VirSCAN VirSCAN

1, 您可以上傳任何檔案,但是檔案大小不能超過20MB。
2, 我們支援RAR或ZIP壓縮檔案格式的自動解壓縮,但壓縮檔案中不能夾帶超過20個檔案。
3, 我們可以辨識並檢測密碼為 'infected' 或 'virus' 的壓縮檔案。

選擇語言
伺服器負載程度
Server Load

文件信息
安全評分:76
行為列表
基本信息
MD5:d4b49dd82f27ce56211fe34ff0355d96
文件類型:EXE
出品公司:
版本:1.1.26.1---1.1.26.01
殼或編譯器信息:PACKER:UPolyX v0.5
子文件信息:mpress_cb3e1080dumpFile / cf4bcf9173178a974082ee10cc225b6b / EXE
關鍵行為
行為描述:设置特殊文件夹属性
詳細信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行為描述:查找PE资源信息
詳細信息:(FindResourceW) hModule = 0x00000000, ResName: DLL\GDTH.DLL, ResType: a(ID)
行為描述:设置消息钩子
詳細信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
行為描述:获取TickCount值
詳細信息:TickCount = 224135, SleepMilliseconds = 10.
TickCount = 255921, SleepMilliseconds = 250.
進程行為
行為描述:创建本地线程
詳細信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2824, ThreadID = 2960, StartAddress = 00408FB0, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2824, ThreadID = 3000, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2824, ThreadID = 3068, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2824, ThreadID = 3076, StartAddress = 6359727B, Parameter = 00188D08
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2824, ThreadID = 3364, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2824, ThreadID = 3368, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2824, ThreadID = 3376, StartAddress = 7C949B6F, Parameter = 00000000
行為描述:枚举进程
詳細信息:N/A
文件行為
行為描述:创建文件
詳細信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\GDTH.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\GDTH.ico
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\GDCursorNormal.cur
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\GDCursorIBeam.cur
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\img\GDTH_Logo.png
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\img\GDTH_Gif.gif
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\img\OptionsGif.gif
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\img\LEB.jpg
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\img\LLL.jpg
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\img\GuiBackgroundEnemyBrowser.jpg
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\img\GuiBackgroundLiveLootList.jpg
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\img\GuiBackgroundBottomLiveLootList.png
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\img\GuiBackgroundBottomLiveEnemyBrowser.jpg
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\img\checkbox_active.png
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\img\checkbox_inactive.png
行為描述:创建可执行文件
詳細信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\GDTH.dll
行為描述:覆盖已有文件
詳細信息:C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
行為描述:查找文件
詳細信息:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\img\OptionsGif.gif
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\img\GDTH_Gif.gif
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates\*
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs\*
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs\*
行為描述:设置特殊文件夹属性
詳細信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行為描述:修改文件内容
詳細信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\GDTH.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\GDTH.ico ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\GDCursorNormal.cur ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\GDCursorIBeam.cur ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\img\GDTH_Logo.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\img\GDTH_Gif.gif ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\img\OptionsGif.gif ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\img\LEB.jpg ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\img\LLL.jpg ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\img\GuiBackgroundEnemyBrowser.jpg ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\img\GuiBackgroundLiveLootList.jpg ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\img\GuiBackgroundBottomLiveLootList.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\img\GuiBackgroundBottomLiveEnemyBrowser.jpg ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\img\checkbox_active.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\tmp\img\checkbox_inactive.png ---> Offset = 0
