VirSCAN VirSCAN

1, 你可以上传任何文件,但是文件的尺寸不能超过20兆。
2, 我们支持RAR或ZIP格式的自动解压缩,但压缩文件中不能包含超过20个文件。
3, 我们可以识别并检测密码为 'infected' 或 'virus' 的压缩文件包。

选择语言
服务器负载
Server Load
文件信息
安全评分 :94
基本信息
MD5:669b84e9d5fb541f6cdeacf95a6f526a
文件类型:EXE
出品公司:360.cn
版本:2.0.0.1330---2.0.0.1330
壳或编译器信息:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [Overlay] *
子文件信息:ComputerZ_HardwareDll.dll / 31a17c7c4720ff2a45dee03b08c57e5b / DLL
DrvMgrUI.dll / 605960e1dc82dbcaee39c7d904d769b6 / DLL
DrvmgrCore.dll / 9493f5247e12d0f3a63ed98dde866b63 / DLL
cloudcom2.dll / 29b6666ecef4aaf54a9606f742d21a7f / DLL
360DrvMgr.exe / b79c959ae6f09fde0f788bf47450f779 / EXE
MiniUI.dll / 043365f793b1672fc80aaebde3b22929 / DLL
360Base.dll / a73cf0457df35fab74ef3393d2766667 / DLL
DrvMgrFeedBack.exe / cd4836999aa40887ad9f3c6545ee2766 / EXE
7za.dll / 34f4329522a2b16d1bc9ad4ab58d9fc1 / DLL
ComputerZ1.dll / 77852ccc691c1a8eb82af3a09a3bc257 / DLL
ComputerZService.exe / 5ed15ec30267cc15988df734fbc532dc / EXE
360P2SP.dll / 75ae5114927b0200ea73e016211ae572 / DLL
DataMgr_x64.dll / 201f6d1c4e0d6c90ee1095151f00a8b0 / DLL
LiveUpdate360.exe / b9a7241e2243e923b8d3ff7f11ab6a7a / EXE
LiveUpd360.dll / e2ab61cd7dd7c8443719460140737b09 / DLL
dynlenv.dll / 61bda655c88ce843905ce63a2d5669e4 / DLL
DataMgr.dll / 6d55ea8db2c55ab334b8e83b35f1d60c / DLL
360ScreenCapture.exe / 0b8c87ac0b9eac11f4bc650579c80410 / EXE
ScriptExecute.exe / 1590d37705fce0ac201c0a69b8046e17 / EXE
进程行为
行为描述:创建本地线程
详情信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3968, ThreadID = 4012, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3968, ThreadID = 4040, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3968, ThreadID = 4044, StartAddress = 00436024, Parameter = 014D4D58
行为描述:枚举进程
详情信息:N/A
文件行为
行为描述:创建文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\~DFCD5E.tmp
C:\Program Files\360\360DrvMgr\223578.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\{716F68D7-56A3-4668-89F1-62D4A0155F8F}.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\{494E3551-FFDE-485b-9DC1-DBD0D27B39C5}.tmp\7z.dll
行为描述:创建可执行文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\{494E3551-FFDE-485b-9DC1-DBD0D27B39C5}.tmp\7z.dll
行为描述:查找文件
详情信息:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{494E3551-FFDE-485b-9DC1-DBD0D27B39C5}.tmp\*.*
FileName = C:\Program Files\360\360DrvMgr\*.*
行为描述:删除文件
详情信息:C:\Program Files\360\360DrvMgr\223578.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\{716F68D7-56A3-4668-89F1-62D4A0155F8F}.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\{83CA9DC9-7757-40f9-9765-2D3FBBD2A61A}.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFCD5E.tmp
行为描述:重命名文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\{494E3551-FFDE-485b-9DC1-DBD0D27B39C5}.tmp\7z.dll ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{83CA9DC9-7757-40f9-9765-2D3FBBD2A61A}.tmp
行为描述:修改文件内容
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\{716F68D7-56A3-4668-89F1-62D4A0155F8F}.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\{716F68D7-56A3-4668-89F1-62D4A0155F8F}.tmp ---> Offset = 4096
C:\Documents and Settings\Administrator\Local Settings\Temp\{716F68D7-56A3-4668-89F1-62D4A0155F8F}.tmp ---> Offset = 8192
C:\Documents and Settings\Administrator\Local Settings\Temp\{716F68D7-56A3-4668-89F1-62D4A0155F8F}.tmp ---> Offset = 12288
