VirSCAN VirSCAN

1, Puteți ÎNCĂRCA orice tip de fișier, însă limita este de 20Mb per fișier.
2, VirSCAN suportă decompresie Rar/Zip, însă arhiva nu trebuie să conțină mai mult de 20 fișiere.
3, VirSCAN poate scana fișiere arhivate cu parola 'infected' sau 'virus'

Limba
Nivelul de încărcare a serverului
Server Load

Informații despre fișiere
Evaluarea siguranței:78
Listă de comportamente
Informații de bază
MD5:f8e92d8b5488ea76c40601c8f1a08790
Tip fișier:Microsoft Office Word(docx)文档
Compania producatoare:
Versiune:
Shell sau informații despre compilator:
Comportamentul cheie
Descrierea comportamentului:查询注册表_检测虚拟机相关
Pentru mai multe informații:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions\ProductCodes
Fișier comportament
Descrierea comportamentului:创建文件
Pentru mai multe informații:C:\Users\Administrator\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F567A141-CF29-424D-A307-215C8A4CADD5}.tmp
C:\Users\Administrator\AppData\Local\%temp%\****.docx
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{92132941-873F-4EDE-945F-A5DFDA113E7D}.tmp
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{533BD6CB-F99F-4D18-8389-E7410B9D9727}.tmp
C:\Users\Administrator\AppData\Roaming\Microsoft\Office\%temp%\****.LNK
C:\Users\Administrator\AppData\Roaming\Microsoft\Office\%temp%.LNK
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1B922D77.eps
Descrierea comportamentului:删除文件
Pentru mai multe informații:C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1B922D77.eps
Descrierea comportamentului:修改文件内容
Pentru mai multe informații:C:\Users\Administrator\AppData\Roaming\Microsoft\Templates\~$Normal.dotm ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Microsoft\Templates\~$Normal.dotm ---> Offset = 54
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F567A141-CF29-424D-A307-215C8A4CADD5}.tmp ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\****.docx ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\****.docx ---> Offset = 54
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{533BD6CB-F99F-4D18-8389-E7410B9D9727}.tmp ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Microsoft\Office\%temp%\****.LNK ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\index.dat ---> Offset = 80
C:\Users\Administrator\AppData\Roaming\Microsoft\Office\%temp%.LNK ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\index.dat ---> Offset = 40
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1B922D77.eps ---> Offset = 0
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1B922D77.eps ---> Offset = 4096
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1B922D77.eps ---> Offset = 8192
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1B922D77.eps ---> Offset = 12288
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1B922D77.eps ---> Offset = 16384
Descrierea comportamentului:查找文件
Pentru mai multe informații:FileName = C:\Program Files\Common Files\Microsoft Shared\office12
FileName = C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll
FileName = C:\Program Files\Common Files\Microsoft Shared\office12\*.*
FileName = C:\Program Files
FileName = C:\Program Files\Microsoft Office 2007
FileName = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscoreei.dll
FileName = C:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727\mscoreei.dll
FileName = C:\Windows\Microsoft.NET\Framework\v2.0.0\mscorwks.dll
FileName = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
FileName = C:\Program Files\Microsoft Office 2007\Office12\Normal.dotm
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\Templates\Normal.dotm
FileName = C:\Users\Administrator\AppData\Local\Microsoft\Office\Word.qat
FileName = C:\Users\Administrator\AppData\Local\%temp%\****.docx
FileName = C:\Users\Administrator
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\Word\STARTUP\*.*
Descrierea comportamentului:复制文件
Pentru mai multe informații:C:\PROGRA~2\MICROS~1\OFFICE\DATA\OPA12.BAK ---> C:\PROGRA~2\MICROS~1\OFFICE\DATA\opa12.dat
Înregistrare comportament
Descrierea comportamentului:修改注册表
Pentru mai multe informații:\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\ud3
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Common\LanguageResources\EnabledLanguages\2052
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Common\LanguageResources\EnabledLanguages\1033
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC\Usage\WORDFiles
