VirSCAN VirSCAN

1, Herhangi bir dosyayı YÜKLEYEBİLİRSİNİZ, ancak dosya başına 20 MB sınır vardır.
2, VirSCAN, içeriğinde en fazla 20 dosya olmak kaydıyla Rar/Zip sıkıştırmasını destekler.
3, VirSCAN 'infected' ya da 'virus' kelimesiyle şifrelenip sıkıştırılmış dosyaları tarayabilir.

Dil
Sunucu Yükü
Server Load

Dosya bilgileri
Güvenlik değerlendirmesi:78
Davranış listesi
Temel bilgiler
MD5:fd23dcf0552c5e9948033b896ac02959
Dosya türü:zip
Üretim şirketi:
Versiyon:
Kabuk veya derleyici bilgisi:
Alt dosya bilgisi:cover.jpeg / feeffc02d9efe631e4f28935701ba1b2 / Unknown
00004.jpg / 9e6198f56f2c63cdb608b88998bde237 / Unknown
00004.jpgdumpFile / 9e6198f56f2c63cdb608b88998bde237 / Unknown
cover.jpegdumpFile / feeffc02d9efe631e4f28935701ba1b2 / Unknown
00003.jpgdumpFile / 89a57c47ab99be3c99523b8e21ef4e2e / Unknown
00003.jpg / 89a57c47ab99be3c99523b8e21ef4e2e / Unknown
00006.jpgdumpFile / 002522cc12663d899e26966a2a30d82e / Unknown
00006.jpg / 002522cc12663d899e26966a2a30d82e / Unknown
Zi_Kong_Li_split_051.htmldumpFile / 26938587bae1727574119e57ab003554 / Unknown
Zi_Kong_Li_split_051.html / 26938587bae1727574119e57ab003554 / Unknown
00005.jpgdumpFile / 1bc04c5e38e8b5a53597423d4a519316 / Unknown
00005.jpg / 1bc04c5e38e8b5a53597423d4a519316 / Unknown
Zi_Kong_Li_split_002.html / fbbb9908ca788570f5c070b8104386f7 / Unknown
Zi_Kong_Li_split_002.htmldumpFile / fbbb9908ca788570f5c070b8104386f7 / Unknown
Zi_Kong_Li_split_049.htmldumpFile / eee4ebcf48657b4b1e545633ce89468e / Unknown
Zi_Kong_Li_split_049.html / eee4ebcf48657b4b1e545633ce89468e / Unknown
Zi_Kong_Li_split_056.htmldumpFile / 39d119466d13c79ab5a8f1b8eb14cb3a / Unknown
Zi_Kong_Li_split_056.html / 39d119466d13c79ab5a8f1b8eb14cb3a / Unknown
Zi_Kong_Li_split_045.htmldumpFile / 45045fcde7fec16aadd1f7241d7dc734 / Unknown
Anahtar davranış
Davranış açıklaması:设置特殊文件夹属性
Daha fazla bilgi için:C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016081820160819
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
Süreç davranış
Davranış açıklaması:创建本地线程
Daha fazla bilgi için:TargetProcess: iexplore.exe, InheritedFromPID = 3140, ProcessID = 3184, ThreadID = 3348, StartAddress = 6359727B, Parameter = 00259368
TargetProcess: iexplore.exe, InheritedFromPID = 3140, ProcessID = 3184, ThreadID = 3352, StartAddress = 77E56C7D, Parameter = 0026FA18
TargetProcess: iexplore.exe, InheritedFromPID = 3140, ProcessID = 3184, ThreadID = 3444, StartAddress = 5DE05A52, Parameter = 00277A48
TargetProcess: iexplore.exe, InheritedFromPID = 3140, ProcessID = 3184, ThreadID = 3492, StartAddress = 6359727B, Parameter = 00275C08
TargetProcess: iexplore.exe, InheritedFromPID = 3140, ProcessID = 3184, ThreadID = 3496, StartAddress = 6359727B, Parameter = 00275CA8
TargetProcess: iexplore.exe, InheritedFromPID = 3140, ProcessID = 3184, ThreadID = 3512, StartAddress = 77E56C7D, Parameter = 00270DC8
Dosya davranışı
Davranış açıklaması:创建文件
Daha fazla bilgi için:C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016081820160819\index.dat
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\dnserrordiagoff[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\noConnect[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\background_gradient[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\down[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favcenter[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[2]
Davranış açıklaması:覆盖已有文件
Daha fazla bilgi için:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\dnserrordiagoff[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\noConnect[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\background_gradient[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\down[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favcenter[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[2]
Davranış açıklaması:查找文件
Daha fazla bilgi için:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\Zi_Kong_Li_split_053.html
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump
FileName = C:\Documents and Settings\Administrator\Local Settings\History
FileName = C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016061420160615\*.*
FileName = C:\Program Files\Java
FileName = C:\Program Files\Java\jre7
FileName = C:\Program Files\Java\jre7\bin
FileName = C:\Program Files\Java\jre7\bin\jp2ssv.dll
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
Davranış açıklaması:删除文件
Daha fazla bilgi için:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\dnserrordiagoff[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\ErrorPageTemplate[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\noConnect[3]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\bullet[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\down[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\favcenter[3]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[1]
