VirSCAN VirSCAN

1, 你可以上传任何文件,但是文件的尺寸不能超过20兆。
2, 我们支持RAR或ZIP格式的自动解压缩,但压缩文件中不能包含超过20个文件。
3, 我们可以识别并检测密码为 'infected' 或 'virus' 的压缩文件包。

选择语言
服务器负载
Server Load
文件信息
安全评分 :79
基本信息
MD5:46bc868944f0eadba4e8e35ac90dd2f6
文件类型:Rar5
出品公司:
版本:
壳或编译器信息:COMPILER:Microsoft Visual C++
子文件信息:12 сентября.scr / 53315b1c44ca8fbfefebb0c92ae45c2f / EXE
关键行为
行为描述:获取TickCount值
详情信息:TickCount = 216415, SleepMilliseconds = 40.
TickCount = 216602, SleepMilliseconds = 40.
TickCount = 216618, SleepMilliseconds = 40.
TickCount = 216633, SleepMilliseconds = 40.
TickCount = 216665, SleepMilliseconds = 40.
TickCount = 216696, SleepMilliseconds = 40.
TickCount = 216711, SleepMilliseconds = 40.
TickCount = 216743, SleepMilliseconds = 40.
TickCount = 216774, SleepMilliseconds = 40.
TickCount = 216805, SleepMilliseconds = 40.
TickCount = 216883, SleepMilliseconds = 40.
TickCount = 216899, SleepMilliseconds = 40.
TickCount = 224977, SleepMilliseconds = 40.
TickCount = 224993, SleepMilliseconds = 40.
进程行为
行为描述:枚举进程
详情信息:N/A
文件行为
行为描述:查找文件
详情信息:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump
其他行为
行为描述:创建互斥体
详情信息:__PDH_PLA_MUTEX__
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
行为描述:创建事件对象
详情信息:EventName = DINPUTWINMM
EventName = Global\crypt32LogoffEvent
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [,216296/2608]
NtUserFindWindowEx: [Class,Window] = [,?]
行为描述:获取TickCount值
详情信息:TickCount = 216415, SleepMilliseconds = 40.
TickCount = 216602, SleepMilliseconds = 40.
TickCount = 216618, SleepMilliseconds = 40.
TickCount = 216633, SleepMilliseconds = 40.
TickCount = 216665, SleepMilliseconds = 40.
TickCount = 216696, SleepMilliseconds = 40.
TickCount = 216711, SleepMilliseconds = 40.
TickCount = 216743, SleepMilliseconds = 40.
TickCount = 216774, SleepMilliseconds = 40.
TickCount = 216805, SleepMilliseconds = 40.
TickCount = 216883, SleepMilliseconds = 40.
TickCount = 216899, SleepMilliseconds = 40.
TickCount = 224977, SleepMilliseconds = 40.
TickCount = 224993, SleepMilliseconds = 40.
行为描述:调整进程token权限
详情信息:SE_LOAD_DRIVER_PRIVILEGE
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
Global\crypt32LogoffEvent
_fCanRegisterWithShellService
Global\SvcctrlStartEvent_A3752DX
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
行为描述:调用Sleep函数
详情信息:[1]: MilliSeconds = 40.
行为描述:打开互斥体
详情信息:ShimCacheMutex
运行截图
VirSCAN

关于VirSCAN | 免责声明 | 联系我们 | 友情链接 | 帮助我们
计算机网络与信息安全技术研究中心
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号