VirSCAN VirSCAN

1, Sie können jede Datei UPLOADEN, aber beachten Sie das 20 MB Limit pro Datei.
2, VirSCAN unterstützt ZIP und RAR mit weniger als 20 Dateien im Archiv
3, VirSCAN unterstützt die Standard Passwörter 'infected' und 'virus' bei Archiven.

Sprache
Server Auslastung
Server Load

Dateiinformationen
Sicherheitsbewertung:76
Verhaltensliste
Grundlegende Informationen
MD5:dd7750cdba6d66abb6b64561d09f9558
Dateityp:网页文件
Produktionsfirma:
Version:
Shell- oder Compiler-Informationen:
Schlüsselverhalten
Verhaltensbeschreibung:设置特殊文件夹属性
Details:C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016081820160819
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
Prozessverhalten
Verhaltensbeschreibung:创建本地线程
Details:TargetProcess: iexplore.exe, InheritedFromPID = 1640, ProcessID = 712, ThreadID = 2284, StartAddress = 6359727B, Parameter = 00258788
TargetProcess: iexplore.exe, InheritedFromPID = 1640, ProcessID = 712, ThreadID = 2288, StartAddress = 77E56C7D, Parameter = 00272E38
TargetProcess: iexplore.exe, InheritedFromPID = 1640, ProcessID = 712, ThreadID = 2380, StartAddress = 5DE05A52, Parameter = 001BF6A8
TargetProcess: iexplore.exe, InheritedFromPID = 1640, ProcessID = 712, ThreadID = 2448, StartAddress = 6359727B, Parameter = 00279028
TargetProcess: iexplore.exe, InheritedFromPID = 1640, ProcessID = 712, ThreadID = 2452, StartAddress = 6359727B, Parameter = 002790C8
Dateiverhalten
Verhaltensbeschreibung:创建文件
Details:C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016081820160819\index.dat
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\dnserrordiagoff[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\noConnect[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[3]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\down[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favcenter[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[2]
Verhaltensbeschreibung:覆盖已有文件
Details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\dnserrordiagoff[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\noConnect[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[3]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\down[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favcenter[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[2]
Verhaltensbeschreibung:查找文件
Details:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\%temp%\****.html
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\History
FileName = C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016053020160531\*.*
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\ieframe.dll
Verhaltensbeschreibung:删除文件
Details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\dnserrordiagoff[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\ErrorPageTemplate[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\noConnect[3]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\down[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\favcenter[3]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[1]
Verhaltensbeschreibung:设置特殊文件夹属性
Details:C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016081820160819
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
Verhaltensbeschreibung:修改文件内容
Details:C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016081820160819\index.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\dnserrordiagoff[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\ErrorPageTemplate[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\noConnect[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[3] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\down[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favcenter[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[2] ---> Offset = 0
Netzwerkverhalten
Verhaltensbeschreibung:打开HTTP连接
Details:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
Registrierungsverhalten
Verhaltensbeschreibung:修改注册表
Details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Default MHTML Editor\Last
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016081820160819\CachePath
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016081820160819\CachePrefix
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016081820160819\CacheLimit
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016081820160819\CacheOptions
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016081820160819\CacheRepair
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTimeCount
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Verhaltensbeschreibung:删除注册表键值
Details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Verhaltensbeschreibung:删除注册表键
Details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016053020160531\
Anderes Verhalten
Verhaltensbeschreibung:创建互斥体
Details:Local\!PrivacIE!SharedMemory!Mutex
SmartScreen_UrsCacheMutex_2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2High_S-*
Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012016081820160819!
MSCTF.Shared.MUTEX.APH
RasPbFile
MSIMGSIZECacheMutex
Verhaltensbeschreibung:创建事件对象
Details:EventName = Global\crypt32LogoffEvent
EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
Verhaltensbeschreibung:查找指定窗口
Details:NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Verhaltensbeschreibung:打开事件
Details:Global\crypt32LogoffEvent
Isolation Signal Registry Event (AC1E28A9-653A-11E6-91C0-7B****28, 0)
MSFT.VSA.COM.DISABLE.712
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007F0.00000000.00000020
CTF.ThreadMarshalInterfaceEvent.000007F0.00000000.00000020
MSCTF.SendReceiveConection.Event.APH.IC
MSCTF.SendReceive.Event.APH.IC
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
CTF.ThreadMIConnectionEvent.000007F0.00000001.00000023
CTF.ThreadMarshalInterfaceEvent.000007F0.00000001.00000023
Verhaltensbeschreibung:窗口信息
Details:Pid = 1640, Hwnd=0x1101ca, Text = 导航栏, ClassName = WorkerW.
Pid = 1640, Hwnd=0xe01ae, Text = 地址组合控制, ClassName = ToolbarWindow32.
Pid = 1640, Hwnd=0x5017c, Text = 页面控制, ClassName = ToolbarWindow32.
Pid = 1640, Hwnd=0x50182, Text = 搜索..., ClassName = Edit.
Pid = 1640, Hwnd=0x70178, Text = 搜索组合控制, ClassName = ToolbarWindow32.
Pid = 1640, Hwnd=0x80166, Text = 搜索控制, ClassName = ToolbarWindow32.
Pid = 1640, Hwnd=0x50176, Text = 命令栏, ClassName = ToolbarWindow32.
Pid = 1640, Hwnd=0x10022e, Text = 收藏夹命令栏, ClassName = ToolbarWindow32.
Pid = 1640, Hwnd=0x5017a, Text = LinksBand, ClassName = LinksBandClass.
Pid = 1640, Hwnd=0x401a0, Text = 收藏夹栏, ClassName = ToolbarWindow32.
Pid = 1640, Hwnd=0xb01a6, Text = 添加到收藏夹栏, ClassName = ToolbarWindow32.
Pid = 712, Hwnd=0x701a8, Text = ITBarHost, ClassName = InternetToolbarHost.
Pid = 712, Hwnd=0x501f4, Text = 菜单栏, ClassName = WorkerW.
Pid = 712, Hwnd=0x20250, Text = 缩放级别, ClassName = ToolbarWindow32.
Pid = 1640, Hwnd=0xe01f0, Text = C:\Documents and Settings\Administrator\Local Settings\%temp%\%temp%\****.html - Windows Internet Explorer, ClassName = IEFrame.
Verhaltensbeschreibung:隐藏指定窗口
Details:[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
Verhaltensbeschreibung:打开互斥体
Details:CtfmonInstMutexDefaultS-*
_!SHMSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012016081820160819!
Local\c:!documents and settings!administrator!local settings!application data!microsoft!feeds cache!
RasPbFile
Screenshot ausführen
VirSCAN

Über VirSCAN | Datenschutz | Kontakt | Freundliche Verbindung | VirSCAN unterstützen
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号