VirSCAN VirSCAN

1, 你可以上传任何文件,但是文件的尺寸不能超过20兆。
2, 我们支持RAR或ZIP格式的自动解压缩,但压缩文件中不能包含超过20个文件。
3, 我们可以识别并检测密码为 'infected' 或 'virus' 的压缩文件包。

选择语言
服务器负载
Server Load

文件信息
安全评分:50
行为列表
基本信息
MD5:5b342cff16e16f2dcd789d4985422d81
文件类型:zip
出品公司:
版本:
壳或编译器信息:
子文件信息:BTC_PassCrack.exe / ad612809295da3810d40bc3f407f2c5d / EXE
lua.dll / 783689012187a8f39f4ae44be54079e1 / DLL
OpenCL.DLL / 77534c02072acbe80c27e2a061980ee9 / DLL
lua_lstfile.dll / 00ccfd5b3521bc1cf4d4359d5fa6db36 / DLL
raw-english.lst / ddcb7a2ab3d1513c479d266d31e8ce80 / Unknown
english.lst / ddcb7a2ab3d1513c479d266d31e8ce80 / Unknown
raw-password.lst / bc6e5dae5a659a6c994b9b1675f67de9 / Unknown
raw-favpass.lst / eff9059851c2af8491d1fc6c3b8ad72d / Unknown
json.lua / d8268d393c9bb9e19805d496d1730ae4 / Unknown
gen_auto.lua / e1d4fa0eef8130c4f504a8c0801088de / Unknown
sha512.enc.cl / 870b6319bc742bb6fa804cb364678587 / Unknown
expr2hold.lua / 78ca639ba6b7f06a7b32353839961459 / Unknown
gen_expr.lua / 418516c34fa224240c053f1fac159dc7 / Unknown
CountGen.lua / 15b7b641a1b25a19bbb66d14af0f272e / Unknown
rules_near.lua / c9ec9603fc58b5883558fe599674606b / Unknown
expr2hold_test.lua / 087ce5618e655950e68a35cc89f2ac5c / Unknown
rules_case.lua / 48fa5ba8e1d41deed3e94fe736e0c05d / Unknown
base.lua / 26210bb6d9105916a1d8f256550d5a92 / Unknown
raw-pinyin.lst / 31d37184352eddd0a22b9c49f95936eb / Unknown
关键行为
行为描述:直接获取CPU时钟
详细信息:EAX = 0x6c098fff, EDX = 0x000003a0
EAX = 0x9e243136, EDX = 0x000003a0
EAX = 0xa899ce5c, EDX = 0x000003a0
EAX = 0xa899cea8, EDX = 0x000003a0
EAX = 0xb8756a2e, EDX = 0x000003a0
EAX = 0xfcf375dc, EDX = 0x000003a0
EAX = 0xffa67558, EDX = 0x000003a0
EAX = 0xffa675a4, EDX = 0x000003a0
EAX = 0x14bcdf97, EDX = 0x000003a1
EAX = 0x498a7ffe, EDX = 0x000003a1
进程行为
行为描述:枚举进程
详细信息:N/A
文件行为
行为描述:查找文件
详细信息:FileName = C:\Users\Administrator\Desktop\*
FileName = C:\Users\Administrator\Documents\*
FileName = C:\Users\Administrator\Documents\My Videos\*
FileName = C:\Users\Administrator\Documents\My Pictures\*
FileName = C:\Users\Administrator\Documents\My Music\*
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\BTC_PassCrack\*
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\BTC_PassCrack\script\*
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\BTC_PassCrack\script\words\*
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\BTC_PassCrack\script\split\*
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\BTC_PassCrack\script\rules\*
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\BTC_PassCrack\script\gen\*
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\BTC_PassCrack\script\comm\*
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\BTC_PassCrack\lst\*
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\BTC_PassCrack\lst\bak\*
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\BTC_PassCrack\BTC_PassCrack\*
其他行为
行为描述:检测自身是否被调试
详细信息:IsDebuggerPresent
行为描述:隐藏指定窗口
详细信息:[Window,Class] = [,ComboLBox]
行为描述:打开互斥体
详细信息:Local\MSCTF.Asm.MutexDefault1
行为描述:打开事件
详细信息:HookSwitchHookEnabledEvent
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
行为描述:搜索kernel32.dll基地址
详细信息:Instruction Address = 0x01745fba
行为描述:窗口信息
详细信息:Pid = 2684, Hwnd=0xa01ee, Text = 选择, ClassName = Button.
Pid = 2684, Hwnd=0x10028c, Text = 钱包密码找回工具, ClassName = Static.
Pid = 2684, Hwnd=0xa0290, Text = 文件路径:, ClassName = Static.
Pid = 2684, Hwnd=0x16017a, Text = 设置, ClassName = Button.
Pid = 2684, Hwnd=0xb021c, Text = X, ClassName = Button.
Pid = 2684, Hwnd=0x90216, Text = 开始, ClassName = Button.
Pid = 2684, Hwnd=0xb016a, Text = Core钱包, ClassName = ComboBox.
Pid = 2684, Hwnd=0xd0302, Text = 钱包类型, ClassName = Static.
Pid = 2684, Hwnd=0xc01ac, Text = 官网, ClassName = Button.
Pid = 2684, Hwnd=0x1801da, Text = _, ClassName = Button.
Pid = 2684, Hwnd=0x600f4, Text = 确定, ClassName = Button.
Pid = 2684, Hwnd=0xc015a, Text = 钱包数据打开失败.network_identifier, ClassName = Static.
Pid = 2684, Hwnd=0x1502da, Text = 错误, ClassName = #32770.
Pid = 2684, Hwnd=0x150138, Text = 123456, ClassName = ComboBox.
Pid = 2684, Hwnd=0xd0240, Text = 123456, ClassName = Edit.
行为描述:调用Sleep函数
详细信息:[1]: MilliSeconds = 0.
[2]: MilliSeconds = 0.
行为描述:直接获取CPU时钟
详细信息:EAX = 0x6c098fff, EDX = 0x000003a0
EAX = 0x9e243136, EDX = 0x000003a0
EAX = 0xa899ce5c, EDX = 0x000003a0
EAX = 0xa899cea8, EDX = 0x000003a0
EAX = 0xb8756a2e, EDX = 0x000003a0
EAX = 0xfcf375dc, EDX = 0x000003a0
EAX = 0xffa67558, EDX = 0x000003a0
EAX = 0xffa675a4, EDX = 0x000003a0
EAX = 0x14bcdf97, EDX = 0x000003a1
EAX = 0x498a7ffe, EDX = 0x000003a1
运行截图
VirSCAN

关于VirSCAN | 免责声明 | 联系我们 | 友情链接 | 帮助我们
计算机网络与信息安全技术研究中心
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号