VirSCAN VirSCAN

1, Puteți ÎNCĂRCA orice tip de fișier, însă limita este de 20Mb per fișier.
2, VirSCAN suportă decompresie Rar/Zip, însă arhiva nu trebuie să conțină mai mult de 20 fișiere.
3, VirSCAN poate scana fișiere arhivate cu parola 'infected' sau 'virus'

Limba
Nivelul de încărcare a serverului
Server Load

Informații despre fișiere
Evaluarea siguranței:73
Listă de comportamente
Raport de analiză a comportamentului:         Raport de analiză a comportamentului fișierului Threatbook
Informații de bază
MD5:6f423fedda86b5e4abf581fe4401ff51
Tip fișier:EXE
Compania producatoare:
Versiune:
Shell sau informații despre compilator:COMPILER:NSIS
Subfile informații:2019.exe / 42d1c5df8c0406dd52249160018a458c / EXE
gy.exe / 7302d781d2818727280d6eb9c74a15dd / EXE
[NSIS].nsi / 7b46ec779bbd3fb4bdeb2598a6f3d441 / Unknown
Comportamentul cheie
Descrierea comportamentului:获取TickCount值
Pentru mai multe informații:TickCount = 218875, SleepMilliseconds = 250.
TickCount = 279406, SleepMilliseconds = 60000.
TickCount = 279453, SleepMilliseconds = 60000.
TickCount = 279468, SleepMilliseconds = 60000.
TickCount = 279484, SleepMilliseconds = 60000.
TickCount = 279500, SleepMilliseconds = 60000.
TickCount = 279515, SleepMilliseconds = 60000.
TickCount = 279593, SleepMilliseconds = 60000.
TickCount = 279671, SleepMilliseconds = 60000.
TickCount = 279687, SleepMilliseconds = 60000.
TickCount = 279718, SleepMilliseconds = 60000.
TickCount = 279734, SleepMilliseconds = 60000.
TickCount = 279750, SleepMilliseconds = 60000.
TickCount = 279812, SleepMilliseconds = 60000.
TickCount = 279828, SleepMilliseconds = 60000.
Descrierea comportamentului:设置特殊文件属性
Pentru mai multe informații:C:\lpk.dll
C:\222c25ed\IE8-Setup-Full\lpk.dll
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\lpk.dll
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\lpk.dll
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Temp\lpk.dll
C:\Documents and Settings\Administrator\Application Data\SogouPY\lpk.dll
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\commonf_inst\lpk.dll
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\SafeBase\lpk.dll
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\STemp\SetupEx~0\lpk.dll
Descrierea comportamentului:查找PE资源信息
Pentru mai multe informații:(FindResourceA) hModule = 0x00000000, ResName: , ResType:
Descrierea comportamentului:进程提权信息
Pentru mai multe informații:NT AUTHORITY\SYSTEM
Descrierea comportamentului:创建系统服务
Pentru mai multe informații:[服务创建成功]: Pqrstu Wxyabcde Ghi, C:\WINDOWS\fsbtks.exe
Descrierea comportamentului:修改注册表_启动项
Pentru mai multe informații:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bootcon2019.exe
Comportamentul procesului
Descrierea comportamentului:隐藏窗口创建进程
Pentru mai multe informații:ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = "C:\WINDOWS\system32\cmd.exe" /c del C:\gy.exe > nul
ImagePath = , CmdLine = at \\**.133.40.** 15:43 admin$\
ImagePath = , CmdLine = at \\**.133.40.** 15:44 admin$\
Descrierea comportamentului:创建进程
Pentru mai multe informații:[0x00000c00]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = "C:\WINDOWS\system32\cmd.exe" /c del C:\gy.exe > nul
[0x00000c10]ImagePath = C:\WINDOWS\system32\at.exe, CmdLine = at \\**.133.40.** 15:43 admin$\
[0x00000c8c]ImagePath = C:\WINDOWS\system32\at.exe, CmdLine = at \\**.133.40.** 15:43 admin$\
[0x00000d78]ImagePath = C:\WINDOWS\system32\at.exe, CmdLine = at \\**.133.40.** 15:43 admin$\
[0x00000dd0]ImagePath = C:\WINDOWS\system32\at.exe, CmdLine = at \\**.133.40.** 15:44 admin$\
