VirSCAN VirSCAN

1, Ви можете надсилати файли для перевірки розміром не більше 20 мб.
2, VirSCAN перевіряє Rar/Zip файли, але не більше 20-ти файлів.
3, VirSCAN може перевіряти заархівовані файли з наступними паролями 'infected' або 'virus'.

Мова
Завантаження сервера
Server Load

Інформація про файл
Рейтинг безпеки:84
Список поведінки
Основна інформація
MD5:3e30b12a3a9bbf45d60669dcaa5baef0
Тип файлу:Autoit
Виробнича компанія:
Версія:1.0.0.0---1.0.0.0
Інформація оболонки або компілятора:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [Overlay]
Інформація про субфайл:upx_c_d7c73347dumpFile / d29e070d2e15ad2edfd669ba42391fe6 / EXE
AutoItScript / 208be9e8df16e81efb6e31b1c7584225 / Unknown
usb_stat_pro.jpg / 06a5fe2867103445268230f266843c9a / Unknown
usb_stat_dis.jpg / c33e35a8cadb70ace2e842d0688621a3 / Unknown
usb_stat_en.jpg / e70673396bd80d6ce35680f30f18e6d7 / Unknown
titlepic.jpg / f674affd4d81c1b24a43d5185af277aa / Unknown
protect_hover.jpg / 0c2520b642b7b36cecad196698b2d33d / Unknown
protect.jpg / 587b052210e95ce24e15a0bebd7fd683 / Unknown
protect_faded.jpg / 2fb7b3411158b48652e2b6849b84af3a / Unknown
disable_hover.jpg / 473db50252460de8eb03eecb0857a0f0 / Unknown
disable.jpg / 8f225b3205ee19e1324920baf69d2861 / Unknown
2b.jpg / 4d46771fba094be8966f9e041644fc9f / Unknown
enable.jpg / 9150c87dd603fc42be2cd04293213555 / Unknown
enable_hover.jpg / aa58da97a62b1173c4787a97426eaa25 / Unknown
2a.jpg / cdc980d1e3d81d89518bef86ee644423 / Unknown
exit.jpg / 129b35c5153f79cba23c9b4f6e0bcf74 / Unknown
exit_hover.jpg / 46cc6bd16a8745c8c2d7ee5a29ae6f19 / Unknown
1a.jpg / c5e1cbe5eafba93e4415c631360646d0 / Unknown
1b.jpg / 716c4575b649a8e9af3f1eabeba7fc7c / Unknown
Ключова поведінка
Опис поведінки:获取TickCount值
Подробиці:TickCount = 229135, SleepMilliseconds = 10.
TickCount = 230400, SleepMilliseconds = 10.
TickCount = 230416, SleepMilliseconds = 10.
TickCount = 243260, SleepMilliseconds = 10.
Процес поведінки
Опис поведінки:创建本地线程
Подробиці:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2848, ThreadID = 2884, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2848, ThreadID = 2912, StartAddress = 0044B5E7, Parameter = 01693010
Поведінка файлів
Опис поведінки:创建文件
Подробиці:C:\Documents and Settings\Administrator\Local Settings\Temp\aut7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\AKS1
C:\Documents and Settings\Administrator\Local Settings\Temp\aut8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\AKS2
C:\Documents and Settings\Administrator\Local Settings\Temp\aut9.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\AKS3
C:\Documents and Settings\Administrator\Local Settings\Temp\autA.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\AKS4
C:\Documents and Settings\Administrator\Local Settings\Temp\autB.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\AKS5
C:\Documents and Settings\Administrator\Local Settings\Temp\autC.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\AKS6
C:\Documents and Settings\Administrator\Local Settings\Temp\autD.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\AKS7
C:\Documents and Settings\Administrator\Local Settings\Temp\autE.tmp
Опис поведінки:覆盖已有文件
Подробиці:C:\Documents and Settings\Administrator\Local Settings\Temp\aut7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut9.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\autA.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\autB.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\autC.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\autD.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\autE.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\autF.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut10.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut11.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut12.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut13.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut14.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut15.tmp
Опис поведінки:删除文件
