VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:55
Behavior list
Basic Information
MD5:5df5990318894933cf68678f1e028f80
file type:EXE
Production company:
version:
Shell or compiler information:
Key behavior
Behavior description:探测 Virtual PC是否存在
details:N/A
Behavior description:隐藏指定窗口
details:[Window,Class] = [,tooltips_class32]
[Window,Class] = [,Afx:400000:0:10011:0:0]
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00040302, Text = , ClassName = Afx:400000:0:10011:0:0.
hWnd = 0x000202a2, Text = 无界浏览 15.02, ClassName = #32770.
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x01010056, DC = 0x01010056.
Foreground window Info: HWND = 0x0101038b, DC = 0x0101038b.
Foreground window Info: HWND = 0x01010055, DC = 0x01010055.
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EHF..GIEIH
MSCTF.MarshalInterface.FileMap.EHF.B.GIEIH
MSCTF.MarshalInterface.FileMap.EHF.C.FJEIH
MSCTF.MarshalInterface.FileMap.EHF.D.FJEIH
MSCTF.MarshalInterface.FileMap.EHF.E.FDGIH
MSCTF.MarshalInterface.FileMap.EHF.F.FDGIH
MSCTF.MarshalInterface.FileMap.EHF.G.FDGIH
MSCTF.MarshalInterface.FileMap.ACL..AHGIH
MSCTF.MarshalInterface.FileMap.ACL.B.AHGIH
MSCTF.MarshalInterface.FileMap.ACL.C.AHGIH
MSCTF.MarshalInterface.FileMap.ACL.D.AHGIH
MSCTF.MarshalInterface.FileMap.ACL.E.AHGIH
MSCTF.MarshalInterface.FileMap.ACL.F.AIGIH
MSCTF.MarshalInterface.FileMap.ACL.G.AIGIH
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015082520150826
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015082420150831
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015091220150913
Behavior description:查询注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
Behavior description:查找指定内核模块
details:lstrcmpiA: ntice.sys <------> ntkrnlpa.exe (ntice.sys)
lstrcmpiA: ntice.sys <------> hal.dll (ntice.sys)
lstrcmpiA: ntice.sys <------> KDCOM.DLL (ntice.sys)
lstrcmpiA: ntice.sys <------> BOOTVID.dll (ntice.sys)
lstrcmpiA: ntice.sys <------> ACPI.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> WMILIB.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> pci.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> isapnp.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> compbatt.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> BATTC.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> intelide.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> PCIIDEX.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> MountMgr.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> ftdisk.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> dmload.sys (ntice.sys)
Behavior description:查找反病毒常用工具窗口
details:NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
NtUserFindWindowEx: [Class,Window] = [pediy06,]
NtUserFindWindowEx: [Class,Window] = [FilemonClass,]
NtUserFindWindowEx: [Class,Window] = [,File Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [PROCMON_WINDOW_CLASS,]
NtUserFindWindowEx: [Class,Window] = [,Process Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [RegmonClass,]
NtUserFindWindowEx: [Class,Window] = [,Registry Monitor - Sysinternals: www.sysinternals.com]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EHF..GIEIH