[0x00000e1c]ImagePath = C:\WINDOWS\system32\at.exe, CmdLine = at \\**.133.40.** 15:44 admin$\
[0x00000e74]ImagePath = C:\WINDOWS\system32\at.exe, CmdLine = at \\**.133.40.** 15:44 admin$\
[0x00000ee0]ImagePath = C:\WINDOWS\system32\at.exe, CmdLine = at \\**.133.40.** 15:44 admin$\
Descrierea comportamentului:创建新文件进程
Pentru mai multe informații:[0x00000b2c]ImagePath = C:\2019.exe, CmdLine = "C:\2019.exe"
[0x00000b34]ImagePath = C:\gy.exe, CmdLine = "C:\gy.exe"
[0x00000b60]ImagePath = C:\WINDOWS\fsbtks.exe, CmdLine = C:\WINDOWS\fsbtks.exe
Descrierea comportamentului:创建本地线程
Pentru mai multe informații:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2728, ThreadID = 2808, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: 2019.exe, InheritedFromPID = 2728, ProcessID = 2860, ThreadID = 2896, StartAddress = 77C0A341, Parameter = 003F67E0
TargetProcess: fsbtks.exe, InheritedFromPID = 652, ProcessID = 2912, ThreadID = 2952, StartAddress = 77DC3519, Parameter = 00187FA8
TargetProcess: 2019.exe, InheritedFromPID = 2728, ProcessID = 2860, ThreadID = 2956, StartAddress = 77E56C7D, Parameter = 0019DF78
TargetProcess: 2019.exe, InheritedFromPID = 2728, ProcessID = 2860, ThreadID = 2960, StartAddress = 769AE43B, Parameter = 0019C950
TargetProcess: 2019.exe, InheritedFromPID = 2728, ProcessID = 2860, ThreadID = 2964, StartAddress = 77E56C7D, Parameter = 001A0C10
TargetProcess: fsbtks.exe, InheritedFromPID = 652, ProcessID = 2912, ThreadID = 3008, StartAddress = 1000161B, Parameter = 00000000
TargetProcess: fsbtks.exe, InheritedFromPID = 652, ProcessID = 2912, ThreadID = 3012, StartAddress = 00402D65, Parameter = 00000000
TargetProcess: fsbtks.exe, InheritedFromPID = 652, ProcessID = 2912, ThreadID = 3040, StartAddress = 0040377A, Parameter = 00000000
TargetProcess: fsbtks.exe, InheritedFromPID = 652, ProcessID = 2912, ThreadID = 3148, StartAddress = 100013B0, Parameter = 00000002
TargetProcess: fsbtks.exe, InheritedFromPID = 652, ProcessID = 2912, ThreadID = 3152, StartAddress = 100013B0, Parameter = 00000017
Descrierea comportamentului:进程提权信息
Pentru mai multe informații:NT AUTHORITY\SYSTEM
Fișier comportament
Descrierea comportamentului:创建文件
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\Temp\nsp6.tmp
C:\2019.exe
C:\gy.exe
C:\test.exe
C:\WINDOWS\fsbtks.exe
C:\WINDOWS\system32\hra33.dll
C:\RCX7.tmp
C:\WINDOWS\system32\fsbtks.exe
C:\lpk.dll
C:\222c25ed\IE8-Setup-Full\lpk.dll
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\lpk.dll
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\lpk.dll
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Temp\lpk.dll
C:\Documents and Settings\Administrator\Application Data\SogouPY\lpk.dll
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\commonf_inst\lpk.dll
Descrierea comportamentului:创建可执行文件
Pentru mai multe informații:C:\2019.exe
C:\gy.exe
C:\test.exe
C:\WINDOWS\fsbtks.exe
C:\WINDOWS\system32\hra33.dll
C:\RCX7.tmp
C:\WINDOWS\system32\fsbtks.exe
C:\lpk.dll
C:\222c25ed\IE8-Setup-Full\lpk.dll
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\lpk.dll
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\lpk.dll
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Temp\lpk.dll
C:\Documents and Settings\Administrator\Application Data\SogouPY\lpk.dll
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\commonf_inst\lpk.dll
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\SafeBase\lpk.dll
Descrierea comportamentului:覆盖已有文件
Pentru mai multe informații:C:\RCX7.tmp
C:\WINDOWS\system32\fsbtks.exe
Descrierea comportamentului:复制文件
Pentru mai multe informații:C:\gy.exe ---> C:\WINDOWS\fsbtks.exe
