VirSCAN VirSCAN

1, Puteți ÎNCĂRCA orice tip de fișier, însă limita este de 20Mb per fișier.
2, VirSCAN suportă decompresie Rar/Zip, însă arhiva nu trebuie să conțină mai mult de 20 fișiere.
3, VirSCAN poate scana fișiere arhivate cu parola 'infected' sau 'virus'
4, Dacă browser-ul dumneavoastră nu poate încărca fișiere, vă rugăm să descărcați încărcarea VirSCAN.

Limba
Nivelul de încărcare a serverului
Server Load

VirSCAN
VirSCAN

1, Puteți ÎNCĂRCA orice tip de fișier, însă limita este de 20Mb per fișier.
2, VirSCAN suportă decompresie Rar/Zip, însă arhiva nu trebuie să conțină mai mult de 20 fișiere.
3, VirSCAN poate scana fișiere arhivate cu parola 'infected' sau 'virus'

   Informații despre fișiere

Virscan.org raport de scanare cu mai multe motoare
Raport de analiză a comportamentului:         Analiza fișierelor Habo

Informații de bază

MD5:02753dabab4d2e5de44d26ef419bf946
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Numele pachetului:
Mediul de operare minim:
drepturi de autor:

Comportamentul cheie

Descrierea comportamentului: 打开注册表_检测虚拟机相关
Pentru mai multe informații: \REGISTRY\MACHINE\Software\VMware, Inc.
Descrierea comportamentului: 设置特殊文件夹属性
Pentru mai multe informații: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Descrierea comportamentului: 获取系统权限
Pentru mai multe informații: SE_LOAD_DRIVER_PRIVILEGE
Descrierea comportamentului: 获取TickCount值
Pentru mai multe informații: TickCount = 486135, SleepMilliseconds = 10.
TickCount = 486150, SleepMilliseconds = 10.
TickCount = 486166, SleepMilliseconds = 10.
TickCount = 486181, SleepMilliseconds = 10.
TickCount = 486197, SleepMilliseconds = 10.
TickCount = 486213, SleepMilliseconds = 10.
TickCount = 486228, SleepMilliseconds = 10.
TickCount = 486244, SleepMilliseconds = 10.
TickCount = 486260, SleepMilliseconds = 10.
TickCount = 486275, SleepMilliseconds = 10.
TickCount = 486291, SleepMilliseconds = 10.
TickCount = 486306, SleepMilliseconds = 10.
TickCount = 486322, SleepMilliseconds = 10.
TickCount = 486338, SleepMilliseconds = 10.
TickCount = 486353, SleepMilliseconds = 10.

Comportamentul procesului

Descrierea comportamentului: 隐藏窗口创建进程
Pentru mai multe informații: ImagePath = , CmdLine = c:\windows\system32\cmd.exe /c copy /b "c:\docume~1\admini~1\locals~1\temp\nsn6.tmp\sohuva_4.5.77.0-c204900003-nti-ng-tp-s.exe" + "c:\windows\fonts\arial.ttf" "c:\docume~1\admini~1\locals~1\temp\nsn6.tmp\sohuva_4.5.77.0-c204900003-nti-n
ImagePath = , CmdLine = c:\windows\system32\cmd.exe /c copy /b "c:\docume~1\admini~1\locals~1\temp\nsn6.tmp\ppstreamsetup_senxing@xt015.exe" + "c:\windows\fonts\arial.ttf" "c:\docume~1\admini~1\locals~1\temp\nsn6.tmp\ppstreamsetup_senxing@xt015.exe"
ImagePath = , CmdLine = c:\windows\system32\cmd.exe /c copy /b "c:\docume~1\admini~1\locals~1\temp\nsn6.tmp\ht_y_ssxaz10_06255.exe" + "c:\windows\fonts\arial.ttf" "c:\docume~1\admini~1\locals~1\temp\nsn6.tmp\ht_y_ssxaz10_06255.exe"
Descrierea comportamentului: 创建进程
Pentru mai multe informații: ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = C:\WINDOWS\system32\cmd.exe /C copy /b "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\SoHuVA_4.5.77.0-c204900003-nti-ng-tp-s.exe" + "C:\WINDOWS\Fonts\arial.ttf" "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\SoHuV
ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = C:\WINDOWS\system32\cmd.exe /C copy /b "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ppstreamsetup_senxing@xt015.exe" + "C:\WINDOWS\Fonts\arial.ttf" "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ppstreamsetup_se
ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = C:\WINDOWS\system32\cmd.exe /C copy /b "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ht_Y_ssxaz10_06255.exe" + "C:\WINDOWS\Fonts\arial.ttf" "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ht_Y_ssxaz10_06255.exe"
Descrierea comportamentului: 创建本地线程
Pentru mai multe informații: N/A
Descrierea comportamentului: 创建下载文件进程
Pentru mai multe informații: ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\Browser_V5.5.7386.17_r_4677_(Build1511251045).exe, CmdLine = Browser_V5.5.7386.17_r_4677_(Build1511251045).exe
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\XMPSetupLite-SIjhaqws57.exe, CmdLine = XMPSetupLite-SIjhaqws57.exe
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ppstreamsetup_senxing@xt015.exe, CmdLine = ppstreamsetup_senxing@xt015.exe
Descrierea comportamentului: 进程退出
Pentru mai multe informații: N/A
Descrierea comportamentului: 枚举进程
Pentru mai multe informații: N/A