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC\Usage\ProductFiles
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109110000000000000000F01FEC\Usage\ProductFiles
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\MTTT
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\-p3
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\k{3
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 1
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 2
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4080110900063D11C8EF10054038389C\Usage\SpellingAndGrammarFiles_1033
\REGISTRY\USER\S-*\Software\Microsoft\Shared Tools\Panose\Batang
\REGISTRY\USER\S-*\Software\Microsoft\Shared Tools\Panose\BatangChe
\REGISTRY\USER\S-*\Software\Microsoft\Shared Tools\Panose\DFKai-SB
Descrierea comportamentului:删除注册表键值
Pentru mai multe informații:\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\-p3
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Max Display
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 1
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 2
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 3
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 4
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 5
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 6
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 7
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 8
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 9
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 10
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 11
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 12
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 13
Descrierea comportamentului:查询注册表_检测虚拟机相关
Pentru mai multe informații:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions\ProductCodes
Descrierea comportamentului:删除注册表键
Pentru mai multe informații:\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\
Alt comportament
Descrierea comportamentului:检测自身是否被调试
Pentru mai multe informații:IsDebuggerPresent
Descrierea comportamentului:创建互斥体
Pentru mai multe informații:Global\MTX_MSO_Formal1_S-*
Global\MTX_MSO_AdHoc1_S-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Descrierea comportamentului:创建事件对象
Pentru mai multe informații:EventName = Local\PrimaryWord12Mutex_S-*1
EventName = FADEOUTMANAGER_MESSAGE_HWND_CREATED_EVENT
Descrierea comportamentului:查找指定窗口
Pentru mai multe informații:NtUserFindWindowEx: [Class,Window] = [mspim_wnd32,]
NtUserFindWindowEx: [Class,Window] = [MSOBALLOON,]
NtUserFindWindowEx: [Class,Window] = [MsoHelp10,]
NtUserFindWindowEx: [Class,Window] = [AgentAnim,]
Descrierea comportamentului:窗口信息
Pentru mai multe informații:Pid = 2248, Hwnd=0x230160, Text = MsoDockTop, ClassName = MsoCommandBarDock.
Pid = 2248, Hwnd=0x1701d4, Text = Ribbon, ClassName = MsoCommandBar.
Pid = 2248, Hwnd=0x120298, Text = MsoDockBottom, ClassName = MsoCommandBarDock.
Pid = 2248, Hwnd=0x270184, Text = 状态栏, ClassName = MsoCommandBar.
Pid = 2248, Hwnd=0x1801d2, Text = 状态栏, ClassName = MsoWorkPane.
Pid = 2248, Hwnd=0x17016a, Text = MsoWorkPane, ClassName = MsoWorkPane.
Pid = 2248, Hwnd=0x1b01ac, Text = MsoWorkPane, ClassName = MsoWorkPane.
Pid = 2248, Hwnd=0x1e0124, Text = b70c - Microsoft Word, ClassName = OpusApp.
Pid = 2248, Hwnd=0x1a01e2, Text = Ribbon, ClassName = MsoWorkPane.
Pid = 2248, Hwnd=0x2501de, Text = b70c, ClassName = _WwB.
Pid = 2248, Hwnd=0x130142, Text = MSO Generic Control Container, ClassName = MsoCommandBar.
Pid = 2248, Hwnd=0x170174, Text = MSO Generic Control Container, ClassName = MsoCommandBar.
Pid = 2248, Hwnd=0x1901d0, Text = Microsoft Word 文档, ClassName = _WwG.
Pid = 2248, Hwnd=0x1702ee, Text = 垂直, ClassName = NUIScrollbar.
Descrierea comportamentului:打开事件
Pentru mai multe informații:\KernelObjects\MaximumCommitCondition
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
MSFT.VSA.COM.DISABLE.2248
MSFT.VSA.IEC.STATUS.6c736db0
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Descrierea comportamentului:打开互斥体
Pentru mai multe informații:Local\MU_ACBPIDS09_S-1-5-5-0-96182
Local\MSCTF.Asm.MutexDefault1
Global\MTX_MSO_Formal1_S-*
Global\MTX_MSO_AdHoc1_S-*
Rulați captura de ecran
VirSCAN

Despre VirSCAN | Politica de confidențialitate | Contact | Linie prietenoasă | Ajută VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号