1, 你可以上传任何文件,但是文件的尺寸不能超过20兆。
2, 我们支持RAR或ZIP格式的自动解压缩,但压缩文件中不能包含超过20个文件。
3, 我们可以识别并检测密码为 'infected' 或 'virus' 的压缩文件包。
4, 如果您的浏览器无法上传文件,请下载Virscan Uploader进行上传。
选择语言
服务器负载
1, 你可以上传任何文件,但是文件的尺寸不能超过20兆。
2, 我们支持RAR或ZIP格式的自动解压缩,但压缩文件中不能包含超过20个文件。
3, 我们可以识别并检测密码为 'infected' 或 'virus' 的压缩文件包。
4, 如果您的浏览器无法上传文件,请下载Virscan Uploader进行上传。
| virscan.org多引擎扫描报告 |
| 行为分析报告: 哈勃文件分析 |
| MD5:3480e8a8ec1c98089223ef7b0c4a4cbd |
| 文件大小:5.58MB |
| 上传时间: 2014-09-22 10:36:30 (CST) |
| 包名: |
| 最低运行环境: |
| 版权: |
| 行为描述: | 探测 Virtual PC是否存在 |
| 详细信息: | N/A |
| 行为描述: | 直接获取CPU时钟 |
| 详细信息: | EAX = 0x4a285889, EDX = 0x000000b7 |
| EAX = 0x4a2858d5, EDX = 0x000000b7 | |
| EAX = 0x4a285921, EDX = 0x000000b7 | |
| EAX = 0x4a28596d, EDX = 0x000000b7 | |
| EAX = 0x549df693, EDX = 0x000000b7 | |
| EAX = 0x549df6df, EDX = 0x000000b7 | |
| EAX = 0x549df72b, EDX = 0x000000b7 | |
| EAX = 0x549df777, EDX = 0x000000b7 | |
| EAX = 0x549df7c3, EDX = 0x000000b7 | |
| EAX = 0x549df80f, EDX = 0x000000b7 | |
| 行为描述: | 尝试打开调试器或监控软件的驱动设备对象 |
| 详细信息: | \??\NTICE |
| 行为描述: | 获取TickCount值 |
| 详细信息: | TickCount = 228271, SleepMilliseconds = 100. |
| TickCount = 288218, SleepMilliseconds = 60000. | |
| TickCount = 288234, SleepMilliseconds = 60000. | |
| TickCount = 288828, SleepMilliseconds = 60000. | |
| TickCount = 290562, SleepMilliseconds = 60000. | |
| TickCount = 290593, SleepMilliseconds = 60000. | |
| TickCount = 290609, SleepMilliseconds = 60000. | |
| TickCount = 290625, SleepMilliseconds = 60000. | |
| TickCount = 291640, SleepMilliseconds = 60000. | |
| TickCount = 291671, SleepMilliseconds = 60000. | |
| TickCount = 291703, SleepMilliseconds = 60000. | |
| TickCount = 291750, SleepMilliseconds = 60000. | |
| TickCount = 291765, SleepMilliseconds = 60000. | |
| TickCount = 291796, SleepMilliseconds = 60000. | |
| TickCount = 292750, SleepMilliseconds = 60000. | |
| 行为描述: | 直接调用系统关键API |
| 详细信息: | Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x0090DE8C |
| Index = 0x0000009B, Name: NtQueryInformationThread, Instruction Address = 0x008A86FC | |
| Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x008DCC3D | |
| 行为描述: | 查找反病毒常用工具窗口 |
| 详细信息: | NtUserFindWindowEx: [Class,Window] = [Regmonclass,] |
| NtUserFindWindowEx: [Class,Window] = [Filemonclass,] | |
| 行为描述: | VMWare特殊指令检测虚拟机 |
| 详细信息: | N/A |
| 行为描述: | 创建本地线程 |
| 详细信息: | TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2748, ThreadID = 2784, StartAddress = 77DC845A, Parameter = 00000000 |
| TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2748, ThreadID = 2892, StartAddress = 0086F8DD, Parameter = 0019CA10 | |
| TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2748, ThreadID = 2896, StartAddress = 0086F8DD, Parameter = 0019CA20 | |
| TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2748, ThreadID = 2900, StartAddress = 0086F8DD, Parameter = 0019CA10 | |
| TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2748, ThreadID = 2904, StartAddress = 0086F8DD, Parameter = 0019CA10 | |
| TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2748, ThreadID = 2908, StartAddress = 0086F8DD, Parameter = 0019CA10 | |
| TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2748, ThreadID = 2912, StartAddress = 0086F8DD, Parameter = 0019CA10 | |
| TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2748, ThreadID = 2940, StartAddress = 77E56C7D, Parameter = 0025BBC0 | |
| TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2748, ThreadID = 2944, StartAddress = 769AE43B, Parameter = 0025E480 | |
| TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2748, ThreadID = 3068, StartAddress = 719CD33A, Parameter = 00287998 |