C:\WINDOWS\fsbtks.exe ---> \\**.133.40.**\admin$\g1fd.exe
C:\WINDOWS\system32\hra33.dll ---> C:\lpk.dll
C:\WINDOWS\system32\hra33.dll ---> C:\222c25ed\IE8-Setup-Full\lpk.dll
C:\WINDOWS\system32\hra33.dll ---> C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\lpk.dll
C:\WINDOWS\system32\hra33.dll ---> C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\lpk.dll
C:\WINDOWS\system32\hra33.dll ---> C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Temp\lpk.dll
C:\WINDOWS\system32\hra33.dll ---> C:\Documents and Settings\Administrator\Application Data\SogouPY\lpk.dll
C:\WINDOWS\system32\hra33.dll ---> C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\commonf_inst\lpk.dll
C:\WINDOWS\system32\hra33.dll ---> C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\SafeBase\lpk.dll
C:\WINDOWS\system32\hra33.dll ---> C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\STemp\SetupEx~0\lpk.dll
Descrierea comportamentului:设置特殊文件属性
Pentru mai multe informații:C:\lpk.dll
C:\222c25ed\IE8-Setup-Full\lpk.dll
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\lpk.dll
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\lpk.dll
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Temp\lpk.dll
C:\Documents and Settings\Administrator\Application Data\SogouPY\lpk.dll
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\commonf_inst\lpk.dll
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\SafeBase\lpk.dll
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\STemp\SetupEx~0\lpk.dll
Descrierea comportamentului:删除文件
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\Temp\nsp6.tmp
C:\WINDOWS\system32\hra33.dll
Descrierea comportamentului:查找文件
Pentru mai multe informații:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = \gy.exe
FileName = C:\2019.exe
FileName = C:\gy.exe
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
Descrierea comportamentului:重命名文件
Pentru mai multe informații:C:\RCX7.tmp ---> C:\WINDOWS\system32\hra33.dll
Descrierea comportamentului:修改文件内容
Pentru mai multe informații:C:\2019.exe ---> Offset = 0
C:\2019.exe ---> Offset = 17127
C:\2019.exe ---> Offset = 33559
C:\2019.exe ---> Offset = 50187
C:\2019.exe ---> Offset = 66739
C:\gy.exe ---> Offset = 0
C:\gy.exe ---> Offset = 17203
C:\test.exe ---> Offset = 0
C:\WINDOWS\fsbtks.exe ---> Offset = 0
C:\WINDOWS\fsbtks.exe ---> Offset = 4096
C:\WINDOWS\fsbtks.exe ---> Offset = 8192
C:\WINDOWS\fsbtks.exe ---> Offset = 12288
C:\WINDOWS\system32\hra33.dll ---> Offset = 0
C:\RCX7.tmp ---> Offset = 0
C:\RCX7.tmp ---> Offset = 664
Comportamentul rețelei
Descrierea comportamentului:连接指定站点
Pentru mai multe informații:WinHttpConnect: ServerName = do****om, PORT = 80, UserName = , Password = , hSession = 0x00ad5000, hConnect = 0x00ad5100, Flags = 0x00000000
WinHttpConnect: ServerName = do****om, PORT = 80, UserName = , Password = , hSession = 0x00ad5000, hConnect = 0x00ad5200, Flags = 0x00000000
WinHttpConnect: ServerName = ww****et, PORT = 443, UserName = , Password = , hSession = 0x00ad5000, hConnect = 0x00ad5100, Flags = 0x00000000
Descrierea comportamentului:建立到一个指定的套接字连接
Pentru mai multe informații:IP: **.101.76.**:2019, SOCKET = 0x000000d8
URL: do****om, IP: **.133.40.**:80, SOCKET = 0x00000200
URL: ww****et, IP: **.133.40.**:443, SOCKET = 0x000001d0
Descrierea comportamentului:发送HTTP包
Pentru mai multe informații:GET / HTTP/1.1 User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: text/html, application/xhtml+xml, */* Accept-Encoding: gbk, GB2312 Accept-Language: zh-cn Cache-Control: no-cache Host: do****om Connection: Keep-Alive
