VirSCAN VirSCAN

1, Ви можете надсилати файли для перевірки розміром не більше 20 мб.
2, VirSCAN перевіряє Rar/Zip файли, але не більше 20-ти файлів.
3, VirSCAN може перевіряти заархівовані файли з наступними паролями 'infected' або 'virus'.

Мова
Завантаження сервера
Server Load

Інформація про файл
Рейтинг безпеки:76
Список поведінки
Основна інформація
MD5:dd7750cdba6d66abb6b64561d09f9558
Тип файлу:网页文件
Виробнича компанія:
Версія:
Інформація оболонки або компілятора:
Ключова поведінка
Опис поведінки:设置特殊文件夹属性
Подробиці:C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016081820160819
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
Процес поведінки
Опис поведінки:创建本地线程
Подробиці:TargetProcess: iexplore.exe, InheritedFromPID = 1640, ProcessID = 712, ThreadID = 2284, StartAddress = 6359727B, Parameter = 00258788
TargetProcess: iexplore.exe, InheritedFromPID = 1640, ProcessID = 712, ThreadID = 2288, StartAddress = 77E56C7D, Parameter = 00272E38
TargetProcess: iexplore.exe, InheritedFromPID = 1640, ProcessID = 712, ThreadID = 2380, StartAddress = 5DE05A52, Parameter = 001BF6A8
TargetProcess: iexplore.exe, InheritedFromPID = 1640, ProcessID = 712, ThreadID = 2448, StartAddress = 6359727B, Parameter = 00279028
TargetProcess: iexplore.exe, InheritedFromPID = 1640, ProcessID = 712, ThreadID = 2452, StartAddress = 6359727B, Parameter = 002790C8
Поведінка файлів
Опис поведінки:创建文件
Подробиці:C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016081820160819\index.dat
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\dnserrordiagoff[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\noConnect[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[3]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\down[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favcenter[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[2]
Опис поведінки:覆盖已有文件
Подробиці:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\dnserrordiagoff[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\noConnect[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[3]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\down[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favcenter[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[2]
Опис поведінки:查找文件
Подробиці:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\%temp%\****.html
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\History
FileName = C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016053020160531\*.*
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\ieframe.dll
Опис поведінки:删除文件
Подробиці:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\dnserrordiagoff[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\ErrorPageTemplate[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\noConnect[3]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\down[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\favcenter[3]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[1]
Опис поведінки:设置特殊文件夹属性
Подробиці:C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016081820160819
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
Опис поведінки:修改文件内容
Подробиці:C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016081820160819\index.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\dnserrordiagoff[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\ErrorPageTemplate[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\noConnect[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[3] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\down[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favcenter[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[2] ---> Offset = 0
Поведінка мережі
Опис поведінки:打开HTTP连接
Подробиці:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
Реєстр поведінки
Опис поведінки:修改注册表
Подробиці:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Default MHTML Editor\Last
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016081820160819\CachePath
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016081820160819\CachePrefix
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016081820160819\CacheLimit
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016081820160819\CacheOptions
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016081820160819\CacheRepair
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTimeCount
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Опис поведінки:删除注册表键值
Подробиці:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Опис поведінки:删除注册表键
Подробиці:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016053020160531\
Інша поведінка
Опис поведінки:创建互斥体
Подробиці:Local\!PrivacIE!SharedMemory!Mutex
SmartScreen_UrsCacheMutex_2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2High_S-*
Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012016081820160819!
MSCTF.Shared.MUTEX.APH
RasPbFile
MSIMGSIZECacheMutex
Опис поведінки:创建事件对象
Подробиці:EventName = Global\crypt32LogoffEvent
EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
Опис поведінки:查找指定窗口
Подробиці:NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Опис поведінки:打开事件
Подробиці:Global\crypt32LogoffEvent
Isolation Signal Registry Event (AC1E28A9-653A-11E6-91C0-7B****28, 0)
MSFT.VSA.COM.DISABLE.712
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007F0.00000000.00000020
CTF.ThreadMarshalInterfaceEvent.000007F0.00000000.00000020
MSCTF.SendReceiveConection.Event.APH.IC
MSCTF.SendReceive.Event.APH.IC
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
CTF.ThreadMIConnectionEvent.000007F0.00000001.00000023
CTF.ThreadMarshalInterfaceEvent.000007F0.00000001.00000023
Опис поведінки:窗口信息
Подробиці:Pid = 1640, Hwnd=0x1101ca, Text = 导航栏, ClassName = WorkerW.
Pid = 1640, Hwnd=0xe01ae, Text = 地址组合控制, ClassName = ToolbarWindow32.
Pid = 1640, Hwnd=0x5017c, Text = 页面控制, ClassName = ToolbarWindow32.
Pid = 1640, Hwnd=0x50182, Text = 搜索..., ClassName = Edit.
Pid = 1640, Hwnd=0x70178, Text = 搜索组合控制, ClassName = ToolbarWindow32.
Pid = 1640, Hwnd=0x80166, Text = 搜索控制, ClassName = ToolbarWindow32.
Pid = 1640, Hwnd=0x50176, Text = 命令栏, ClassName = ToolbarWindow32.
Pid = 1640, Hwnd=0x10022e, Text = 收藏夹命令栏, ClassName = ToolbarWindow32.
Pid = 1640, Hwnd=0x5017a, Text = LinksBand, ClassName = LinksBandClass.
Pid = 1640, Hwnd=0x401a0, Text = 收藏夹栏, ClassName = ToolbarWindow32.
Pid = 1640, Hwnd=0xb01a6, Text = 添加到收藏夹栏, ClassName = ToolbarWindow32.
Pid = 712, Hwnd=0x701a8, Text = ITBarHost, ClassName = InternetToolbarHost.
Pid = 712, Hwnd=0x501f4, Text = 菜单栏, ClassName = WorkerW.
Pid = 712, Hwnd=0x20250, Text = 缩放级别, ClassName = ToolbarWindow32.
Pid = 1640, Hwnd=0xe01f0, Text = C:\Documents and Settings\Administrator\Local Settings\%temp%\%temp%\****.html - Windows Internet Explorer, ClassName = IEFrame.
Опис поведінки:隐藏指定窗口
Подробиці:[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
Опис поведінки:打开互斥体
Подробиці:CtfmonInstMutexDefaultS-*
_!SHMSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012016081820160819!
Local\c:!documents and settings!administrator!local settings!application data!microsoft!feeds cache!
RasPbFile
Запустити знімок екрана
VirSCAN

Інформація про VirSCAN | Privacy policy | Зворотній зв'язок | Дружня посилання | Співпраця з VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号