Подробиці:C:\Documents and Settings\Administrator\Local Settings\Temp\aut7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut9.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\autA.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\autB.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\autC.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\autD.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\autE.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\autF.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut10.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut11.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut12.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut13.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut14.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut15.tmp
Опис поведінки:修改文件内容
Подробиці:C:\Documents and Settings\Administrator\Local Settings\Temp\aut7.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\aut7.tmp ---> Offset = 4096
C:\Documents and Settings\Administrator\Local Settings\Temp\AKS1 ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\AKS1 ---> Offset = 12288
C:\Documents and Settings\Administrator\Local Settings\Temp\aut8.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\aut8.tmp ---> Offset = 4096
C:\Documents and Settings\Administrator\Local Settings\Temp\AKS2 ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\AKS2 ---> Offset = 12288
C:\Documents and Settings\Administrator\Local Settings\Temp\aut9.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\aut9.tmp ---> Offset = 4096
C:\Documents and Settings\Administrator\Local Settings\Temp\AKS3 ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\AKS3 ---> Offset = 12288
C:\Documents and Settings\Administrator\Local Settings\Temp\autA.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\autA.tmp ---> Offset = 4096
C:\Documents and Settings\Administrator\Local Settings\Temp\AKS4 ---> Offset = 0
Опис поведінки:查找文件
Подробиці:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AKS1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AKS2
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AKS3
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AKS4
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AKS5
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AKS6
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AKS7
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AKS8
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AKS9
Інша поведінка
Опис поведінки:检测自身是否被调试
Подробиці:IsDebuggerPresent
Опис поведінки:创建互斥体
Подробиці:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.ECL
Опис поведінки:创建事件对象
Подробиці:EventName = Global\userenv: User Profile setup event
EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.ECL.IC
EventName = MSCTF.SendReceiveConection.Event.ECL.IC
Опис поведінки:打开事件
Подробиці:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Опис поведінки:查找指定窗口
Подробиці:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Опис поведінки:窗口信息
Подробиці:Pid = 2848, Hwnd=0x1033c, Text = USB SHUTTER 1.0, ClassName = AutoIt v3 GUI.
Опис поведінки:获取TickCount值
Подробиці:TickCount = 229135, SleepMilliseconds = 10.
TickCount = 230400, SleepMilliseconds = 10.
TickCount = 230416, SleepMilliseconds = 10.
TickCount = 243260, SleepMilliseconds = 10.
Опис поведінки:调整进程token权限
Подробиці:SE_LOAD_DRIVER_PRIVILEGE
Опис поведінки:枚举窗口
Подробиці:N/A
Опис поведінки:调用Sleep函数
Подробиці:[1]: MilliSeconds = 0.
[2]: MilliSeconds = 0.
[3]: MilliSeconds = 0.
[4]: MilliSeconds = 0.
[5]: MilliSeconds = 0.
[6]: MilliSeconds = 0.
[7]: MilliSeconds = 0.
[8]: MilliSeconds = 0.
[9]: MilliSeconds = 0.
[10]: MilliSeconds = 0.
Опис поведінки:隐藏指定窗口
Подробиці:[Window,Class] = [AutoIt v3,AutoIt v3]
Опис поведінки:获取光标位置
Подробиці:CursorPos = (80,18468), SleepMilliseconds = 10.
CursorPos = (6373,26501), SleepMilliseconds = 10.
CursorPos = (19208,15725), SleepMilliseconds = 10.
CursorPos = (11517,29359), SleepMilliseconds = 10.
CursorPos = (27001,24465), SleepMilliseconds = 10.
CursorPos = (5744,28146), SleepMilliseconds = 10.
CursorPos = (23320,16828), SleepMilliseconds = 10.
CursorPos = (10000,492), SleepMilliseconds = 10.
CursorPos = (3034,11943), SleepMilliseconds = 10.
CursorPos = (4866,5437), SleepMilliseconds = 10.
CursorPos = (32430,14605), SleepMilliseconds = 10.
CursorPos = (3941,154), SleepMilliseconds = 10.
CursorPos = (331,12383), SleepMilliseconds = 10.
CursorPos = (17460,18717), SleepMilliseconds = 10.
CursorPos = (19757,19896), SleepMilliseconds = 10.
Опис поведінки:打开互斥体
Подробиці:ShimCacheMutex
Запустити знімок екрана
VirSCAN

Інформація про VirSCAN | Privacy policy | Зворотній зв'язок | Дружня посилання | Співпраця з VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号