VirSCAN VirSCAN

1, Vous pouvez ENVOYER tout fichier mais il y a une limite de 20 Mo par fichier.
2, VirSCAN supporte la décompression Rar/Zip mais il doit y avoir moins de 20 fichiers.
3, VirSCAN peut détecter un fichier compressé avec le mot de passe 'infected' ou 'virus'.
4, Si votre navigateur ne peut pas télécharger le fichier, téléchargez virscan uploader pour télécharger.

La langue
Charge du serveur
Server Load

VirSCAN
VirSCAN

1, Vous pouvez ENVOYER tout fichier mais il y a une limite de 20 Mo par fichier.
2, VirSCAN supporte la décompression Rar/Zip mais il doit y avoir moins de 20 fichiers.
3, VirSCAN peut détecter un fichier compressé avec le mot de passe 'infected' ou 'virus'.

   Informations sur les fichiers

Liste de comportement
Rapport d'analyse du comportement:         Analyse de fichier Habo

Informations de base

MD5:b61084bc27d75d8887cecd3815aee5ee
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Nom du paquet:
Environnement d'exploitation minimum:
Droit d'auteur:

Comportement clé

Description du comportement: 屏蔽窗口关闭消息
Détails: hWnd = 0x000202a4, Text = wPlayer, ClassName = #32770.
Description du comportement: 设置特殊文件夹属性
Détails: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Description du comportement: 获取窗口截图信息
Détails: Foreground window Info: HWND = 0x24010301, DC = 0x24010301.
Foreground window Info: HWND = 0x01010056, DC = 0x01010056.
Foreground window Info: HWND = 0x0101038b, DC = 0x0101038b.
Description du comportement: 获取TickCount值
Détails: TickCount = 485787, SleepMilliseconds = 100.
TickCount = 485818, SleepMilliseconds = 100.
TickCount = 485834, SleepMilliseconds = 100.
TickCount = 485850, SleepMilliseconds = 100.
TickCount = 485865, SleepMilliseconds = 100.
TickCount = 485928, SleepMilliseconds = 100.
TickCount = 485943, SleepMilliseconds = 100.
TickCount = 485959, SleepMilliseconds = 100.
TickCount = 485975, SleepMilliseconds = 100.
TickCount = 485990, SleepMilliseconds = 100.
TickCount = 486006, SleepMilliseconds = 100.
TickCount = 486021, SleepMilliseconds = 100.
TickCount = 486037, SleepMilliseconds = 100.
TickCount = 486084, SleepMilliseconds = 100.
TickCount = 486100, SleepMilliseconds = 100.

Comportement du processus

Description du comportement: 创建本地线程
Détails: N/A
Description du comportement: 进程退出
Détails: N/A
Description du comportement: 枚举进程
Détails: N/A

Comportement du fichier

Description du comportement: 创建文件
Détails: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\dnserrordiagoff_webOC[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\info_48[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\down[2]
Description du comportement: 覆盖已有文件
Détails: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\dnserrordiagoff_webOC[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\info_48[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\down[2]
Description du comportement: 查找文件
Détails: FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\Config
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\Config\index.html\*.*
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\ieframe.dll
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\Config\m3u8.html\*.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Config\m3u8.html
Description du comportement: 删除文件
Détails: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\ErrorPageTemplate[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\info_48[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\bullet[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\dnserrordiagoff_webOC[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\down[1]
Description du comportement: 设置特殊文件夹属性
Détails: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Description du comportement: 修改文件内容
Détails: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\dnserrordiagoff_webOC[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[2]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\errorPageStrings[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\httpErrorPagesScripts[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[2]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\info_48[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\down[2]---> Offset = 0

Autre comportement

Description du comportement: 创建互斥体
Détails: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
wPlayer5
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\!PrivacIE!SharedMemory!Mutex
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MFF
Description du comportement: 创建事件对象
Détails: EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.MFF.IC
EventName = MSCTF.SendReceiveConection.Event.MFF.IC
Description du comportement: 查找指定窗口
Détails: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Description du comportement: 获取系统权限
Détails: SE_LOAD_DRIVER_PRIVILEGE
Description du comportement: 获取TickCount值
Détails: TickCount = 485787, SleepMilliseconds = 100.
TickCount = 485818, SleepMilliseconds = 100.
TickCount = 485834, SleepMilliseconds = 100.
TickCount = 485850, SleepMilliseconds = 100.
TickCount = 485865, SleepMilliseconds = 100.
TickCount = 485928, SleepMilliseconds = 100.
TickCount = 485943, SleepMilliseconds = 100.
TickCount = 485959, SleepMilliseconds = 100.
TickCount = 485975, SleepMilliseconds = 100.
TickCount = 485990, SleepMilliseconds = 100.
TickCount = 486006, SleepMilliseconds = 100.
TickCount = 486021, SleepMilliseconds = 100.
TickCount = 486037, SleepMilliseconds = 100.
TickCount = 486084, SleepMilliseconds = 100.
TickCount = 486100, SleepMilliseconds = 100.
Description du comportement: 获取光标位置
Détails: CursorPos = (106,18467), SleepMilliseconds = 100.
CursorPos = (6399,26500), SleepMilliseconds = 100.
CursorPos = (19234,15724), SleepMilliseconds = 100.
CursorPos = (11543,29358), SleepMilliseconds = 100.
CursorPos = (27027,24464), SleepMilliseconds = 100.
CursorPos = (5770,28145), SleepMilliseconds = 100.
CursorPos = (23346,16827), SleepMilliseconds = 100.
CursorPos = (10026,491), SleepMilliseconds = 100.
CursorPos = (3060,11942), SleepMilliseconds = 100.
CursorPos = (4892,5436), SleepMilliseconds = 100.
CursorPos = (32456,14604), SleepMilliseconds = 100.
CursorPos = (3967,153), SleepMilliseconds = 100.
CursorPos = (357,12382), SleepMilliseconds = 100.
CursorPos = (17486,18716), SleepMilliseconds = 500.
CursorPos = (19783,19895), SleepMilliseconds = 500.
Description du comportement: 屏蔽窗口关闭消息
Détails: hWnd = 0x000202a4, Text = wPlayer, ClassName = #32770.
Description du comportement: 窗口信息
Détails: Pid = 416, Hwnd=0x202cc, Text = 确定, ClassName = Button.
Pid = 416, Hwnd=0x202b4, Text = Button1, ClassName = Button.
Pid = 416, Hwnd=0x202b2, Text = Button2, ClassName = Button.
Pid = 416, Hwnd=0x202d4, Text = Button3, ClassName = Button.
Pid = 416, Hwnd=0x202d8, Text = 确定, ClassName = Button.
Pid = 416, Hwnd=0x202a4, Text = wPlayer, ClassName = #32770.
Description du comportement: 获取窗口截图信息
Détails: Foreground window Info: HWND = 0x24010301, DC = 0x24010301.
Foreground window Info: HWND = 0x01010056, DC = 0x01010056.
Foreground window Info: HWND = 0x0101038b, DC = 0x0101038b.
Description du comportement: 调用Sleep函数
Détails: [1]: MilliSeconds = 60000.
Description du comportement: 隐藏指定窗口
Détails: [Window,Class] = [,Shell Embedding]
[Window,Class] = [,Internet Explorer_Server]