VirSCAN.org - Le programme d'analyse virale multi-moteur v1.02, Support de 47 moteurs antiVirus

Menu Principal

Rapport de comportement

API

uploader for windows(test)

Alimenté par

Informations sur les fichiers

Cote de sécurité:76

Rapport d'analyse multi-moteur Virscan.org

Informations de base
MD5:	7987fbeca7e33a6a77a0bbb3ba6a5582
Type de fichier:	EXE
Société de production:
Version:
Informations sur le shell ou le compilateur:	PACKER:UPX V2.00-V3.00 -> Markus Oberhumer & Laszlo Molnar & John Reiser *
Informations de sous-fichier:	upx30_34b6698bdumpFile / e7c61c0e4d433278481729488b56ab1d / EXE

Comportement clé
Description du comportement:	获取TickCount值
Détails:	TickCount = 827953, SleepMilliseconds = 60000.
	TickCount = 827968, SleepMilliseconds = 60000.
	TickCount = 828093, SleepMilliseconds = 60000.
	TickCount = 828109, SleepMilliseconds = 60000.
	TickCount = 828125, SleepMilliseconds = 60000.
	TickCount = 828140, SleepMilliseconds = 60000.
	TickCount = 828171, SleepMilliseconds = 60000.
	TickCount = 828234, SleepMilliseconds = 60000.
	TickCount = 828265, SleepMilliseconds = 60000.
	TickCount = 828281, SleepMilliseconds = 60000.
	TickCount = 828328, SleepMilliseconds = 60000.
	TickCount = 828343, SleepMilliseconds = 60000.
	TickCount = 828359, SleepMilliseconds = 60000.
	TickCount = 828375, SleepMilliseconds = 60000.
	TickCount = 828390, SleepMilliseconds = 60000.

Comportement du processus
Description du comportement:	枚举进程
Détails:	N/A

Comportement du fichier
Description du comportement:	查找文件
Détails:	FileName = C:\Users\Administrator\AppData
	FileName = C:\Users\Administrator\AppData\Local
	FileName = C:\Users\Administrator\AppData\Local\Temp
	FileName = C:\Users\Administrator\AppData\Local\%temp%
	FileName = C:\Users
	FileName = C:\Users\ADMINI~1
	FileName = C:\Users\ADMINI~1\AppData
	FileName = C:\Users\ADMINI~1\AppData\Local
	FileName = C:\Users\ADMINI~1\AppData\Local\Temp
	FileName = C:\Windows\System32
	FileName = C:\Windows\System32\config
	FileName = C:\Windows\System32\config\systemprofile\AppData
	FileName = C:\Windows\System32\config\systemprofile\AppData\Local
	FileName = C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows
	FileName = C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History

Autre comportement
Description du comportement:	检测自身是否被调试
Détails:	IsDebuggerPresent
Description du comportement:	创建互斥体
Détails:	Local\Shell.CMruPidlList
	Local\SHResolveLibrary:C:/Users/Administrator/AppData/Roaming/Microsoft/Windows/Libraries/Documents.library-ms
Description du comportement:	隐藏指定窗口
Détails:	[Window,Class] = [,ComboLBox]
	[Window,Class] = [帮助(&H),Button]
	[Window,Class] = [,CtrlNotifySink]
	[Window,Class] = [Shell Preview Extension Host,Shell Preview Extension Host]
Description du comportement:	窗口信息
Détails:	Pid = 2640, Hwnd=0xb02ca, Text = Cancel, ClassName = Button.
	Pid = 2640, Hwnd=0x1d01c0, Text = Progress1, ClassName = msctls_progress32.
	Pid = 2640, Hwnd=0x2401de, Text = Please Wait ..., ClassName = Static.
	Pid = 2640, Hwnd=0x1b01dc, Text = File:, ClassName = Static.
	Pid = 2640, Hwnd=0x140144, Text = PatchTSSD, ClassName = #32770.
	Pid = 2640, Hwnd=0x902c0, Text = 命名空间树控件, ClassName = NamespaceTreeControl.
	Pid = 2640, Hwnd=0xd02b6, Text = 树视图, ClassName = SysTreeView32.
	Pid = 2640, Hwnd=0x902c8, Text = ShellView, ClassName = SHELLDLL_DefView.
	Pid = 2640, Hwnd=0x802ec, Text = 文件名(&N):, ClassName = Static.
	Pid = 2640, Hwnd=0x170306, Text = TssdRun, ClassName = ComboBoxEx32.
	Pid = 2640, Hwnd=0x1801d2, Text = TssdRun, ClassName = Edit.
	Pid = 2640, Hwnd=0x1901d0, Text = EXE File (*.exe), ClassName = ComboBox.
	Pid = 2640, Hwnd=0x1e017a, Text = 打开(&O), ClassName = Button.
	Pid = 2640, Hwnd=0x1b018a, Text = 取消, ClassName = Button.
	Pid = 2640, Hwnd=0x130142, Text = 帮助(&H), ClassName = Button.
Description du comportement:	获取TickCount值
Détails:	TickCount = 827953, SleepMilliseconds = 60000.
	TickCount = 827968, SleepMilliseconds = 60000.
	TickCount = 828093, SleepMilliseconds = 60000.
	TickCount = 828109, SleepMilliseconds = 60000.
	TickCount = 828125, SleepMilliseconds = 60000.
	TickCount = 828140, SleepMilliseconds = 60000.
	TickCount = 828171, SleepMilliseconds = 60000.
	TickCount = 828234, SleepMilliseconds = 60000.
	TickCount = 828265, SleepMilliseconds = 60000.
	TickCount = 828281, SleepMilliseconds = 60000.
	TickCount = 828328, SleepMilliseconds = 60000.
	TickCount = 828343, SleepMilliseconds = 60000.
	TickCount = 828359, SleepMilliseconds = 60000.
	TickCount = 828375, SleepMilliseconds = 60000.
	TickCount = 828390, SleepMilliseconds = 60000.
Description du comportement:	获取光标位置
Détails:	CursorPos = (90,18467), SleepMilliseconds = 60000.
	CursorPos = (6383,26500), SleepMilliseconds = 60000.
	CursorPos = (19218,15724), SleepMilliseconds = 60000.
	CursorPos = (11527,29358), SleepMilliseconds = 60000.
Description du comportement:	打开事件
Détails:	HookSwitchHookEnabledEvent
	Local\MSCTF.CtfActivated.Default1
	Local\MSCTF.AsmCacheReady.Default1
	\KernelObjects\MaximumCommitCondition
	Global\TabletHardwarePresent
	Global\SvcctrlStartEvent_A3752DX
	MSFT.VSA.COM.DISABLE.2640
	MSFT.VSA.IEC.STATUS.6c736db0
Description du comportement:	调用Sleep函数
Détails:	[1]: MilliSeconds = 60000.
	[2]: MilliSeconds = 60000.
	[3]: MilliSeconds = 60000.
	[4]: MilliSeconds = 60000.
	[5]: MilliSeconds = 60000.
	[6]: MilliSeconds = 60000.
	[7]: MilliSeconds = 60000.
	[8]: MilliSeconds = 60000.
	[9]: MilliSeconds = 0.
	[10]: MilliSeconds = 60000.
Description du comportement:	打开互斥体
Détails:	Local\MSCTF.Asm.MutexDefault1
	DefaultTabtip-MainUI

Exécuter une capture d'écran

Informations sur les fichiers

Informations de base

Comportement clé

Comportement du processus

Comportement du fichier

Autre comportement

上传文件