| 行为描述: | 连接指定站点 |
| 详细信息: | WinHttpConnect: ServerName = ww****hk, PORT = 80, UserName = , Password = , hSession = 0x03345000, hConnect = 0x03345100, Flags = 0x00000000 |
| 行为描述: | 建立到一个指定的套接字连接 |
| 详细信息: | URL: ww****hk, IP: **.133.40.**:80, SOCKET = 0x00000278 |
| 行为描述: | 发送HTTP包 |
| 详细信息: | HEAD / HTTP/1.1 User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: text/html, application/xhtml+xml, */* Accept-Encoding: gbk, GB2312 Accept-Language: zh-cn Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Host: ww****hk Connection: Keep-Alive � |
| 行为描述: | 打开HTTP请求 |
| 详细信息: | WinHttpOpenRequest: ww****hk:80/, hConnect = 0x03345100, hRequest = 0x03370000, Verb: HEAD, Referer: , Flags = 0x00000000 |
| 行为描述: | 按名称获取主机地址 |
| 详细信息: | GetAddrInfoW: ww****hk |
| 行为描述: | 删除注册表键 |
| 详细信息: | \REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\ |
| 行为描述: | 删除注册表键值 |
| 详细信息: | \REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\DWFileTreeRoot |
| 行为描述: | 直接调用系统关键API |
| 详细信息: | Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x0090DE8C |
| Index = 0x0000009B, Name: NtQueryInformationThread, Instruction Address = 0x008A86FC | |
| Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x008DCC3D | |
| 行为描述: | 探测 Virtual PC是否存在 |
| 详细信息: | N/A |
| 行为描述: | 创建互斥体 |
| 详细信息: | RasPbFile |
| CTF.LBES.MutexDefaultS-* | |
| CTF.Compart.MutexDefaultS-* | |
| CTF.Asm.MutexDefaultS-* | |
| CTF.Layouts.MutexDefaultS-* | |
| CTF.TMD.MutexDefaultS-* | |
| CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-* | |
| 行为描述: | 创建事件对象 |
| 详细信息: | EventName = DINPUTWINMM |
| EventName = Global\userenv: User Profile setup event | |
| 行为描述: | 打开互斥体 |
| 详细信息: | RasPbFile |
| ShimCacheMutex | |
| 行为描述: | 查找指定窗口 |
| 详细信息: | NtUserFindWindowEx: [Class,Window] = [4823-00000029,] |
| NtUserFindWindowEx: [Class,Window] = [18467-41,] | |
| 行为描述: | 尝试打开调试器或监控软件的驱动设备对象 |
| 详细信息: | \??\NTICE |
| 行为描述: | 获取TickCount值 |
| 详细信息: | TickCount = 228271, SleepMilliseconds = 100. |
| TickCount = 288218, SleepMilliseconds = 60000. | |
| TickCount = 288234, SleepMilliseconds = 60000. | |
| TickCount = 288828, SleepMilliseconds = 60000. | |
| TickCount = 290562, SleepMilliseconds = 60000. | |
| TickCount = 290593, SleepMilliseconds = 60000. | |
| TickCount = 290609, SleepMilliseconds = 60000. | |
| TickCount = 290625, SleepMilliseconds = 60000. | |
| TickCount = 291640, SleepMilliseconds = 60000. | |
| TickCount = 291671, SleepMilliseconds = 60000. | |
| TickCount = 291703, SleepMilliseconds = 60000. | |
| TickCount = 291750, SleepMilliseconds = 60000. | |
| TickCount = 291765, SleepMilliseconds = 60000. | |
| TickCount = 291796, SleepMilliseconds = 60000. | |
| TickCount = 292750, SleepMilliseconds = 60000. | |
| 行为描述: | 打开事件 |
| 详细信息: | HookSwitchHookEnabledEvent |
| MSFT.VSA.COM.DISABLE.2748 | |
| MSFT.VSA.IEC.STATUS.6c736db0 | |
| 行为描述: | 调用Sleep函数 |
| 详细信息: | [1]: MilliSeconds = 100. |
| [2]: MilliSeconds = 60000. | |
| 行为描述: | 隐藏指定窗口 |
| 详细信息: | [Window,Class] = [,ComboLBox] |
| 行为描述: | 直接获取CPU时钟 |
| 详细信息: | EAX = 0x4a285889, EDX = 0x000000b7 |
| EAX = 0x4a2858d5, EDX = 0x000000b7 | |
| EAX = 0x4a285921, EDX = 0x000000b7 | |
| EAX = 0x4a28596d, EDX = 0x000000b7 | |
| EAX = 0x549df693, EDX = 0x000000b7 | |
| EAX = 0x549df6df, EDX = 0x000000b7 | |
| EAX = 0x549df72b, EDX = 0x000000b7 | |
| EAX = 0x549df777, EDX = 0x000000b7 | |
| EAX = 0x549df7c3, EDX = 0x000000b7 | |
| EAX = 0x549df80f, EDX = 0x000000b7 | |
| 行为描述: | 查找反病毒常用工具窗口 |
| 详细信息: | NtUserFindWindowEx: [Class,Window] = [Regmonclass,] |
| NtUserFindWindowEx: [Class,Window] = [Filemonclass,] | |
| 行为描述: | VMWare特殊指令检测虚拟机 |
| 详细信息: | N/A |
首页
