VirSCAN VirSCAN

1, 您可以上傳任何檔案,但是檔案大小不能超過20MB。
2, 我們支援RAR或ZIP壓縮檔案格式的自動解壓縮,但壓縮檔案中不能夾帶超過20個檔案。
3, 我們可以辨識並檢測密碼為 'infected' 或 'virus' 的壓縮檔案。

選擇語言
伺服器負載程度
Server Load

文件信息
安全評分:60
行為列表
基本信息
MD5:a6f4df669a9c8849dc3ebf7a0e997f0f
文件類型:EXE
出品公司:小蛮工作室
版本:1.9.3.1---1.9.3.1
殼或編譯器信息:COMPILER:Microsoft Visual C++ v6.0 DLL
關鍵行為
行為描述:检测自身是否被调试
詳細信息:N/A
行為描述:设置特殊文件夹属性
詳細信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行為描述:直接获取CPU时钟
詳細信息:N/A
行為描述:获取TickCount值
詳細信息:TickCount = 5356609, SleepMilliseconds = 1000.
TickCount = 5356703, SleepMilliseconds = 1000.
TickCount = 5356734, SleepMilliseconds = 1000.
TickCount = 5356843, SleepMilliseconds = 1000.
TickCount = 5356890, SleepMilliseconds = 1000.
TickCount = 5356112, SleepMilliseconds = 50.
TickCount = 5356253, SleepMilliseconds = 50.
TickCount = 5356268, SleepMilliseconds = 50.
TickCount = 5356284, SleepMilliseconds = 50.
TickCount = 5356300, SleepMilliseconds = 50.
TickCount = 5356659, SleepMilliseconds = 50.
TickCount = 5356706, SleepMilliseconds = 50.
TickCount = 5356737, SleepMilliseconds = 50.
TickCount = 5356753, SleepMilliseconds = 50.
TickCount = 5356768, SleepMilliseconds = 50.
進程行為
行為描述:创建本地线程
詳細信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 896, ThreadID = 1012, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 896, ThreadID = 1372, StartAddress = 00405A86, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 896, ThreadID = 2044, StartAddress = 00402CF1, Parameter = 000003E8
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 896, ThreadID = 744, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 896, ThreadID = 1172, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 896, ThreadID = 280, StartAddress = 00402CD2, Parameter = 001FADD0
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 896, ThreadID = 1388, StartAddress = 6302B849, Parameter = 00200910
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 896, ThreadID = 2056, StartAddress = 00402CF1, Parameter = 000003E8
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 896, ThreadID = 2060, StartAddress = 00402CD2, Parameter = 00214FF0
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 896, ThreadID = 2160, StartAddress = 00402CF1, Parameter = 000003E8
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 896, ThreadID = 2176, StartAddress = 00402CD2, Parameter = 00214FF0
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 896, ThreadID = 2268, StartAddress = 00402CF1, Parameter = 000003E8
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 896, ThreadID = 2276, StartAddress = 00402CD2, Parameter = 00214FF0
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 896, ThreadID = 2344, StartAddress = 00402CF1, Parameter = 000003E8
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 896, ThreadID = 2348, StartAddress = 00402CD2, Parameter = 00203450
文件行為
行為描述:创建文件
詳細信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\wpad[1].dat
行為描述:删除文件
詳細信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\wpad[1].dat
行為描述:设置特殊文件夹属性
詳細信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行為描述:查找文件
詳細信息:FileName = 未检测到QQ堂!请手动选择QQ堂目录!\Client.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
網絡行為
行為描述:联网打开网址
詳細信息:InternetOpenUrlA: http://**.133.40.**:128/wpad.dat, hInternet = 0x00cc0010, Flags = 0x00000010
行為描述:连接指定站点
詳細信息:InternetConnectA: ServerName = ks****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = **.133.40.**, PORT = 128, UserName = , Password = , hSession = 0x00cc0010, hConnect = 0x00cc0014, Flags = 0x00000010
InternetConnectA: ServerName = ta****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
行為描述:打开HTTP连接
詳細信息:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0), hSession = 0x00cc0004
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0), hSession = 0x00cc0010
行為描述:建立到一个指定的套接字连接
詳細信息:URL: wpad, IP: **.133.40.**:128, SOCKET = 0x00000478
URL: ks****om, IP: **.133.40.**:80, SOCKET = 0x0000046c
URL: ta****om, IP: **.133.40.**:80, SOCKET = 0x0000046c
行為描述:读取网络文件
詳細信息:hFile = 0x00cc0018, BytesToRead =4010, BytesRead = 4010.
hFile = 0x00cc000c, BytesToRead =102400, BytesRead = 102400.
行為描述:发送HTTP包
詳細信息:GET /wpad.dat HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0) Host: **.133.40.**:128
