VirSCAN VirSCAN

1, Vous pouvez ENVOYER tout fichier mais il y a une limite de 20 Mo par fichier.
2, VirSCAN supporte la décompression Rar/Zip mais il doit y avoir moins de 20 fichiers.
3, VirSCAN peut détecter un fichier compressé avec le mot de passe 'infected' ou 'virus'.

La langue
Charge du serveur
Server Load

Informations sur les fichiers
Cote de sécurité:72
Liste de comportement
Informations de base
MD5:4f946de49fdc25f7f6dc8befa6467155
Type de fichier:EXE
Société de production:
Version:1.0.0.0---1.0.0.0
Informations sur le shell ou le compilateur:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Comportement clé
Description du comportement:设置特殊文件属性
Détails:C:\Documents and Settings\Administrator\Local Settings\%temp%\bass.dll
Description du comportement:获取TickCount值
Détails:TickCount = 243640, SleepMilliseconds = 250.
TickCount = 243656, SleepMilliseconds = 250.
Comportement du processus
Description du comportement:创建本地线程
Détails:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2676, ThreadID = 2880, StartAddress = 77DC845A, Parameter = 00000000
Description du comportement:枚举进程
Détails:N/A
Comportement du fichier
Description du comportement:创建文件
Détails:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\krnln.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\iext.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\EThread.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\spec.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\CnCalendar.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\OPenGL.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\eAPI.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\internet.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\WebBrowser2.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\EDataStructure.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\shell.fne
C:\Documents and Settings\Administrator\My Documents\sms_card_data\kanong\user\data.edb
C:\Documents and Settings\Administrator\Local Settings\%temp%\bass.dll
Description du comportement:设置特殊文件属性
Détails:C:\Documents and Settings\Administrator\Local Settings\%temp%\bass.dll
Description du comportement:创建可执行文件
Détails:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\krnln.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\iext.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\EThread.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\spec.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\CnCalendar.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\OPenGL.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\eAPI.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\internet.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\WebBrowser2.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\EDataStructure.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\shell.fne
C:\Documents and Settings\Administrator\Local Settings\%temp%\bass.dll
Description du comportement:修改文件内容
Détails:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\krnln.fnr ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\iext.fnr ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\EThread.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\spec.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\CnCalendar.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\OPenGL.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\eAPI.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\internet.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\WebBrowser2.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\EDataStructure.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\shell.fne ---> Offset = 0
C:\Documents and Settings\Administrator\My Documents\sms_card_data\kanong\user\data.edb ---> Offset = 0
C:\Documents and Settings\Administrator\My Documents\sms_card_data\kanong\user\data.edb ---> Offset = 112
C:\Documents and Settings\Administrator\My Documents\sms_card_data\kanong\user\data.edb ---> Offset = 116
C:\Documents and Settings\Administrator\My Documents\sms_card_data\kanong\user\data.edb ---> Offset = 188
Description du comportement:查找文件
Détails:FileName = C:\Documents and Settings\Administrator\My Documents\sms_card_data\kanong\user\data.edb
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\bass.dll
Comportement du registre
Description du comportement:修改注册表
Détails:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x32(BGR 0)
Autre comportement
Description du comportement:创建互斥体
Détails:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.IHK
Description du comportement:创建事件对象
Détails:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.IHK.IC
EventName = MSCTF.SendReceiveConection.Event.IHK.IC
Description du comportement:查找指定窗口
Détails:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Description du comportement:打开事件
Détails:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Description du comportement:获取TickCount值
Détails:TickCount = 243640, SleepMilliseconds = 250.
TickCount = 243656, SleepMilliseconds = 250.
Description du comportement:窗口信息
Détails:Pid = 2676, Hwnd=0x10360, Text = 取底图, ClassName = _EL_Label.
Pid = 2676, Hwnd=0x1035e, Text = 密码:, ClassName = _EL_Label.
Pid = 2676, Hwnd=0x1035c, Text = 帐号:, ClassName = _EL_Label.
Pid = 2676, Hwnd=0x10358, Text = 使用声明, ClassName = Afx:14d0000:b:10011:1900015:0.
Pid = 2676, Hwnd=0x10356, Text = 找回密码, ClassName = Afx:14d0000:b:10011:1900015:0.
Pid = 2676, Hwnd=0x10352, Text = 自动登录, ClassName = Button(CheckBox).
Pid = 2676, Hwnd=0x10350, Text = 记住帐号, ClassName = Button(CheckBox).
Pid = 2676, Hwnd=0x1034e, Text = 注册, ClassName = Button.
Pid = 2676, Hwnd=0x1034c, Text = 登录, ClassName = Button.
Pid = 2676, Hwnd=0x10346, Text = 用户登录, ClassName = WTWindow.
Pid = 2676, Hwnd=0x10348, Text = 123456, ClassName = Edit.
Description du comportement:可执行文件签名信息
Détails:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\krnln.fnr(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\iext.fnr(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\EThread.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\spec.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\CnCalendar.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\OPenGL.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\eAPI.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\internet.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\WebBrowser2.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\EDataStructure.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\shell.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\bass.dll(签名验证: 未通过)
Description du comportement:调用Sleep函数
Détails:[1]: MilliSeconds = 250.
Description du comportement:隐藏指定窗口
Détails:[Window,Class] = [,_EL_Timer]
[Window,Class] = [找回密码,Afx:14d0000:b:10011:1900015:0]
[Window,Class] = [使用声明,Afx:14d0000:b:10011:1900015:0]
[Window,Class] = [帐号:,_EL_Label]
[Window,Class] = [密码:,_EL_Label]
[Window,Class] = [取底图,_EL_Label]
Description du comportement:可执行文件MD5
Détails:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\krnln.fnr ---> 81c22cc42c6bcda834ecbc5eadaa35fd
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\iext.fnr ---> 856495a1605bfc7f62086d482b502c6f
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\EThread.fne ---> 206396257b97bd275a90ce6c2c0c37fd
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\spec.fne ---> bd6eef5ea9a52a412a8f57490d8bd8e4
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\CnCalendar.fne ---> 14e21ac783c4e560898bcff1b89dcb5c
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\OPenGL.fne ---> 561f113c2c58df40b5c4449d74d2bb48
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\eAPI.fne ---> 7c1ff88991f5eafab82b1beaefc33a42
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\internet.fne ---> 7b129c5916896c845752f93b9635fc4c
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\WebBrowser2.fne ---> 3a3d1dceb97ed5d5910bafa045792079
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\EDataStructure.fne ---> 50b10397fb6caed2e4719747191c893d
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N30005\shell.fne ---> 98174c8c2995000efbda01e1b86a1d4d
C:\Documents and Settings\Administrator\Local Settings\%temp%\bass.dll ---> 9586e7be6ae8016932038932d1417241
Description du comportement:打开互斥体
Détails:ShimCacheMutex
Description du comportement:加载新释放的文件
Détails:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N30005\krnln.fnr.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N30005\iext.fnr.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N30005\eAPI.fne.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N30005\shell.fne.
Exécuter une capture d'écran
VirSCAN

Au sujet de VirSCAN | Politique de confidentialité | Contacts | Lien amical | Aider VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号