MSCTF.MarshalInterface.FileMap.EHF.B.GIEIH
MSCTF.MarshalInterface.FileMap.EHF.C.FJEIH
MSCTF.MarshalInterface.FileMap.EHF.D.FJEIH
MSCTF.MarshalInterface.FileMap.EHF.E.FDGIH
MSCTF.MarshalInterface.FileMap.EHF.F.FDGIH
MSCTF.MarshalInterface.FileMap.EHF.G.FDGIH
MSCTF.MarshalInterface.FileMap.ACL..AHGIH
MSCTF.MarshalInterface.FileMap.ACL.B.AHGIH
MSCTF.MarshalInterface.FileMap.ACL.C.AHGIH
MSCTF.MarshalInterface.FileMap.ACL.D.AHGIH
MSCTF.MarshalInterface.FileMap.ACL.E.AHGIH
MSCTF.MarshalInterface.FileMap.ACL.F.AIGIH
MSCTF.MarshalInterface.FileMap.ACL.G.AIGIH
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015082520150826
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015082420150831
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015091220150913
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\Rdfnibiwkc8l3d4x---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\Zhahwaljsr2q5a8h---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\Nobgjmntzp1i8l3x---> Offset = 0
C:\Documents and Settings\Administrator\PUTTY.RND---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\Bfkhcvcxew3a6v7g---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015082420150831\index.dat---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015091220150913\index.dat---> Offset = 0
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\*
FileName = C:\Documents and Settings\Administrator\Local Settings\History
FileName = C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015082520150826\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015082420150831\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015091220150913\*.*
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = d3rkfw22xppori.cloudfront.net, PORT = 443
InternetConnectA: ServerName = d19ya6dk74n9uf.cloudfront.net, PORT = 443
InternetConnectA: ServerName = s3-ap-southeast-1.amazonaws.com, PORT = 443
InternetConnectA: ServerName = s3-ap-northeast-1.amazonaws.com, PORT = 443
InternetConnectA: ServerName = s3.amazonaws.com, PORT = 443
Behavior description:打开HTTP请求
details:HttpOpenRequestA: d3rkfw22xppori.cloudfront.net:443/news/fxy-iml/bimguws9cbjhp/qubpbgqr3ppzt/bflnm5ify/gxzwrwpztxep/1ey_jl3/e1ywr9c5zxl0/cy4vmcfwkvlfz/pglumhhtsn_it/9s20ulh/emhm3cl8hbeca/ib3wsf2/jtocwghw7kxq/7z1r7xdwd/0otk8zty8fzb9/ldu9o40s8yp9/33nlxgc/h_zjb?
HttpOpenRequestA: d19ya6dk74n9uf.cloudfront.net:443/news/ax8ll9jw7kdm/iop-brt3/0nft-4-lyzpe9/jefyuewn_/93m1vwm1oxlic/3sakq_6yr/tra1cwrdnko57/hlexmxkmex_5/tk8ll20k9cb/eadqdvu/ca9vesnpq-yx/yjb2rtrx0/_mm_54xzb/y9cqnn0zdi/xrfwshlt8red/sp4tvt-9/u6dmns5adkoark1mr?p
HttpOpenRequestA: d3rkfw22xppori.cloudfront.net:443/news/riajlcjcy/0afrfk1e/dmdkitccpbj3u/_stfxyh/zlncin0c7dn/p9dcklnkvbjdu/8ww-ggnmmzv/hyp_rd_rvh6m/qb_i4aeidis/moakt4lwrmhzb/wf2tmja-u/hzqyrsibwde/avpz8s8g/j9stk7b-mf2/ps6ddib2_elvr/2z6arvhqxqji1/-6dnx9sw7mh?p
HttpOpenRequestA: s3-ap-southeast-1.amazonaws.com:443/wujiesg/cn1501/nhcguqjyo?hqghumeaylnlfdxfircvscxggbwkfnqduxwfnfozvsrtkjprepggxrpnrvystmwcysyycqpevikeffmznimkkasvwsrenzkycxfxtlsgypsfadpooefxzbcoejuvpvaboygpoeylfpbnpljvrvipyamyehwqnqrqpmxujjloovaowuxwhmsn