Fișier comportament

Descrierea comportamentului: 创建文件
Pentru mai multe informații: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx5.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\b.jpg
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\NSISdl.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\1.zip
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\Base64.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\NsRandom.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\Inetc.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\21.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ZipDLL.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\38.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\OK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ExecCmd.dll
Descrierea comportamentului: 创建可执行文件
Pentru mai multe informații: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\NSISdl.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\Base64.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\NsRandom.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\Inetc.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ZipDLL.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ExecCmd.dll
Descrierea comportamentului: 覆盖已有文件
Pentru mai multe informații: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx5.tmp
Descrierea comportamentului: 查找文件
Pentru mai multe informații: FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\1.zip
FileName = C:\WINDOWS
FileName = C:\WINDOWS\WinSxS
FileName = C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
FileName = C:\Program Files\Tencent\QQBrowser\uninst.exe
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\cmd.exe
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
Descrierea comportamentului: 删除文件
Pentru mai multe informații: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\1.zip
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\OK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\URL Parts Error
Descrierea comportamentului: 设置特殊文件夹属性
Pentru mai multe informații: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Descrierea comportamentului: 修改文件内容
Pentru mai multe informații: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\b.jpg---> Offset = 49152
Descrierea comportamentului: 修改新生成的可执行文件
Pentru mai multe informații: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ppstreamsetup_senxing@xt015.exe---> Offset = 132096
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ppstreamsetup_senxing@xt015.exe---> Offset = 499208
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ppstreamsetup_senxing@xt015.exe---> Offset = 866320
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ppstreamsetup_senxing@xt015.exe---> Offset = 1233432
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ppstreamsetup_senxing@xt015.exe---> Offset = 1600544

Comportamentul rețelei

Descrierea comportamentului: 下载文件
Pentru mai multe informații: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\21.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\38.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\22.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\50.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\Browser_V5.5.7386.17_r_4677_(Build1511251045).exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\XMPSetupLite-SIjhaqws57.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ppstreamsetup_senxing@xt015.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\27.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\24.tmp
Descrierea comportamentului: 连接指定站点
Pentru mai multe informații: InternetConnectA: ServerName = t.cn, PORT = 80
InternetConnectA: ServerName = down2.uc.cn, PORT = 80
InternetConnectA: ServerName = xmp.down.sandai.net, PORT = 80
InternetConnectA: ServerName = dl.static.iqiyi.com, PORT = 80
Descrierea comportamentului: 打开指定IE网页
Pentru mai multe informații: http://120.55.104.68/OTk2RS5leGU=/40.html
Descrierea comportamentului: 建立到一个指定的套接字连接
Pentru mai multe informații: 219.133.40.1:80
Descrierea comportamentului: 读取网络文件
Pentru mai multe informații: hFile = 0x00000630, BytesToRead =8192, BytesRead = 8192.
hFile = 0x0000062c, BytesToRead =8192, BytesRead = 8192.
hFile = 0x000006bc, BytesToRead =8192, BytesRead = 8192.
hFile = 0x00000568, BytesToRead =8192, BytesRead = 8192.
hFile = 0x00000570, BytesToRead =8192, BytesRead = 8192.
hFile = 0x00000584, BytesToRead =8192, BytesRead = 8192.
hFile = 0x00000574, BytesToRead =8192, BytesRead = 8192.
hFile = 0x00000588, BytesToRead =8192, BytesRead = 8192.
Descrierea comportamentului: 打开HTTP请求
Pentru mai multe informații: HttpOpenRequestA: t.cn:80/rymedny, hConnect = 0x0000062c
HttpOpenRequestA: t.cn:80/rywpelm, hConnect = 0x00000638
HttpOpenRequestA: t.cn:80/rumykf8, hConnect = 0x00000650
HttpOpenRequestA: t.cn:80/rudvyvh, hConnect = 0x0000056c
HttpOpenRequestA: down2.uc.cn:80/pcbrowser/down.php?pid=4677, hConnect = 0x00000584
HttpOpenRequestA: xmp.down.sandai.net:80/kankan/xmpsetuplite-sijhaqws57.exe, hConnect = 0x00000574
HttpOpenRequestA: dl.static.iqiyi.com:80/hz/ppstreamsetup_senxing@xt015.exe, hConnect = 0x00000578
HttpOpenRequestA: t.cn:80/ru6cqne, hConnect = 0x00000584
HttpOpenRequestA: t.cn:80/rudv2sn, hConnect = 0x00000564
Descrierea comportamentului: 按名称获取主机地址
Pentru mai multe informații: int.dpool.sina.com.cn

