VirSCAN VirSCAN

1, Ви можете надсилати файли для перевірки розміром не більше 20 мб.
2, VirSCAN перевіряє Rar/Zip файли, але не більше 20-ти файлів.
3, VirSCAN може перевіряти заархівовані файли з наступними паролями 'infected' або 'virus'.

Мова
Завантаження сервера
Server Load

Інформація про файл
Рейтинг безпеки:76
Список поведінки
Звіт про аналіз поведінки:         Звіт про аналіз поведінки на файлі Threatbook
Основна інформація
MD5:3a32b39f670b0ea1a4e3dd3ddcc13736
Тип файлу:EXE
Виробнича компанія:not by Acronis
Версія:22.3.1.9202---1, 0, 0, 0
Інформація оболонки або компілятора:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Інформація про субфайл:ti_managers.diff / aa06cb417ae4f4b315a9ee521ffd26e4 / Unknown
libcrypto10.dll / 9e054045d57e993693454356f89560f2 / DLL
libcrypto10.dll / ebc12b096fa47195f6b477ddda0c7761 / DLL
libcrypto10.dll / 060ed28d979061b88a43f1abf539fbb4 / DLL
libcrypto10.dll / e3708190587a12a2a71b724c0da0a7d3 / DLL
libcrypto10.dll / 24f0e8981ec3088f570af6394feb5b18 / DLL
Ключова поведінка
Опис поведінки:获取TickCount值
Подробиці:TickCount = 233488, SleepMilliseconds = 20.
TickCount = 233504, SleepMilliseconds = 20.
TickCount = 233535, SleepMilliseconds = 20.
TickCount = 233551, SleepMilliseconds = 20.
TickCount = 233613, SleepMilliseconds = 20.
TickCount = 233645, SleepMilliseconds = 20.
TickCount = 233707, SleepMilliseconds = 20.
TickCount = 233754, SleepMilliseconds = 20.
TickCount = 233910, SleepMilliseconds = 20.
TickCount = 233941, SleepMilliseconds = 20.
TickCount = 233988, SleepMilliseconds = 20.
TickCount = 234004, SleepMilliseconds = 20.
TickCount = 244270, SleepMilliseconds = 20.
TickCount = 244285, SleepMilliseconds = 20.
TickCount = 244410, SleepMilliseconds = 20.
Процес поведінки
Опис поведінки:创建进程
Подробиці:[0x00000854]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c ""C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Activation.cmd" "
[0x00000a54]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = C:\WINDOWS\system32\cmd.exe /c REG QUERY "HKLM\SYSTEM\CurrentControlSet\Control\Nls\Language" /v InstallLanguage
[0x00000b48]ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = REG QUERY "HKLM\SYSTEM\CurrentControlSet\Control\Nls\Language" /v InstallLanguage
[0x00000908]ImagePath = C:\WINDOWS\system32\mode.com, CmdLine = mode con:cols=86 lines=36
[0x000008f0]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = C:\WINDOWS\system32\cmd.exe /c REG QUERY "HKLM\SOFTWARE\Acronis\TrueImageHome\Settings" /v LicenseActivatorExePath 2>NUL
[0x000008bc]ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = REG QUERY "HKLM\SOFTWARE\Acronis\TrueImageHome\Settings" /v LicenseActivatorExePath
[0x00000ab0]ImagePath = C:\WINDOWS\system32\xcopy.exe, CmdLine = xcopy /y TrueImageReadme "C:\Documents and Settings\Administrator\Desktop\TrueImageReadme"
Опис поведінки:创建本地线程
Подробиці:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3976, ThreadID = 4036, StartAddress = 00401363, Parameter = 00B16520
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3976, ThreadID = 4064, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3976, ThreadID = 1924, StartAddress = 77C0A341, Parameter = 00B12EE8
Поведінка файлів
Опис поведінки:创建文件
Подробиці:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.5033\PropertyStorage
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.5534\PropertyStorage
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.5554\PropertyStorage
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.5555\PropertyStorage
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.8029\PropertyStorage
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.8041\PropertyStorage
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.8053\PropertyStorage
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.8058\PropertyStorage
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\21.0.0.6106\PropertyStorage
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\21.0.0.6116\PropertyStorage
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\21.0.0.6206\PropertyStorage
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\21.0.0.6209\PropertyStorage
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Activation.cmd
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Activation_de.cmd
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Activation_en.cmd
Опис поведінки:创建可执行文件
Подробиці:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\filever.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\taskkill_xp.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\xdelta3.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\16.0.0.5551\libcrypto10.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\15.0.0.6131\libcrypto10.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\15.0.0.7133\libcrypto10.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\16.0.0.5587\libcrypto10.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\16.0.0.6514\libcrypto10.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\16.0.0.6528\libcrypto10.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\17.0.0.5560\libcrypto10.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\17.0.0.6614\libcrypto10.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\17.0.0.6673\libcrypto10.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\17.0.0.6688\libcrypto10.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\18.0.0.5539\libcrypto10.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\18.0.0.6055\libcrypto10.dll
Опис поведінки:修改文件内容