網絡行為
行為描述:联网打开网址
詳細信息:InternetOpenUrlA: https://ww****om/s/25qipfbzj0zz94h/filever.txt?dl=1, hInternet = 0x00cc0004, Flags = 0x80003000
行為描述:打开HTTP连接
詳細信息:InternetOpenA: UserAgent: AutoHotkey/1.1.26.01, hSession = 0x00cc0004
行為描述:连接指定站点
詳細信息:InternetConnectA: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x80803000
行為描述:打开指定IE网页
詳細信息:steam://rungameid/219990
行為描述:建立到一个指定的套接字连接
詳細信息:URL: ww****om, IP: **.133.40.**:443, SOCKET = 0x0000045c
行為描述:读取网络文件
詳細信息:hFile = 0x00cc000c, BytesToRead =366592, BytesRead = 366592.
行為描述:打开HTTP请求
詳細信息:HttpOpenRequestA: ww****om:80/s/25qipfbzj0zz94h/filever.txt?dl=1, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x80803000
行為描述:按名称获取主机地址
詳細信息:GetAddrInfoW: ww****om
註冊表行為
行為描述:修改注册表
詳細信息:\REGISTRY\USER\S-*\Software\Microsoft\Speech\Voices\DefaultTokenId
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
行為描述:删除注册表键值
詳細信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
其他行為
行為描述:创建互斥体
詳細信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
AHK Keybd
AHK Mouse
HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_Voices_Tokens_MSSam_Mutex
Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
MSCTF.Shared.MUTEX.IOH
行為描述:创建事件对象
詳細信息:EventName = DINPUTWINMM
EventName = HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_Voices_Tokens_MSSam_Event
EventName = MSCTF.SendReceiveConection.Event.MAL.IC
EventName = MSCTF.SendReceive.Event.MAL.IC
EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
行為描述:查找指定窗口
詳細信息:NtUserFindWindowEx: [Class,Window] = [AutoHotkey,C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [#32771,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行為描述:枚举窗口
詳細信息:N/A
行為描述:获取TickCount值
詳細信息:TickCount = 224135, SleepMilliseconds = 10.
TickCount = 255921, SleepMilliseconds = 250.
行為描述:打开事件
詳細信息:HookSwitchHookEnabledEvent
Global\SvcctrlStartEvent_A3752DX
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
\INSTALLATION_SECURITY_HOLD
Global\crypt32LogoffEvent
行為描述:窗口信息
詳細信息:Pid = 2824, Hwnd=0x1034a, Text = Grim Dawn Trained Hard v6.0.5.0 by immo, ClassName = AutoHotkeyGUI.
Pid = 2824, Hwnd=0x103f4, Text = set iron:, ClassName = Static.
Pid = 2824, Hwnd=0x103fa, Text = _, ClassName = Static.
Pid = 2824, Hwnd=0x103fc, Text = _, ClassName = Static.
Pid = 2824, Hwnd=0x103fe, Text = _, ClassName = Static.
Pid = 2824, Hwnd=0x10400, Text = _, ClassName = Static.
Pid = 2824, Hwnd=0x10402, Text = _, ClassName = Static.
Pid = 2824, Hwnd=0x10404, Text = _, ClassName = Static.
Pid = 2824, Hwnd=0x10406, Text = _, ClassName = Static.
Pid = 2824, Hwnd=0x10408, Text = _, ClassName = Static.
Pid = 2824, Hwnd=0x1040a, Text = _, ClassName = Static.
Pid = 2824, Hwnd=0x1040c, Text = _, ClassName = Static.
Pid = 2824, Hwnd=0x1040e, Text = _, ClassName = Static.
Pid = 2824, Hwnd=0x10410, Text = _, ClassName = Static.
Pid = 2824, Hwnd=0x10412, Text = _, ClassName = Static.
行為描述:查找PE资源信息
詳細信息:(FindResourceW) hModule = 0x00000000, ResName: DLL\GDTH.DLL, ResType: a(ID)
行為描述:可执行文件签名信息
詳細信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\GDTH.dll(签名验证: 未通过)
行為描述:调用Sleep函数
詳細信息:[1]: MilliSeconds = 10.
[2]: MilliSeconds = 0.
[3]: MilliSeconds = 0.
[4]: MilliSeconds = 250.
行為描述:隐藏指定窗口
詳細信息:[Window,Class] = [C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe,AutoHotkey]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,Static]
[Window,Class] = [Output,AutoHotkeyGUI]
[Window,Class] = [%temp%\****.exe,AutoHotkeyGUI]
[Window,Class] = [Grim Dawn Trained Hard v6.0.5.0 by immo,AutoHotkeyGUI]
[Window,Class] = [,Internet Explorer_Server]
行為描述:可执行文件MD5
詳細信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\GDTH.dll ---> aef5ccf9b480a0a0cf9b1328bb03b6c3
行為描述:打开互斥体
詳細信息:ShimCacheMutex
Local\!IETld!Mutex
CtfmonInstMutexDefaultS-*
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
RasPbFile
行為描述:加载新释放的文件
詳細信息:Image: C:\Documents and Settings\Administrator\Local Settings\%temp%\GDTH.dll.
運行截圖
VirSCAN

關於VirSCAN | 隱私權政策 | 聯繫 VirSCAN | 友情鏈接 | 幫助VirSCAN
计算机网络与信息安全技术研究中心
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号