HttpOpenRequestA: s3-ap-northeast-1.amazonaws.com:443/wujiejp/cn1501/uiesfjcop?hqghumeaylnlfdxfircvscxggbwkfnqduxwfnfozvsrtkjprepggxrpnrvystmwcysyycqpevikeffmznimkkasvwsrenzkycxfxtlsgypsfadpooefxzbcoejuvpvaboygpoeylfpbnpljvrvipyamyehwqnqrqpmxujjloovaowuxwhmsn
HttpOpenRequestA: d19ya6dk74n9uf.cloudfront.net:443/news/mjkybwy/izyptwjb/fcd6_89/wk1ditj/3xzgwdgp/_rhmpuynje/b_1pz8cc/smzrl005bu/iyhueqkl1y/ynznp_z/1tgi6uh/e7-coxfpla/gplkrfum/qev0p2izpbb/ujbrcbc_i/vcf1pihopmqc/fgxqxbh-h/zowpgmc/j3qxi3lkbonwv/jr4oae7lfzw9nxj
HttpOpenRequestA: s3.amazonaws.com:443/ultrasurfus/cn1501/xaeiepoda?hqghumeaylnlfdxfircvscxggbwkfnqduxwfnfozvsrtkjprepggxrpnrvystmwcysyycqpevikeffmznimkkasvwsrenzkycxfxtlsgypsfadpooefxzbcoejuvpvaboygpoeylfpbnpljvrvipyamyehwqnqrqpmxujjloovaowuxwhmsncbxcoksfzkv
HttpOpenRequestA: d3rkfw22xppori.cloudfront.net:443/news/x3yqkh4uv/v1mxlhlo/zdmwev9/5s00ecia/4djibtqwcq41/9geg1nx05zp/h5xey1_map3/au0h3kqqskf/zsgp9sfkfdhs/xusxh-exq/j11xilwl9ld/tfdvenkt/-yd5uz7pnt/aat7los/fqtwgdffx/pbqvniakrh/tnzxtxl/rb74g5q/fcdcbkdn/5wu0z12t
HttpOpenRequestA: d19ya6dk74n9uf.cloudfront.net:443/news/nf1qk5ed2_zk0urg/zo9s1bjx/q5pzm8bh1ohj8/ngwkplxtl1/lctoo0ml/gaqbb4_/mje6vsgvxdf/ywwjixl/cz2z7z3iv/tntvjvrncz2dq/swolazcl0/bnddet5f/2jlqbsatk/n5xopewpokt/cjvajrnypxc/gmbiov5/4g74mnvqc/xuh81canafq_k/pyl_m
HttpOpenRequestA: d3rkfw22xppori.cloudfront.net:443/news/h-ip94jbst3/tpgex96-xj/4gtsixknr/nk8aoqi16yo/wqpnmu6/rpiom9dugy/brpo_uk/j9-iz9unyhsts/c1bkcqesyx/ncxz9exeleui4/pmh0z1idwmz8/dgq27z4n/eikekcn/pyr4l1e1/1kl_ivl/crqhgt4/bffznly2j/vcpfnv6ce/dltqeawb1/cpyqao
HttpOpenRequestA: d19ya6dk74n9uf.cloudfront.net:443/news/r3nw7owx/nmlzs9b/gnqmjp_xu/i6p-pcblu9x/2bdpcugj/5_95jtopu/ee_fs21wp/1qmw4nrcu1my/laqs6h5g/ox80tmyjmg/to9kpppkl/trbk6q71g/2o3rkgd9ot/pxdslquo/vs1_23er/iiyf7vhc/u1qfpnyoj-rf/apf6j_xhkd4z/mj7qeefvbtv9e/aqp
HttpOpenRequestA: d3rkfw22xppori.cloudfront.net:443/news/ndh8pxe7vvx/b-xhqgo/habugnqpwylsb/gwhcddxve/hclcscthgh9x/cyhfrv4if24/vcgoxxh5g7105/drhiginx/fhulomhcna5l/zptnybclzy_vv/slxv8dsmwaafv/ll5segg0_jgau/etfgfyewzagv/r50r7zro/y4uyxyzx9j6i/hgzeepif/isrx-e7ji2g
HttpOpenRequestA: d19ya6dk74n9uf.cloudfront.net:443/news/ra6eupadyenxrnh/xykyf-sp-xq/zvfop4oz/rs-4cykm/arz-rw852anst/mkficzl/ly8hgi5slpbg/btnq13vkvyzys/wywkune/hnr4bmgx/3bbwhkky/3vixoopprs/hkhmtqxg4/umboexmqu/zhf5gkrbay4iv/otoc6hnoiwi/vrqtdkdyg/3i2tsqwoiu0/me
HttpOpenRequestA: d3rkfw22xppori.cloudfront.net:443/news/ql1tonqjwt5zz/qltt8iybz5olt/nbkzrldzeg4y/qpao6u8j/j-wxnta/nleand2za0/omna-vo4b/kz-f4kar/js9xi1gs/otlo2glzksszc/jd5v2r5tuz/pxafzcxioe/hn64fpbhj/1pjglzco_d1/gtezx8u1y/uhrpkw8fmqla/yv6bcsd8/3fz1_afbjva/fdc
HttpOpenRequestA: d19ya6dk74n9uf.cloudfront.net:443/news/_yf7f_z14/_mrci9fh/k9a-1obwz/00ciejkn3mx/y875k0q-v/zhqnhk7-b-5/sbc0rrkpra8ug/taowlmj3/cevlr9n5n/5e_xivxwy0p5/f_i3nftw/syne9k_qr/zsqs1f2hdsr/v88favrgfyulx/ftbrajugdsr/gvtqa0r/9ps1wdud/vdxxnc_/uc3fu2jfv/j
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\UseHTTP
\REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\UseTCP
\REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\UseUDP
\REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\UseMulticast
\REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP\ProxyBypass
\REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP\ProxyStyle
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1C00
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\CurrentLevel
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\Isolation
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Safety\ActiveXFiltering\IsEnabled
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\UseCustomUDPPort
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\Isolation
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\TypedURLs\url1
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\TypedURLs\url2
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\TypedURLs\url3
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\TypedURLs\url4
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\TypedURLs\url5
Behavior description:修改注册表_IE连接设置
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
Behavior description:删除注册表键值_IE连接设置
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Behavior description:删除注册表键
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082520150826
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082420150831
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015091220150913
Other behavior
Behavior description:探测 Virtual PC是否存在
details:N/A
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
RasPbFile
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.ACL
MSCTF.Shared.MUTEX.EHF
Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012015082420150831!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012015091220150913!
Behavior description:隐藏指定窗口
details:[Window,Class] = [,tooltips_class32]
[Window,Class] = [,Afx:400000:0:10011:0:0]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [18467-41,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\SICE
\??\SIWVID
\??\NTICE
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 489237, SleepMilliseconds = 50.
TickCount = 489409, SleepMilliseconds = 50.
TickCount = 489487, SleepMilliseconds = 50.
TickCount = 490378, SleepMilliseconds = 50.
TickCount = 490471, SleepMilliseconds = 50.
TickCount = 491221, SleepMilliseconds = 50.
TickCount = 491253, SleepMilliseconds = 50.
TickCount = 491268, SleepMilliseconds = 50.
TickCount = 491300, SleepMilliseconds = 50.
TickCount = 491315, SleepMilliseconds = 50.
TickCount = 491331, SleepMilliseconds = 50.
TickCount = 491346, SleepMilliseconds = 50.
TickCount = 491362, SleepMilliseconds = 50.
TickCount = 491393, SleepMilliseconds = 50.
TickCount = 491425, SleepMilliseconds = 50.
Behavior description:获取光标位置
details:CursorPos = (106,18467), SleepMilliseconds = 50.
CursorPos = (6399,26500), SleepMilliseconds = 50.
CursorPos = (19234,15724), SleepMilliseconds = 50.
CursorPos = (6399,26500), SleepMilliseconds = 200.
CursorPos = (19234,15724), SleepMilliseconds = 200.
CursorPos = (11543,29358), SleepMilliseconds = 200.
CursorPos = (106,18467), SleepMilliseconds = 200.
CursorPos = (106,18467), SleepMilliseconds = 500.
CursorPos = (27027,24464), SleepMilliseconds = 500.
