VirSCAN VirSCAN

1, 你可以上传任何文件,但是文件的尺寸不能超过20兆。
2, 我们支持RAR或ZIP格式的自动解压缩,但压缩文件中不能包含超过20个文件。
3, 我们可以识别并检测密码为 'infected' 或 'virus' 的压缩文件包。

选择语言
服务器负载
Server Load

文件信息
安全评分 :73
基本信息
MD5:06a33b64589e6003d1c46da15a9ba0ee
文件类型:Rar
出品公司:
版本:
壳或编译器信息:COMPILER:Microsoft Visual C++ 6.0
子文件信息:upx30_6308d5c0dumpFile / 914c3da9cb05921ee9cfff29965db7a1 / EXE
Pal5qAssist.v2.6.2.exe / 866dd422918985e721cf93577340397b / EXE
rlpack_12x_full_aplib_7b622610dumpFile / ca0cdce3dead2db9a7a82b7c5c04370b / DLL
pal5qspeechs.dat / 9cf8c8f308d761a631e4a1285fd5738f / Unknown
xiaoxing.dat / 1dd2a4a0f4d21eb65db5895fca2ca489 / DLL
pal5q.ini / a072f685bc6c042bae014ea7e055a733 / Unknown
说明.txt / 8ea7227bfe94a313b9f0b62e616cab3f / Unknown
2013年全部热门单机游戏及汉化下载.url / 0790caea55126acd9baa3a528a452a15 / Unknown
3DMGAME 中国第一单机游戏门户 全球最大汉化游戏论坛.url / 49cbfed4fa9b3fafdc9d499b6163fa62 / Unknown
关键行为
行为描述:获取窗口截图信息
详情信息:Foreground window Info: HWND = 0x01010056, DC = 0x01010056.
Foreground window Info: HWND = 0x24010301, DC = 0x24010301.
Foreground window Info: HWND = 0x120105d5, DC = 0x120105d5.
Foreground window Info: HWND = 0x770103f8, DC = 0x770103f8.
进程行为
行为描述:创建本地线程
详情信息:N/A
行为描述:进程退出
详情信息:N/A
行为描述:枚举进程
详情信息:N/A
文件行为
行为描述:修改文件内容
详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1450091796.581938.exe_7zdump\pal5q.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1450091796.585467.exe_7zdump\pal5q.ini---> Offset = 770
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1450091796.589015.exe_7zdump\pal5q.ini---> Offset = 783
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1450091796.592549.exe_7zdump\pal5q.ini---> Offset = 755
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1450091796.596100.exe_7zdump\pal5q.ini---> Offset = 670
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1450091796.599651.exe_7zdump\pal5q.ini---> Offset = 681
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1450091796.603184.exe_7zdump\pal5q.ini---> Offset = 695
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1450091796.606732.exe_7zdump\pal5q.ini---> Offset = 741
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1450091796.610259.exe_7zdump\pal5q.ini---> Offset = 795
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1450091796.613807.exe_7zdump\pal5q.ini---> Offset = 819
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1450091796.617341.exe_7zdump\pal5q.ini---> Offset = 729
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1450091796.620892.exe_7zdump\pal5q.ini---> Offset = 709
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x16(565 0)
其他行为
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EDC
行为描述:创建事件对象
详情信息:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.EDC.IC
EventName = MSCTF.SendReceiveConection.Event.EDC.IC
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述:窗口信息
详情信息:Pid = 1840, Hwnd=0x102f2, Text = 使用帮助, ClassName = Button.
Pid = 1840, Hwnd=0x102f0, Text = 前台剧情, ClassName = Button.
Pid = 1840, Hwnd=0x102ec, Text = 自动战斗, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 1840, Hwnd=0x102e8, Text = =, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 1840, Hwnd=0x102e6, Text = 开, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 1840, Hwnd=0x102e2, Text = 配音补完, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 1840, Hwnd=0x102de, Text = 5 = 步速, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 1840, Hwnd=0x202d2, Text = 画面辅助, ClassName = Button.
Pid = 1840, Hwnd=0x302b6, Text = 特别感谢, ClassName = Button.
Pid = 1840, Hwnd=0x702c0, Text = 地图全开, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 1840, Hwnd=0x402be, Text = 无限连携, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 1840, Hwnd=0x202aa, Text = 关闭自动, ClassName = Button.
Pid = 1840, Hwnd=0x202ae, Text = 飞行瞬移, ClassName = Button.
Pid = 1840, Hwnd=0x202b0, Text = 检查更新3DM第一游戏论坛, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 1840, Hwnd=0x202c6, Text = 作者:@小幸姐, ClassName = Afx:400000:b:10011:1900015:0.
行为描述:获取窗口截图信息
详情信息:Foreground window Info: HWND = 0x01010056, DC = 0x01010056.
Foreground window Info: HWND = 0x24010301, DC = 0x24010301.
Foreground window Info: HWND = 0x120105d5, DC = 0x120105d5.
Foreground window Info: HWND = 0x770103f8, DC = 0x770103f8.
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,Afx:400000:b:10011:1900015:0]
[Window,Class] = [,Afx:400000:8:10011:1900015:0]
[Window,Class] = [,Button]
[Window,Class] = [开,Afx:400000:b:10011:1900015:0]
[Window,Class] = [=,Afx:400000:b:10011:1900015:0]
运行截图
VirSCAN

关于VirSCAN | 免责声明 | 联系我们 | 友情链接 | 帮助我们
计算机网络与信息安全技术研究中心
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号