VirSCAN VirSCAN

1, 您可以上傳任何檔案,但是檔案大小不能超過20MB。
2, 我們支援RAR或ZIP壓縮檔案格式的自動解壓縮,但壓縮檔案中不能夾帶超過20個檔案。
3, 我們可以辨識並檢測密碼為 'infected' 或 'virus' 的壓縮檔案。

選擇語言
伺服器負載程度
Server Load

文件信息
安全評分:85
行為列表
基本信息
MD5:a5d55e856bbb7ddc572837f69efe5262
文件類型:EXE
出品公司:
版本:
殼或編譯器信息:COMPILER:Microsoft Visual C++ 6.0
文件行為
行為描述:创建文件
詳細信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\ImpREC.ini
行為描述:修改文件内容
詳細信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\ImpREC.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\ImpREC.ini ---> Offset = 54
C:\Documents and Settings\Administrator\Local Settings\%temp%\ImpREC.ini ---> Offset = 80
C:\Documents and Settings\Administrator\Local Settings\%temp%\ImpREC.ini ---> Offset = 98
C:\Documents and Settings\Administrator\Local Settings\%temp%\ImpREC.ini ---> Offset = 126
C:\Documents and Settings\Administrator\Local Settings\%temp%\ImpREC.ini ---> Offset = 154
C:\Documents and Settings\Administrator\Local Settings\%temp%\ImpREC.ini ---> Offset = 180
C:\Documents and Settings\Administrator\Local Settings\%temp%\ImpREC.ini ---> Offset = 198
C:\Documents and Settings\Administrator\Local Settings\%temp%\ImpREC.ini ---> Offset = 222
C:\Documents and Settings\Administrator\Local Settings\%temp%\ImpREC.ini ---> Offset = 251
C:\Documents and Settings\Administrator\Local Settings\%temp%\ImpREC.ini ---> Offset = 272
C:\Documents and Settings\Administrator\Local Settings\%temp%\ImpREC.ini ---> Offset = 292
C:\Documents and Settings\Administrator\Local Settings\%temp%\ImpREC.ini ---> Offset = 310
C:\Documents and Settings\Administrator\Local Settings\%temp%\ImpREC.ini ---> Offset = 334
C:\Documents and Settings\Administrator\Local Settings\%temp%\ImpREC.ini ---> Offset = 360
行為描述:查找文件
詳細信息:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\Plugin\*.dll
其他行為
行為描述:创建互斥体
詳細信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.MFK
行為描述:创建事件对象
詳細信息:EventName = MSCTF.SendReceive.Event.MFK.IC
EventName = MSCTF.SendReceiveConection.Event.MFK.IC
行為描述:查找指定窗口
詳細信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行為描述:打开事件
詳細信息:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
行為描述:调整进程token权限
詳細信息:SE_DEBUG_PRIVILEGE
行為描述:窗口信息
詳細信息:Pid = 2648, Hwnd=0x103a0, Text = 确定, ClassName = Button.
Pid = 2648, Hwnd=0x103a2, Text = Apparently it"s the first time you launch me. - When selecting a node in the import tree, you can maintain SHIFT or CONTROL for selecting several nodes. It seems to be evident but i noticed it was not for everybody. :-/ And please remember those 2 magic k, ClassName = Static.
Pid = 2648, Hwnd=0x1039e, Text = Useful Notes, ClassName = #32770.
Pid = 2648, Hwnd=0x10340, Text = 获取输入表, ClassName = Button.
Pid = 2648, Hwnd=0x10348, Text = 清除日志, ClassName = Button.
Pid = 2648, Hwnd=0x1034a, Text = 00000000, ClassName = Edit.
Pid = 2648, Hwnd=0x1034c, Text = RVA, ClassName = Static.
Pid = 2648, Hwnd=0x1034e, Text = 00001000, ClassName = Edit.
Pid = 2648, Hwnd=0x10350, Text = 尺寸, ClassName = Static.
Pid = 2648, Hwnd=0x10352, Text = 修复转存文件, ClassName = Button.
Pid = 2648, Hwnd=0x10354, Text = 00000000, ClassName = Edit.
Pid = 2648, Hwnd=0x10356, Text = RVA, ClassName = Static.
Pid = 2648, Hwnd=0x10358, Text = 清除输入表, ClassName = Button.
Pid = 2648, Hwnd=0x1035a, Text = 所需的 IAT 信息, ClassName = Button(GroupBox).
Pid = 2648, Hwnd=0x1035c, Text = 00000000, ClassName = Edit.
行為描述:隐藏指定窗口
詳細信息:[Window,Class] = [,ComboLBox]
[Window,Class] = [Tree1,SysTreeView32]
行為描述:打开互斥体
詳細信息:ShimCacheMutex
運行截圖
VirSCAN

關於VirSCAN | 隱私權政策 | 聯繫 VirSCAN | 友情鏈接 | 幫助VirSCAN
计算机网络与信息安全技术研究中心
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号