Подробиці:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.5033\PropertyStorage ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.5534\PropertyStorage ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.5554\PropertyStorage ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.5555\PropertyStorage ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.8029\PropertyStorage ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.8041\PropertyStorage ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.8053\PropertyStorage ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\20.0.0.8058\PropertyStorage ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\21.0.0.6106\PropertyStorage ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\21.0.0.6116\PropertyStorage ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\21.0.0.6206\PropertyStorage ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\21.0.0.6209\PropertyStorage ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Activation.cmd ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Activation_de.cmd ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Activation_en.cmd ---> Offset = 0
Опис поведінки:查找文件
Подробиці:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Activation.cmd
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Activation.cmd
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\cmd.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\REG.*
Реєстр поведінки
Опис поведінки:修改注册表
Подробиці:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Activation.cmd
Інша поведінка
Опис поведінки:创建互斥体
Подробиці:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Опис поведінки:创建事件对象
Подробиці:EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
Опис поведінки:查找指定窗口
Подробиці:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Опис поведінки:打开事件
Подробиці:HookSwitchHookEnabledEvent
Global\crypt32LogoffEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
_fCanRegisterWithShellService
Опис поведінки:获取TickCount值
Подробиці:TickCount = 233488, SleepMilliseconds = 20.
TickCount = 233504, SleepMilliseconds = 20.
TickCount = 233535, SleepMilliseconds = 20.
TickCount = 233551, SleepMilliseconds = 20.
TickCount = 233613, SleepMilliseconds = 20.
TickCount = 233645, SleepMilliseconds = 20.
TickCount = 233707, SleepMilliseconds = 20.
TickCount = 233754, SleepMilliseconds = 20.
TickCount = 233910, SleepMilliseconds = 20.
TickCount = 233941, SleepMilliseconds = 20.
TickCount = 233988, SleepMilliseconds = 20.
TickCount = 234004, SleepMilliseconds = 20.
TickCount = 244270, SleepMilliseconds = 20.
TickCount = 244285, SleepMilliseconds = 20.
TickCount = 244410, SleepMilliseconds = 20.
Опис поведінки:调整进程token权限
Подробиці:SE_LOAD_DRIVER_PRIVILEGE
Опис поведінки:窗口信息
Подробиці:Pid = 3976, Hwnd=0x10350, Text = Cancel, ClassName = Button.
Pid = 3976, Hwnd=0x40340, Text = 15% Extracting, ClassName = #32770.
Pid = 3976, Hwnd=0x1034a, Text = 123456, ClassName = Edit.
Pid = 3976, Hwnd=0x40340, Text = 46% Extracting, ClassName = #32770.
Pid = 3976, Hwnd=0x40340, Text = 82% Extracting, ClassName = #32770.
Опис поведінки:可执行文件签名信息
Подробиці:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\filever.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\taskkill_xp.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\xdelta3.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\16.0.0.5551\libcrypto10.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\15.0.0.6131\libcrypto10.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\15.0.0.7133\libcrypto10.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\16.0.0.5587\libcrypto10.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\16.0.0.6514\libcrypto10.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\16.0.0.6528\libcrypto10.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\17.0.0.5560\libcrypto10.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\17.0.0.6614\libcrypto10.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\17.0.0.6673\libcrypto10.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\17.0.0.6688\libcrypto10.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\18.0.0.5539\libcrypto10.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\18.0.0.6055\libcrypto10.dll(签名验证: 未通过)
Опис поведінки:调用Sleep函数
Подробиці:[1]: MilliSeconds = 20.
Опис поведінки:隐藏指定窗口
Подробиці:[Window,Class] = [,Static]
[Window,Class] = [,Button]
Опис поведінки:可执行文件MD5
Подробиці:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\filever.exe ---> 0e6c873a80940c9729bc8017ad67b2de
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\taskkill_xp.exe ---> 3add0c055c3794a384bdd5519ef913b5
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\xdelta3.exe ---> 70707830234212e86fb311f49be53459
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\16.0.0.5551\libcrypto10.dll ---> d623a36247044648977c8688bc3eb53e
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\15.0.0.6131\libcrypto10.dll ---> bea4e4ceae1ddb7697ed52b2c0e73986
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\15.0.0.7133\libcrypto10.dll ---> fbef3abed9b52ded52841b462bd06abc
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\16.0.0.5587\libcrypto10.dll ---> db82de21bc28bb8ff773c44654be90fd
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\16.0.0.6514\libcrypto10.dll ---> abd379efc199031ca55c57e0a588e612
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\16.0.0.6528\libcrypto10.dll ---> 7581f166afd9f025dd7c2e82dc4884ed
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\17.0.0.5560\libcrypto10.dll ---> 8881dcf53c311065052dc81a4a271d72
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\17.0.0.6614\libcrypto10.dll ---> 56b360ed11f95edc07b73229a63ccaf3
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\17.0.0.6673\libcrypto10.dll ---> d51b906dfc4a9fafa473422e9dae88e6
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\17.0.0.6688\libcrypto10.dll ---> 73fb3ca2bf6c7ef1c541476d2ff9fdc6
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\18.0.0.5539\libcrypto10.dll ---> 060ed28d979061b88a43f1abf539fbb4
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\18.0.0.6055\libcrypto10.dll ---> e3708190587a12a2a71b724c0da0a7d3
Опис поведінки:打开互斥体
Подробиці:ShimCacheMutex
Local\!IETld!Mutex
Запустити знімок екрана
VirSCAN

Інформація про VirSCAN | Privacy policy | Зворотній зв'язок | Дружня посилання | Співпраця з VirSCAN
Translated by Vit Rusych, Ukraine
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号