VirSCAN VirSCAN

1, 你可以上传任何文件,但是文件的尺寸不能超过20兆。
2, 我们支持RAR或ZIP格式的自动解压缩,但压缩文件中不能包含超过20个文件。
3, 我们可以识别并检测密码为 'infected' 或 'virus' 的压缩文件包。

选择语言
服务器负载
Server Load

文件信息
安全评分:60
行为列表
基本信息
MD5:ed133cf800bbc1281f660cccded8e9c2
文件类型:EXE
出品公司:
版本:0.0.0.0
壳或编译器信息:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation *
关键行为
行为描述:直接获取CPU时钟
详细信息:EAX = 0x58e72cb8, EDX = 0x0000039f
EAX = 0x5b9a2c34, EDX = 0x0000039f
EAX = 0x5e21fbbd, EDX = 0x0000039f
行为描述:获取TickCount值
详细信息:TickCount = 1107525, SleepMilliseconds = 10.
TickCount = 1110025, SleepMilliseconds = 10.
TickCount = 1110088, SleepMilliseconds = 10.
TickCount = 1110103, SleepMilliseconds = 10.
TickCount = 1110150, SleepMilliseconds = 10.
TickCount = 1110166, SleepMilliseconds = 10.
TickCount = 1110213, SleepMilliseconds = 10.
TickCount = 1110228, SleepMilliseconds = 10.
TickCount = 1110275, SleepMilliseconds = 10.
TickCount = 1110306, SleepMilliseconds = 10.
TickCount = 1142385, SleepMilliseconds = 10.
TickCount = 1171072, SleepMilliseconds = 10.
TickCount = 1171088, SleepMilliseconds = 10.
文件行为
行为描述:查找文件
详细信息:FileName = C:\Users
FileName = C:\Users\Administrator\AppData
FileName = C:\Users\Administrator\AppData\Local
FileName = C:\Users\Administrator\AppData\Local\Temp
FileName = C:\Users\Administrator\AppData\Local\%temp%
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe
其他行为
行为描述:检测自身是否被调试
详细信息:IsDebuggerPresent
行为描述:隐藏指定窗口
详细信息:[Window,Class] = [AutoIt v3,AutoIt v3]
行为描述:打开互斥体
详细信息:Local\MSCTF.Asm.MutexDefault1
行为描述:查找指定窗口
详细信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
行为描述:打开事件
详细信息:HookSwitchHookEnabledEvent
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
行为描述:获取TickCount值
详细信息:TickCount = 1107525, SleepMilliseconds = 10.
TickCount = 1110025, SleepMilliseconds = 10.
TickCount = 1110088, SleepMilliseconds = 10.
TickCount = 1110103, SleepMilliseconds = 10.
TickCount = 1110150, SleepMilliseconds = 10.
TickCount = 1110166, SleepMilliseconds = 10.
TickCount = 1110213, SleepMilliseconds = 10.
TickCount = 1110228, SleepMilliseconds = 10.
TickCount = 1110275, SleepMilliseconds = 10.
TickCount = 1110306, SleepMilliseconds = 10.
TickCount = 1142385, SleepMilliseconds = 10.
TickCount = 1171072, SleepMilliseconds = 10.
TickCount = 1171088, SleepMilliseconds = 10.
行为描述:获取光标位置
详细信息:CursorPos = (388,18506), SleepMilliseconds = 10.
CursorPos = (6681,26539), SleepMilliseconds = 10.
CursorPos = (19516,15763), SleepMilliseconds = 10.
CursorPos = (11825,29397), SleepMilliseconds = 10.
CursorPos = (27309,24503), SleepMilliseconds = 10.
CursorPos = (6052,28184), SleepMilliseconds = 10.
CursorPos = (23628,16866), SleepMilliseconds = 10.
CursorPos = (10308,530), SleepMilliseconds = 10.
CursorPos = (3342,11981), SleepMilliseconds = 10.
CursorPos = (5174,5475), SleepMilliseconds = 10.
CursorPos = (32738,14643), SleepMilliseconds = 10.
CursorPos = (4249,192), SleepMilliseconds = 10.
CursorPos = (639,12421), SleepMilliseconds = 10.
CursorPos = (17768,18755), SleepMilliseconds = 10.
CursorPos = (20065,19934), SleepMilliseconds = 10.
行为描述:窗口信息
详细信息:Pid = 552, Hwnd=0x10022e, Text = 123456, ClassName = Edit.
Pid = 552, Hwnd=0x901e2, Text = 123456, ClassName = Edit.
Pid = 552, Hwnd=0xa023e, Text = 123456, ClassName = Edit.
Pid = 552, Hwnd=0xa0198, Text = 123456, ClassName = Edit.
Pid = 552, Hwnd=0x90180, Text = 输入框 4 正在录入数据。, ClassName = Static.
行为描述:调用Sleep函数
详细信息:[1]: MilliSeconds = 0.
[2]: MilliSeconds = 0.
[3]: MilliSeconds = 0.
[4]: MilliSeconds = 0.
[5]: MilliSeconds = 0.
[6]: MilliSeconds = 0.
[7]: MilliSeconds = 0.
[8]: MilliSeconds = 0.
[9]: MilliSeconds = 0.
[10]: MilliSeconds = 0.
行为描述:直接获取CPU时钟
详细信息:EAX = 0x58e72cb8, EDX = 0x0000039f
EAX = 0x5b9a2c34, EDX = 0x0000039f
EAX = 0x5e21fbbd, EDX = 0x0000039f
运行截图
VirSCAN

关于VirSCAN | 免责声明 | 联系我们 | 友情链接 | 帮助我们
计算机网络与信息安全技术研究中心
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号