GET /appsearch/AndroidPhone/1.0.65.172/1/1012271b/20171027150542/appsearch_AndroidPhone_1-0-65-172_1012271b.apk?responseContentDisposition=attachment%3Bfilename%3D%22appsearch_AndroidPhone_v8.0.3%281.0.65.172%29_1012271b.apk%22&responseContentType=application%2Fvnd.android.package-archive&request_id=1516457256_8032127161&type=dynamic HTTP/1.1 User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: text/html, application/xhtml+xml, */* Accept-Encoding: gbk, GB2312 Accept-Language: zh-cn Cache-Control: no-cache Host: do****om Connection: Keep-Alive
Descrierea comportamentului:打开HTTP请求
Pentru mai multe informații:WinHttpOpenRequest: do****om:80/, hConnect = 0x00ad5100, hRequest = 0x00ca0000, Verb: GET, Referer: , Flags = 0x00000000
WinHttpOpenRequest: do****om:80/appsearch/androidphone/1.0.65.172/1/1012271b/20171027150542/appsearch_androidphone_1-0-65-172_1012271b.apk?responsecontentdisposition=attachment%3bfilename%3d%22appsearch_androidphone_v8.0.3%281.0.65.172%29_1012271b.apk%22&responsecontent, hConnect = 0x00ad5200, hRequest = 0x00ca0000, Verb: GET, Referer: , Flags = 0x00000000
WinHttpOpenRequest: ww****et:443/, hConnect = 0x00ad5100, hRequest = 0x00ca0000, Verb: GET, Referer: , Flags = 0x00800000
Descrierea comportamentului:按名称获取主机地址
Pentru mai multe informații:gethostbyname: computer
DnsQuery_W: 1.110.110.110.in-addr.arpa.
GetAddrInfoW: do****om
GetAddrInfoW: ww****et
DnsQuery_W: 2.110.110.110.in-addr.arpa.
DnsQuery_W: 3.110.110.110.in-addr.arpa.
DnsQuery_W: 4.110.110.110.in-addr.arpa.
DnsQuery_W: 5.110.110.110.in-addr.arpa.
DnsQuery_W: 6.110.110.110.in-addr.arpa.
DnsQuery_W: 7.110.110.110.in-addr.arpa.
Înregistrare comportament
Descrierea comportamentului:修改注册表
Pentru mai multe informații:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\2019.exe
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\gy.exe
Descrierea comportamentului:修改注册表_启动项
Pentru mai multe informații:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bootcon2019.exe
Alt comportament
Descrierea comportamentului:创建互斥体
Pentru mai multe informații:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Pqrstu Wxyabcde Ghi
MSCTF.Shared.MUTEX.IOH
Descrierea comportamentului:创建事件对象
Pentru mai multe informații:EventName = 2019.exe
EventName = Global\crypt32LogoffEvent
EventName = Global\userenv: User Profile setup event
Descrierea comportamentului:查找指定窗口
Pentru mai multe informații:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Descrierea comportamentului:启动系统服务
Pentru mai multe informații:[服务启动成功]: LocalSystem, Pqrstu Wxyabcde Ghijklmn Pqrs, C:\WINDOWS\fsbtks.exe
Descrierea comportamentului:打开事件
Pentru mai multe informații:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
2019.exe
Global\SvcctrlStartEvent_A3752DX
MSFT.VSA.COM.DISABLE.2860
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Global\crypt32LogoffEvent
Descrierea comportamentului:获取TickCount值
Pentru mai multe informații:TickCount = 218875, SleepMilliseconds = 250.
TickCount = 279406, SleepMilliseconds = 60000.
TickCount = 279453, SleepMilliseconds = 60000.
TickCount = 279468, SleepMilliseconds = 60000.
TickCount = 279484, SleepMilliseconds = 60000.
TickCount = 279500, SleepMilliseconds = 60000.
TickCount = 279515, SleepMilliseconds = 60000.
TickCount = 279593, SleepMilliseconds = 60000.
TickCount = 279671, SleepMilliseconds = 60000.
TickCount = 279687, SleepMilliseconds = 60000.
TickCount = 279718, SleepMilliseconds = 60000.
TickCount = 279734, SleepMilliseconds = 60000.
TickCount = 279750, SleepMilliseconds = 60000.
TickCount = 279812, SleepMilliseconds = 60000.
TickCount = 279828, SleepMilliseconds = 60000.