Davranış açıklaması:设置特殊文件夹属性
Daha fazla bilgi için:C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016081820160819
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
Davranış açıklaması:修改文件内容
Daha fazla bilgi için:C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016081820160819\index.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\dnserrordiagoff[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\ErrorPageTemplate[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\noConnect[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\background_gradient[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\down[2] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favcenter[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[2] ---> Offset = 0
Ağ davranışı
Davranış açıklaması:打开HTTP连接
Daha fazla bilgi için:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
Kayıt davranışı
Davranış açıklaması:修改注册表
Daha fazla bilgi için:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Default MHTML Editor\Last
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016081820160819\CachePath
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016081820160819\CachePrefix
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016081820160819\CacheLimit
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016081820160819\CacheOptions
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016081820160819\CacheRepair
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTimeCount
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Time
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\ThreadingModel
Davranış açıklaması:删除注册表键值
Daha fazla bilgi için:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Davranış açıklaması:删除注册表键
Daha fazla bilgi için:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016061420160615\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\
\REGISTRY\USER\S-*_CLASSES\JavaPlugin.1000\CLSID\
\REGISTRY\USER\S-*_CLASSES\JavaPlugin.1000\
Diğer davranış
Davranış açıklaması:创建互斥体
Daha fazla bilgi için:Local\!PrivacIE!SharedMemory!Mutex
SmartScreen_UrsCacheMutex_2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2High_S-*
Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012016081820160819!
RasPbFile
Davranış açıklaması:创建事件对象
Daha fazla bilgi için:EventName = Global\crypt32LogoffEvent
EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = Local\c70_35e
Davranış açıklaması:查找指定窗口
Daha fazla bilgi için:NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
Davranış açıklaması:打开事件
Daha fazla bilgi için:Global\crypt32LogoffEvent
Isolation Signal Registry Event (A979CC25-6535-11E6-91BE-7B****28, 0)
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
MSFT.VSA.COM.DISABLE.3184
MSFT.VSA.IEC.STATUS.6c736db0
Davranış açıklaması:窗口信息
Daha fazla bilgi için:Pid = 3140, Hwnd=0x10034c, Text = 导航栏, ClassName = WorkerW.
Pid = 3140, Hwnd=0x703ac, Text = 地址组合控制, ClassName = ToolbarWindow32.
Pid = 3140, Hwnd=0x10032e, Text = 页面控制, ClassName = ToolbarWindow32.
Pid = 3140, Hwnd=0x160324, Text = 搜索..., ClassName = Edit.
Pid = 3140, Hwnd=0x100354, Text = 搜索组合控制, ClassName = ToolbarWindow32.
Pid = 3140, Hwnd=0x4038c, Text = 搜索控制, ClassName = ToolbarWindow32.
Pid = 3140, Hwnd=0x110306, Text = 命令栏, ClassName = ToolbarWindow32.
Pid = 3140, Hwnd=0x703c4, Text = 收藏夹命令栏, ClassName = ToolbarWindow32.
Pid = 3140, Hwnd=0xa0368, Text = LinksBand, ClassName = LinksBandClass.
Pid = 3140, Hwnd=0x100334, Text = 收藏夹栏, ClassName = ToolbarWindow32.
Pid = 3140, Hwnd=0xb0370, Text = 添加到收藏夹栏, ClassName = ToolbarWindow32.
Pid = 3140, Hwnd=0x1802fe, Text = Windows Internet Explorer, ClassName = IEFrame.
Pid = 3140, Hwnd=0xe02aa, Text = 123456, ClassName = Edit.
Pid = 3184, Hwnd=0x120350, Text = ITBarHost, ClassName = InternetToolbarHost.
Pid = 3184, Hwnd=0xb035a, Text = 菜单栏, ClassName = WorkerW.
Davranış açıklaması:隐藏指定窗口
Daha fazla bilgi için:[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [,Internet Explorer_Server]
Davranış açıklaması:打开互斥体
Daha fazla bilgi için:CtfmonInstMutexDefaultS-*
_!SHMSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012016081820160819!
Local\c:!documents and settings!administrator!local settings!application data!microsoft!feeds cache!
RasPbFile
Ekran görüntüsünü çalıştır
VirSCAN

VirSCAN Hakkında | Gizlilik Sözleşmesi | İletişim | Dostu bağlantı | VirSCAN'e Yardım Edin
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号