VirSCAN VirSCAN

1, 您可以上傳任何檔案,但是檔案大小不能超過20MB。
2, 我們支援RAR或ZIP壓縮檔案格式的自動解壓縮,但壓縮檔案中不能夾帶超過20個檔案。
3, 我們可以辨識並檢測密碼為 'infected' 或 'virus' 的壓縮檔案。

選擇語言
伺服器負載程度
Server Load

文件信息
安全評分:40
行為列表
基本信息
MD5:2bcfab762ee9687d3e4230a4f97f2543
文件類型:EXE
出品公司:HEALTHCAREfirst Famous
版本:4.5.36.15---4.5.36.15
殼或編譯器信息:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation *
關鍵行為
行為描述:直接调用系统关键API
詳細信息:Index = 0x0000005D, Name: NtCreateUserProcess, Instruction Address = 0x00401128
Index = 0x00000013, Name: NtAllocateVirtualMemory, Instruction Address = 0x004015E1
Index = 0x0000018F, Name: NtWriteVirtualMemory, Instruction Address = 0x00401629
行為描述:跨进程写入数据
詳細信息:TargetProcess = C:\Windows\System32\svchost.exe, WriteAddress = 0x00040000, Size = 0x0000b000 TargetPID = 0x00000ea8
TargetProcess = C:\Windows\System32\svchost.exe, WriteAddress = 0x779ae12b, Size = 0x00000005 TargetPID = 0x00000ea8
TargetProcess = C:\Windows\System32\svchost.exe, WriteAddress = 0x00030000, Size = 0x00000454 TargetPID = 0x00000ea8
TargetProcess = C:\Windows\System32\svchost.exe, WriteAddress = 0x000b0000, Size = 0x00000020 TargetPID = 0x00000ea8
TargetProcess = C:\Windows\System32\svchost.exe, WriteAddress = 0x000b0020, Size = 0x00000034 TargetPID = 0x00000ea8
TargetProcess = C:\Windows\System32\svchost.exe, WriteAddress = 0x7ffd3238, Size = 0x00000004 TargetPID = 0x00000ea8
行為描述:直接获取CPU时钟
詳細信息:EAX = 0x474acf18, EDX = 0x0000039a
EAX = 0x474acf64, EDX = 0x0000039a
行為描述:获取TickCount值
詳細信息:TickCount = 1118757, SleepMilliseconds = 86.
進程行為
行為描述:创建进程
詳細信息:[0x00000ea8]ImagePath = C:\Windows\System32\svchost.exe, CmdLine = C:\Windows\system32\svchost.exe
行為描述:跨进程写入数据
詳細信息:TargetProcess = C:\Windows\System32\svchost.exe, WriteAddress = 0x00040000, Size = 0x0000b000 TargetPID = 0x00000ea8
TargetProcess = C:\Windows\System32\svchost.exe, WriteAddress = 0x779ae12b, Size = 0x00000005 TargetPID = 0x00000ea8
TargetProcess = C:\Windows\System32\svchost.exe, WriteAddress = 0x00030000, Size = 0x00000454 TargetPID = 0x00000ea8
TargetProcess = C:\Windows\System32\svchost.exe, WriteAddress = 0x000b0000, Size = 0x00000020 TargetPID = 0x00000ea8
TargetProcess = C:\Windows\System32\svchost.exe, WriteAddress = 0x000b0020, Size = 0x00000034 TargetPID = 0x00000ea8
TargetProcess = C:\Windows\System32\svchost.exe, WriteAddress = 0x7ffd3238, Size = 0x00000004 TargetPID = 0x00000ea8
文件行為
行為描述:创建文件
詳細信息:C:\ProgramData\{075A4EF4-B9F4-4D9B-93C1-9945B039BDE1}\bjayxhzvt.exe
行為描述:创建可执行文件
詳細信息:C:\ProgramData\{075A4EF4-B9F4-4D9B-93C1-9945B039BDE1}\bjayxhzvt.exe
行為描述:修改文件内容
詳細信息:C:\ProgramData\{075A4EF4-B9F4-4D9B-93C1-9945B039BDE1}\bjayxhzvt.exe ---> Offset = 0
其他行為
行為描述:创建互斥体
詳細信息:DBWinMutex
行為描述:创建事件对象
詳細信息:EventName = Global\oshmrrrrrea
行為描述:直接调用系统关键API
詳細信息:Index = 0x0000005D, Name: NtCreateUserProcess, Instruction Address = 0x00401128
Index = 0x00000013, Name: NtAllocateVirtualMemory, Instruction Address = 0x004015E1
Index = 0x0000018F, Name: NtWriteVirtualMemory, Instruction Address = 0x00401629
行為描述:获取TickCount值
詳細信息:TickCount = 1118757, SleepMilliseconds = 86.
行為描述:打开事件
詳細信息:HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
\KernelObjects\MaximumCommitCondition
行為描述:可执行文件签名信息
詳細信息:C:\ProgramData\{075A4EF4-B9F4-4D9B-93C1-9945B039BDE1}\bjayxhzvt.exe(签名验证: 未通过)
行為描述:调用Sleep函数
詳細信息:[1]: MilliSeconds = 86.
[2]: MilliSeconds = 86.
[3]: MilliSeconds = 86.
[4]: MilliSeconds = 86.
[5]: MilliSeconds = 86.
[6]: MilliSeconds = 86.
[7]: MilliSeconds = 86.
[8]: MilliSeconds = 86.
[9]: MilliSeconds = 86.
[10]: MilliSeconds = 86.
行為描述:可执行文件MD5
詳細信息:C:\ProgramData\{075A4EF4-B9F4-4D9B-93C1-9945B039BDE1}\bjayxhzvt.exe ---> 745d3db5ca007fb8f1f7c3110a9398d4
行為描述:直接获取CPU时钟
詳細信息:EAX = 0x474acf18, EDX = 0x0000039a
EAX = 0x474acf64, EDX = 0x0000039a
運行截圖
VirSCAN

關於VirSCAN | 隱私權政策 | 聯繫 VirSCAN | 友情鏈接 | 幫助VirSCAN
计算机网络与信息安全技术研究中心
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号