C:\Documents and Settings\Administrator\Local Settings\Temp\{716F68D7-56A3-4668-89F1-62D4A0155F8F}.tmp ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\{494E3551-FFDE-485b-9DC1-DBD0D27B39C5}.tmp\7z.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\{494E3551-FFDE-485b-9DC1-DBD0D27B39C5}.tmp\7z.dll ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\{494E3551-FFDE-485b-9DC1-DBD0D27B39C5}.tmp\7z.dll ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\{494E3551-FFDE-485b-9DC1-DBD0D27B39C5}.tmp\7z.dll ---> Offset = 98304
C:\Documents and Settings\Administrator\Local Settings\Temp\{494E3551-FFDE-485b-9DC1-DBD0D27B39C5}.tmp\7z.dll ---> Offset = 131072
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1A893393-71A8-4a50-95A1-2B89DE87B24C}\
行为描述:删除注册表键
详情信息:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1A893393-71A8-4a50-95A1-2B89DE87B24C}\
行为描述:修改注册表_延迟重命名项
详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
其他行为
行为描述:创建互斥体
详情信息:RasPbFile
1830B7BD-F7A3-4c4d-989B-C004DE465EDE 3968
欢迎使用 360驱动大师
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.EIP
行为描述:创建事件对象
详情信息:EventName = Global\crypt32LogoffEvent
EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.EIP.IC
EventName = MSCTF.SendReceiveConection.Event.EIP.IC
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述:窗口信息
详情信息:Pid = 3968, Hwnd=0x1034c, Text = 立即安装, ClassName = Button.
Pid = 3968, Hwnd=0x10350, Text = 安装程序准备中,请稍侯..., ClassName = Static.
Pid = 3968, Hwnd=0x10352, Text = 安装到:, ClassName = Static.
Pid = 3968, Hwnd=0x10354, Text = C:\Program Files\360\360DrvMgr, ClassName = Edit.
Pid = 3968, Hwnd=0x10356, Text = 更换目录..., ClassName = Button.
Pid = 3968, Hwnd=0x1035a, Text = 已经阅读并同意许可协议, ClassName = Button(CheckBox).
Pid = 3968, Hwnd=0x1035c, Text = 加入用户体验计划, ClassName = Button(CheckBox).
Pid = 3968, Hwnd=0x1035e, Text = 欢迎使用 360驱动大师, ClassName = Static.
Pid = 3968, Hwnd=0x10362, Text = 继续安装, ClassName = Static.
Pid = 3968, Hwnd=0x10366, Text = 返回, ClassName = Button.
Pid = 3968, Hwnd=0x10368, Text = 了解详情, ClassName = Static.
Pid = 3968, Hwnd=0x1036a, Text = 安装完成后打开360驱动大师, ClassName = Button(CheckBox).
Pid = 3968, Hwnd=0x1036c, Text = 正在安装360驱动大师..., ClassName = Static.
Pid = 3968, Hwnd=0x10348, Text = 欢迎使用 360驱动大师, ClassName = #32770.
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
Global\crypt32LogoffEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceive.Event.IOH.IC
MSCTF.SendReceiveConection.Event.IOH.IC
行为描述:可执行文件签名信息
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\{494E3551-FFDE-485b-9DC1-DBD0D27B39C5}.tmp\7z.dll(签名验证: 未通过)
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [正在安装360驱动大师...,Static]
[Window,Class] = [,PICTUREEXWND]
[Window,Class] = [返回,Button]
[Window,Class] = [,Edit]
行为描述:可执行文件MD5
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\{494E3551-FFDE-485b-9DC1-DBD0D27B39C5}.tmp\7z.dll ---> e421a1ec939ad95483bba5e326264184
行为描述:打开互斥体
详情信息:RasPbFile
ShimCacheMutex
DBWinMutex
行为描述:加载新释放的文件
详情信息:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{83CA9DC9-7757-40f9-9765-2D3FBBD2A61A}.tmp.
运行截图
VirSCAN

关于VirSCAN | 免责声明 | 联系我们 | 友情链接 | 帮助我们
计算机网络与信息安全技术研究中心
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号