CursorPos = (6399,26500), SleepMilliseconds = 1000.
CursorPos = (19234,15724), SleepMilliseconds = 3000.
CursorPos = (6399,26500), SleepMilliseconds = 100.
CursorPos = (11543,29358), SleepMilliseconds = 1000.
CursorPos = (19234,15724), SleepMilliseconds = 500.
CursorPos = (27027,24464), SleepMilliseconds = 1000.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00040302, Text = , ClassName = Afx:400000:0:10011:0:0.
hWnd = 0x000202a2, Text = 无界浏览 15.02, ClassName = #32770.
Behavior description:窗口信息
details:Pid = 1344, Hwnd=0x202a8, Text = 打开主页, ClassName = Button.
Pid = 1344, Hwnd=0x202cc, Text = 经典模式, ClassName = Button.
Pid = 1344, Hwnd=0x202b4, Text = 高级设置, ClassName = Button.
Pid = 1344, Hwnd=0x202b2, Text = 帮助, ClassName = Button.
Pid = 1344, Hwnd=0x302ba, Text = 退出, ClassName = Button.
Pid = 1344, Hwnd=0x302bc, Text = 无界浏览, ClassName = Static.
Pid = 1344, Hwnd=0x202d4, Text = 服务器选择, ClassName = Static.
Pid = 1344, Hwnd=0x302dc, Text = 连接速度, ClassName = Static.
Pid = 1344, Hwnd=0x202c4, Text = 0%, ClassName = Static.
Pid = 1344, Hwnd=0x202c8, Text = 0%, ClassName = Static.
Pid = 1344, Hwnd=0x202ca, Text = 0%, ClassName = Static.
Pid = 1344, Hwnd=0x202c6, Text = Progress1, ClassName = msctls_progress32.
Pid = 1344, Hwnd=0x302da, Text = Progress1, ClassName = msctls_progress32.
Pid = 1344, Hwnd=0x302b8, Text = Progress1, ClassName = msctls_progress32.
Pid = 1344, Hwnd=0x202aa, Text = 反馈信息, ClassName = Button.
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x01010056, DC = 0x01010056.
Foreground window Info: HWND = 0x0101038b, DC = 0x0101038b.
Foreground window Info: HWND = 0x01010055, DC = 0x01010055.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 1000.
[2]: MilliSeconds = 3000.
[3]: MilliSeconds = 1000.
[4]: MilliSeconds = 3000.
[5]: MilliSeconds = 1200.
[6]: MilliSeconds = 3000.
[7]: MilliSeconds = 1000.
[8]: MilliSeconds = 3000.
[9]: MilliSeconds = 1200.
[10]: MilliSeconds = 3000.
Behavior description:查询注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
Behavior description:查找指定内核模块
details:lstrcmpiA: ntice.sys <------> ntkrnlpa.exe (ntice.sys)
lstrcmpiA: ntice.sys <------> hal.dll (ntice.sys)
lstrcmpiA: ntice.sys <------> KDCOM.DLL (ntice.sys)
lstrcmpiA: ntice.sys <------> BOOTVID.dll (ntice.sys)
lstrcmpiA: ntice.sys <------> ACPI.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> WMILIB.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> pci.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> isapnp.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> compbatt.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> BATTC.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> intelide.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> PCIIDEX.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> MountMgr.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> ftdisk.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> dmload.sys (ntice.sys)
Behavior description:查找反病毒常用工具窗口
details:NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
NtUserFindWindowEx: [Class,Window] = [pediy06,]
NtUserFindWindowEx: [Class,Window] = [FilemonClass,]
NtUserFindWindowEx: [Class,Window] = [,File Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [PROCMON_WINDOW_CLASS,]
NtUserFindWindowEx: [Class,Window] = [,Process Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [RegmonClass,]
NtUserFindWindowEx: [Class,Window] = [,Registry Monitor - Sysinternals: www.sysinternals.com]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号