Înregistrare comportament

Descrierea comportamentului: 打开注册表_检测虚拟机相关
Pentru mai multe informații: \REGISTRY\MACHINE\Software\VMware, Inc.

Alt comportament

Descrierea comportamentului: 创建互斥体
Pentru mai multe informații: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
1
MSCTF.Shared.MUTEX.ELH
SHIMLIB_LOG_MUTEX
MSCTF.Shared.MUTEX.ACI
Descrierea comportamentului: 创建事件对象
Pentru mai multe informații: EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.ACI.IC
EventName = MSCTF.SendReceiveConection.Event.ACI.IC
Descrierea comportamentului: 修改后的可执行文件MD5
Pentru mai multe informații: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ppstreamsetup_senxing@xt015.exe ---> 69dfd21d79689cb29dc1b7b2d96ba09e
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ppstreamsetup_senxing@xt015.exe ---> 406224d16bab99ca0bb23d9eb3549a98
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ppstreamsetup_senxing@xt015.exe ---> aa81237f137d63e60b5e64aa6f6e8c9e
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ppstreamsetup_senxing@xt015.exe ---> 8a564ad8d451baf2c46475f5f52fdf60
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ppstreamsetup_senxing@xt015.exe ---> 459b2b0543808c549d2698752d34f7a9
Descrierea comportamentului: 获取系统权限
Pentru mai multe informații: SE_LOAD_DRIVER_PRIVILEGE
Descrierea comportamentului: 获取TickCount值
Pentru mai multe informații: TickCount = 486135, SleepMilliseconds = 10.
TickCount = 486150, SleepMilliseconds = 10.
TickCount = 486166, SleepMilliseconds = 10.
TickCount = 486181, SleepMilliseconds = 10.
TickCount = 486197, SleepMilliseconds = 10.
TickCount = 486213, SleepMilliseconds = 10.
TickCount = 486228, SleepMilliseconds = 10.
TickCount = 486244, SleepMilliseconds = 10.
TickCount = 486260, SleepMilliseconds = 10.
TickCount = 486275, SleepMilliseconds = 10.
TickCount = 486291, SleepMilliseconds = 10.
TickCount = 486306, SleepMilliseconds = 10.
TickCount = 486322, SleepMilliseconds = 10.
TickCount = 486338, SleepMilliseconds = 10.
TickCount = 486353, SleepMilliseconds = 10.
Descrierea comportamentului: 枚举窗口
Pentru mai multe informații: N/A
Descrierea comportamentului: 修改后的可执行文件签名信息
Pentru mai multe informații: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ppstreamsetup_senxing@xt015.exe(签名验证: 未通过)
Descrierea comportamentului: 可执行文件签名信息
Pentru mai multe informații: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\System.dll(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\NSISdl.dll(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\Base64.dll(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\NsRandom.dll(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\Inetc.dll(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ZipDLL.dll(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ExecCmd.dll(签名验证: 未通过)
Descrierea comportamentului: 可执行文件MD5
Pentru mai multe informații: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\System.dll ---> c17103ae9072a06da581dec998343fc1
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\NSISdl.dll ---> a5f8399a743ab7f9c88c645c35b1ebb5
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\Base64.dll ---> f0e3845fefd227d7f1101850410ec849
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\NsRandom.dll ---> 9b54944ce476591d65288b0701a52c46
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\Inetc.dll ---> 50fdadda3e993688401f6f1108fabdb4
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ZipDLL.dll ---> 2dc35ddcabcb2b24919b9afae4ec3091
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ExecCmd.dll ---> b9380b0bea8854fd9f93cc1fda0dfeac
Descrierea comportamentului: 查找指定窗口
Pentru mai multe informații: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [SysListView32,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Descrierea comportamentului: 加载新释放的文件
Pentru mai multe informații: Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\System.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\NSISdl.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\Base64.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\NsRandom.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\Inetc.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ZipDLL.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn6.tmp\ExecCmd.dll.