1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.
| Behavior list |
| Behavior analysis report: Habo file analysis Threatbook file behavior analysis report |
| MD5:d6a32531438c3c9cc7a6fc9523c6826a |
| 文件大小:5.58MB |
| 上传时间: 2014-09-22 10:36:30 (CST) |
| Package names: |
| Minimum operating environment: |
| copyright: |
| Behavior description: | 创建本地线程 |
| details: | TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2508, ThreadID = 2556, StartAddress = 77DC845A, Parameter = 00000000 |
| Behavior description: | 查找文件 |
| details: | FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\aspr_keys.ini |
| FileName = C:\WINDOWS\Temp | |
| FileName = C:\WINDOWS\Sysnative\cmd.exe |
| Behavior description: | 检测自身是否被调试 |
| details: | IsDebuggerPresent |
| Behavior description: | 创建互斥体 |
| details: | CTF.LBES.MutexDefaultS-* |
| CTF.Compart.MutexDefaultS-* | |
| CTF.Asm.MutexDefaultS-* | |
| CTF.Layouts.MutexDefaultS-* | |
| CTF.TMD.MutexDefaultS-* | |
| CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-* | |
| MSCTF.Shared.MUTEX.IOH | |
| Behavior description: | 创建事件对象 |
| details: | EventName = Global\userenv: User Profile setup event |
| EventName = DINPUTWINMM | |
| Behavior description: | 查找指定窗口 |
| details: | NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,] |
| Behavior description: | 窗口信息 |
| details: | Pid = 2508, Hwnd=0x1033e, Text = 确定, ClassName = Button. |
| Pid = 2508, Hwnd=0x10342, Text = 仅支持以下版本的系统!!! Windows 10 Core (Home) 或 Windows 10 Core (Home) (N) 或 Windows 10 CoreSingleLanguage 或 Windows 10 CoreSingleLanguage (N) 或 Windows 10 Professional 或 Windows 10 Professional (N) 或 Windows 10 ProfessionalEducation 或 Windows 10 Professiona, ClassName = Static. | |
| Pid = 2508, Hwnd=0x1033c, Text = 错误!, ClassName = #32770. | |
| Behavior description: | 搜索kernel32.dll基地址 |
| details: | Instruction Address = 0x0089a7bb |
| Behavior description: | 打开事件 |
| details: | HookSwitchHookEnabledEvent |
| CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F | |
| CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F | |
| MSCTF.SendReceiveConection.Event.IOH.IC | |
| MSCTF.SendReceive.Event.IOH.IC | |
| Behavior description: | 枚举窗口 |
| details: | N/A |
| Behavior description: | 打开互斥体 |
| details: | ShimCacheMutex |
HOME
