VirSCAN VirSCAN

1, Můžete nahrát libovolné soubory, ale existuje limit 20Mb na soubor.
2, VirSCAN podporuje dekompresi Rar / Zip, ale musí obsahovat méně než 20 souborů.
3, VirSCAN otestuje komprimované soubory, které jsou chráněné heslem 'infected' nebo 'virus'.
4, Pokud vá? prohlí?e? nem??e nahrát soubory, prosím, stáhněte upload VirSCAN.

Vyberte jazyk
Zatížení serveru
Server Load

VirSCAN
VirSCAN

1, Můžete nahrát libovolné soubory, ale existuje limit 20Mb na soubor.
2, VirSCAN podporuje dekompresi Rar / Zip, ale musí obsahovat méně než 20 souborů.
3, VirSCAN otestuje komprimované soubory, které jsou chráněné heslem 'infected' nebo 'virus'.

   Informace o souboru

Přehled o skenování s více motory Virscan.org
Zpráva o analýze chování:         Analýza dokumentů Habo

Základní informace

MD5:05197821c6d102cbe6f9e09213bb6787
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Název balíčku:
Minimální provozní prostředí:
Copyright:

klíčová opatření

Popis chování: 屏蔽窗口关闭消息
Podrobnosti: hWnd = 0x0002034a, Text = Setup - AnyTXT Searcher, ClassName = TWizardForm.
hWnd = 0x00010340, Text = Setup, ClassName = TApplication.
Popis chování: 查找PE资源信息
Podrobnosti: (FindResourceW) hModule = 0x00400000, ResName: SHFOLDERDLL, ResType: a(ID)
Popis chování: 获取TickCount值
Podrobnosti: TickCount = 250581, SleepMilliseconds = 50.
TickCount = 250643, SleepMilliseconds = 50.
TickCount = 250706, SleepMilliseconds = 50.
TickCount = 250768, SleepMilliseconds = 50.
TickCount = 250831, SleepMilliseconds = 50.
TickCount = 250893, SleepMilliseconds = 50.
TickCount = 250956, SleepMilliseconds = 50.
TickCount = 251018, SleepMilliseconds = 50.
TickCount = 251081, SleepMilliseconds = 50.
TickCount = 251143, SleepMilliseconds = 50.
TickCount = 251206, SleepMilliseconds = 50.
TickCount = 251268, SleepMilliseconds = 50.
TickCount = 251331, SleepMilliseconds = 50.
TickCount = 251393, SleepMilliseconds = 50.
TickCount = 251456, SleepMilliseconds = 50.

Chování procesu

Popis chování: 创建新文件进程
Podrobnosti: [0x00000a84]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-4JBV5.tmp\996E.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-4JBV5.tmp\996E.tmp" /SL5="$10336,17946732,119296,C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe"

Chování souborů

Popis chování: 创建文件
Podrobnosti: C:\Documents and Settings\Administrator\Local Settings\Temp\is-4JBV5.tmp\996E.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\is-1ANJ5.tmp\_isetup\_shfoldr.dll
Popis chování: 删除文件
Podrobnosti: C:\Documents and Settings\Administrator\Local Settings\Temp\is-1ANJ5.tmp\_isetup\_shfoldr.dll
Popis chování: 创建可执行文件
Podrobnosti: C:\Documents and Settings\Administrator\Local Settings\Temp\is-4JBV5.tmp\996E.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\is-1ANJ5.tmp\_isetup\_shfoldr.dll
Popis chování: 修改文件内容
Podrobnosti: C:\Documents and Settings\Administrator\Local Settings\Temp\is-4JBV5.tmp\996E.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\is-4JBV5.tmp\996E.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\is-4JBV5.tmp\996E.tmp ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\is-4JBV5.tmp\996E.tmp ---> Offset = 196608
C:\Documents and Settings\Administrator\Local Settings\Temp\is-4JBV5.tmp\996E.tmp ---> Offset = 262144
C:\Documents and Settings\Administrator\Local Settings\Temp\is-1ANJ5.tmp\_isetup\_shfoldr.dll ---> Offset = 0
Popis chování: 查找文件
Podrobnosti: FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-4JBV5.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-4JBV5.tmp\996E.tmp
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\「开始」菜单
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-1ANJ5.tmp\*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-1ANJ5.tmp\_isetup\*

