComboLBox]
行为描述:打开互斥体
详情信息:ShimCacheMutex
Mutex_JoyToKey
运行截图
VirSCAN

VirSCAN Hakkında | Gizlilik Sözleşmesi | İletişim | 友情链接 | VirSCAN'e Yardım Edin
Çeviren: Saner Apaydın, Turkey
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号