GET /xiaoman/xmos.html HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Accept: */* Host: ks****om Cache-Control: no-cache
GET /blog/static/234326024201562592017935/ HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Accept: */* Host: ta****om Cache-Control: no-cache
行為描述:打开HTTP请求
詳細信息:HttpOpenRequestA: ks****om:80/xiaoman/xmos.html, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x84000000
HttpOpenRequestA: **.133.40.**:128/wpad.dat, hConnect = 0x00cc0014, hRequest = 0x00cc0018, Verb: GET, Referer: , Flags = 0x00000010
HttpOpenRequestA: ta****om:80/blog/static/234326024201562592017935/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x84000000
行為描述:按名称获取主机地址
詳細信息:GetAddrInfoW: computer
GetAddrInfoW: wpad
GetAddrInfoW: ks****om
GetAddrInfoW: ta****om
註冊表行為
行為描述:修改注册表
詳細信息:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x16(565 0)
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\996E\DEBUG\Trace Level
行為描述:删除注册表键值
詳細信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\996E\DEBUG\Trace Level
其他行為
行為描述:检测自身是否被调试
詳細信息:N/A
行為描述:创建互斥体
詳細信息:RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.ABG
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
行為描述:创建事件对象
詳細信息:EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.ABG.IC
EventName = MSCTF.SendReceiveConection.Event.ABG.IC
EventName = Global\crypt32LogoffEvent
行為描述:打开互斥体
詳細信息:RasPbFile
ShimCacheMutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!IETld!Mutex
行為描述:查找指定窗口
詳細信息:NtUserFindWindowEx: [Class,Window] = [,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
行為描述:打开事件
詳細信息:HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000040
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000040
MSCTF.SendReceive.Event.ELH.IC
MSCTF.SendReceiveConection.Event.ELH.IC
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
Global\crypt32LogoffEvent
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000041
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000041
行為描述:获取TickCount值
詳細信息:TickCount = 5356609, SleepMilliseconds = 1000.
TickCount = 5356703, SleepMilliseconds = 1000.
TickCount = 5356734, SleepMilliseconds = 1000.
TickCount = 5356843, SleepMilliseconds = 1000.
TickCount = 5356890, SleepMilliseconds = 1000.
TickCount = 5356112, SleepMilliseconds = 50.
TickCount = 5356253, SleepMilliseconds = 50.
TickCount = 5356268, SleepMilliseconds = 50.
TickCount = 5356284, SleepMilliseconds = 50.
TickCount = 5356300, SleepMilliseconds = 50.
TickCount = 5356659, SleepMilliseconds = 50.
TickCount = 5356706, SleepMilliseconds = 50.
TickCount = 5356737, SleepMilliseconds = 50.
TickCount = 5356753, SleepMilliseconds = 50.
TickCount = 5356768, SleepMilliseconds = 50.
行為描述:窗口信息
詳細信息:Pid = 896, Hwnd=0x13033a, Text = xiaomanR, ClassName = _EL_Label.
Pid = 896, Hwnd=0xe039e, Text = 最新版本:v, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 896, Hwnd=0xc03a0, Text = 当前版本:v1.9, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 896, Hwnd=0x603ac, Text = 小蛮QQ堂交流群●, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 896, Hwnd=0x1702d8, Text = Windows XP (Build:2600), ClassName = Afx:400000:b:10011:1900015:0.
Pid = 896, Hwnd=0x7037c, Text = 支持小蛮,设置2345网址导航为主页¤, ClassName = Button(CheckBox).
Pid = 896, Hwnd=0x1902ce, Text = 安装辅助, ClassName = Button.
Pid = 896, Hwnd=0x403a2, Text = 启动游戏, ClassName = Button.
Pid = 896, Hwnd=0x40392, Text = 卸载辅助, ClassName = Button.
Pid = 896, Hwnd=0x703ba, Text = 修复游戏, ClassName = Button.
Pid = 896, Hwnd=0xb032a, Text = 选择目录, ClassName = Button.
Pid = 896, Hwnd=0x1802fe, Text = 未检测到QQ堂!请手动选择QQ堂目录!, ClassName = Edit.
Pid = 896, Hwnd=0x1002c8, Text = ☆-QQ堂目录-☆:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 896, Hwnd=0xd035e, Text = 小蛮科技v1.9 - Trial, ClassName = WTWindow.
Pid = 896, Hwnd=0xe02aa, Text = 确定, ClassName = Button.
行為描述:调用Sleep函数
詳細信息:[1]: MilliSeconds = 1000.
[2]: MilliSeconds = 1000.
[3]: MilliSeconds = 1000.
[4]: MilliSeconds = 1000.
[5]: MilliSeconds = 1000.
[6]: MilliSeconds = 1000.
[7]: MilliSeconds = 1000.
行為描述:隐藏指定窗口
詳細信息:[Window,Class] = [,tooltips_class32]
[Window,Class] = [,Afx:400000:b:10011:1900010:0]
行為描述:直接获取CPU时钟
詳細信息:N/A
運行截圖
VirSCAN

關於VirSCAN | 隱私權政策 | 聯繫 VirSCAN | 友情鏈接 | 幫助VirSCAN
计算机网络与信息安全技术研究中心
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号