Další chování

Popis chování: 创建互斥体
Podrobnosti: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.IIK
Popis chování: 隐藏指定窗口
Podrobnosti: [Window,Class] = [Setup,TApplication]
Popis chování: 窗口信息
Podrobnosti: Pid = 2692, Hwnd=0x10372, Text = Welcome to the AnyTXT Searcher Setup Wizard , ClassName = TNewStaticText.
Pid = 2692, Hwnd=0x10370, Text = This will install AnyTXT Searcher 1.0 on your computer. It is recommended that you close all other applications before continuing. Click Next to continue, or Cancel to exit Setup., ClassName = TNewStaticText.
Pid = 2692, Hwnd=0x10364, Text = AnyTXT Searcher END-USER LICENSE AGREEMENT All copyrights to AnyTXT Searcher are exclusively owned by the author - ming.yuan@l, ClassName = TRichEditViewer.
Pid = 2692, Hwnd=0x20352, Text = DirEdit, ClassName = TEdit.
Pid = 2692, Hwnd=0x1036c, Text = &Next >, ClassName = TNewButton.
Pid = 2692, Hwnd=0x1036a, Text = Cancel, ClassName = TNewButton.
Pid = 2692, Hwnd=0x2034a, Text = Setup - AnyTXT Searcher, ClassName = TWizardForm.
Pid = 2692, Hwnd=0x1b03e6, Text = 是(&Y), ClassName = Button.
Pid = 2692, Hwnd=0x4042a, Text = 否(&N), ClassName = Button.
Pid = 2692, Hwnd=0x1042e, Text = Setup is not complete. If you exit now, the program will not be installed. You may run Setup again at another time to complete the installation. Exit Setup?, ClassName = Static.
Pid = 2692, Hwnd=0x403c4, Text = Exit Setup, ClassName = #32770.
Popis chování: 查找指定窗口
Podrobnosti: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [,Setup - AnyTXT Searcher]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Popis chování: 打开事件
Podrobnosti: HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Popis chování: 获取TickCount值
Podrobnosti: TickCount = 250581, SleepMilliseconds = 50.
TickCount = 250643, SleepMilliseconds = 50.
TickCount = 250706, SleepMilliseconds = 50.
TickCount = 250768, SleepMilliseconds = 50.
TickCount = 250831, SleepMilliseconds = 50.
TickCount = 250893, SleepMilliseconds = 50.
TickCount = 250956, SleepMilliseconds = 50.
TickCount = 251018, SleepMilliseconds = 50.
TickCount = 251081, SleepMilliseconds = 50.
TickCount = 251143, SleepMilliseconds = 50.
TickCount = 251206, SleepMilliseconds = 50.
TickCount = 251268, SleepMilliseconds = 50.
TickCount = 251331, SleepMilliseconds = 50.
TickCount = 251393, SleepMilliseconds = 50.
TickCount = 251456, SleepMilliseconds = 50.
Popis chování: 调整进程token权限
Podrobnosti: SE_LOAD_DRIVER_PRIVILEGE
Popis chování: 屏蔽窗口关闭消息
Podrobnosti: hWnd = 0x0002034a, Text = Setup - AnyTXT Searcher, ClassName = TWizardForm.
hWnd = 0x00010340, Text = Setup, ClassName = TApplication.
Popis chování: 枚举窗口
Podrobnosti: N/A
Popis chování: 查找PE资源信息
Podrobnosti: (FindResourceW) hModule = 0x00400000, ResName: SHFOLDERDLL, ResType: a(ID)
Popis chování: 可执行文件签名信息
Podrobnosti: C:\Documents and Settings\Administrator\Local Settings\Temp\is-4JBV5.tmp\996E.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\is-1ANJ5.tmp\_isetup\_shfoldr.dll(签名验证: 未通过)
Popis chování: 调用Sleep函数
Podrobnosti: [1]: MilliSeconds = 50.
[2]: MilliSeconds = 50.
[3]: MilliSeconds = 50.
[4]: MilliSeconds = 50.
[5]: MilliSeconds = 50.
[6]: MilliSeconds = 50.
[7]: MilliSeconds = 50.
[8]: MilliSeconds = 50.
[9]: MilliSeconds = 50.
[10]: MilliSeconds = 50.
[2]: MilliSeconds = 250.
[3]: MilliSeconds = 250.
[4]: MilliSeconds = 250.
[5]: MilliSeconds = 250.
[6]: MilliSeconds = 250.
Popis chování: 创建事件对象
Podrobnosti: EventName = MSCTF.SendReceive.Event.IIK.IC
EventName = MSCTF.SendReceiveConection.Event.IIK.IC
Popis chování: 可执行文件MD5
Podrobnosti: C:\Documents and Settings\Administrator\Local Settings\Temp\is-4JBV5.tmp\996E.tmp ---> e4a2856522e6a817e3f0edd2677fa647
C:\Documents and Settings\Administrator\Local Settings\Temp\is-1ANJ5.tmp\_isetup\_shfoldr.dll ---> 92dc6ef532fbb4a5c3201469a5b5eb63
Popis chování: 打开互斥体
Podrobnosti: ShimCacheMutex
ANYTXT_FILE_SEARCHER