Descrierea comportamentului:调整进程token权限
Pentru mai multe informații:SE_LOAD_DRIVER_PRIVILEGE
SE_INC_BASE_PRIORITY_PRIVILEGE
Descrierea comportamentului:窗口信息
Pentru mai multe informații:Pid = 2860, Hwnd=0x10344, Text = &End, ClassName = Button.
Pid = 2860, Hwnd=0x10346, Text = Co&ntinue, ClassName = Button.
Pid = 2860, Hwnd=0x10348, Text = The script you are executing is taking longer than expected to run. Click End to abort the script, or Continue to continue script execution., ClassName = Static.
Pid = 2860, Hwnd=0x10340, Text = Script Control, ClassName = #32770.
Descrierea comportamentului:查找PE资源信息
Pentru mai multe informații:(FindResourceA) hModule = 0x00000000, ResName: , ResType:
Descrierea comportamentului:可执行文件签名信息
Pentru mai multe informații:C:\2019.exe(签名验证: 未通过)
C:\gy.exe(签名验证: 未通过)
C:\test.exe(签名验证: 未通过)
C:\WINDOWS\fsbtks.exe(签名验证: 未通过)
C:\WINDOWS\system32\hra33.dll(签名验证: 未通过)
C:\RCX7.tmp(签名验证: 未通过)
C:\WINDOWS\system32\fsbtks.exe(签名验证: 未通过)
C:\lpk.dll(签名验证: 未通过)
C:\222c25ed\IE8-Setup-Full\lpk.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\lpk.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\lpk.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Temp\lpk.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\SogouPY\lpk.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\commonf_inst\lpk.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\SafeBase\lpk.dll(签名验证: 未通过)
Descrierea comportamentului:调用Sleep函数
Pentru mai multe informații:[1]: MilliSeconds = 250.
[1]: MilliSeconds = 500.
[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 60000.
[2]: MilliSeconds = 500.
[3]: MilliSeconds = 60000.
[3]: MilliSeconds = 200.
[4]: MilliSeconds = 200.
[4]: MilliSeconds = 60000.
[5]: MilliSeconds = 2000.
[5]: MilliSeconds = 60000.
[6]: MilliSeconds = 200.
[7]: MilliSeconds = 200.
[8]: MilliSeconds = 200.
[9]: MilliSeconds = 200.
Descrierea comportamentului:可执行文件MD5
Pentru mai multe informații:C:\2019.exe ---> 42d1c5df8c0406dd52249160018a458c
C:\gy.exe ---> 7302d781d2818727280d6eb9c74a15dd
C:\test.exe ---> edfd712d996767182eeb6207b0bdbab0
C:\WINDOWS\fsbtks.exe ---> 7302d781d2818727280d6eb9c74a15dd
C:\WINDOWS\system32\hra33.dll ---> e702ee910aa2c2b7a31331eb8f02753f
C:\RCX7.tmp ---> 29cba70d417ad3f5c22fb7b384062c21
C:\WINDOWS\system32\fsbtks.exe ---> 7302d781d2818727280d6eb9c74a15dd
C:\lpk.dll ---> 29cba70d417ad3f5c22fb7b384062c21
C:\222c25ed\IE8-Setup-Full\lpk.dll ---> 29cba70d417ad3f5c22fb7b384062c21
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\lpk.dll ---> 29cba70d417ad3f5c22fb7b384062c21
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\lpk.dll ---> 29cba70d417ad3f5c22fb7b384062c21
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Temp\lpk.dll ---> 29cba70d417ad3f5c22fb7b384062c21
C:\Documents and Settings\Administrator\Application Data\SogouPY\lpk.dll ---> 29cba70d417ad3f5c22fb7b384062c21
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\commonf_inst\lpk.dll ---> 29cba70d417ad3f5c22fb7b384062c21
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\SafeBase\lpk.dll ---> 29cba70d417ad3f5c22fb7b384062c21
Descrierea comportamentului:打开互斥体
Pentru mai multe informații:ShimCacheMutex
Local\!IETld!Mutex
Descrierea comportamentului:创建系统服务
Pentru mai multe informații:[服务创建成功]: Pqrstu Wxyabcde Ghi, C:\WINDOWS\fsbtks.exe
Descrierea comportamentului:加载新释放的文件
Pentru mai multe informații:Image: C:\WINDOWS\system32\hra33.dll.
Rulați captura de ecran
VirSCAN

Despre VirSCAN | Politica de confidențialitate | Contact | Linie prietenoasă | Ajută VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号