VirSCAN VirSCAN

1, 你可以上传任何文件,但是文件的尺寸不能超过20兆。
2, 我们支持RAR或ZIP格式的自动解压缩,但压缩文件中不能包含超过20个文件。
3, 我们可以识别并检测密码为 'infected' 或 'virus' 的压缩文件包。
4, 如果您的浏览器无法上传文件,请下载Virscan Uploader进行上传。

选择语言
服务器负载
Server Load

VirSCAN
VirSCAN

1, 你可以上传任何文件,但是文件的尺寸不能超过20兆。
2, 我们支持RAR或ZIP格式的自动解压缩,但压缩文件中不能包含超过20个文件。
3, 我们可以识别并检测密码为 'infected' 或 'virus' 的压缩文件包。

   文件信息

virscan.org多引擎扫描报告
行为分析报告:         哈勃文件分析

基本信息

MD5:a97b0c8a70f19347b0c675c91edebdc5
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:
最低运行环境:
版权:

进程行为

行为描述: 创建本地线程
详细信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\1458230299.315472.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\1458230299.315791.exe
行为描述: 进程退出
详细信息: N/A
行为描述: 枚举进程
详细信息: N/A

文件行为

行为描述: 创建文件
详细信息: C:\Documents and Settings\Administrator\Local Settings\Temp\nsw4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\nsisos.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\UserInfo.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\Processes.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\ioSpecial.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\modern-wizard.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\modern-header.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\InstallOptions.dll
C:\WINDOWS\wininit.ini
行为描述: 修改文件内容
详细信息: C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\nsisos.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\System.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\UserInfo.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\Processes.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\Processes.dll ---> Offset = 27678
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\ioSpecial.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\ioSpecial.ini ---> Offset = 36
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\modern-wizard.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\modern-wizard.bmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\modern-wizard.bmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\modern-wizard.bmp ---> Offset = 98304
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\modern-wizard.bmp ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\ioSpecial.ini ---> Offset = 124
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\modern-header.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\ioSpecial.ini ---> Offset = 33
行为描述: 创建可执行文件
详细信息: C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\nsisos.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\UserInfo.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\Processes.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\InstallOptions.dll
行为描述: 删除文件
详细信息: C:\Documents and Settings\Administrator\Local Settings\Temp\nsw4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\InstallOptions.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\ioSpecial.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\modern-header.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\modern-wizard.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\nsisos.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\Processes.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\UserInfo.dll
行为描述: 查找文件
详细信息: FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsr5.tmp
FileName = C:\Program Files\Jawbone\JawboneUpdater.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsr5.tmp\*.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsr5.tmp\InstallOptions.dll.AmBackup5
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsr5.tmp\nsisos.dll.AmBackup1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsr5.tmp\Processes.dll.AmBackup4

注册表行为

行为描述: 修改注册表
详细信息: \REGISTRY\MACHINE\SOFTWARE\Jawbone\InstallerLanguage
行为描述: 修改注册表_延迟重命名项
详细信息: \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations

其他行为

行为描述: 创建互斥体
详细信息: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Jawbone Updater
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EMM
行为描述: 创建事件对象
详细信息: EventName = MSCTF.SendReceiveConection.Event.EMM.IC
EventName = MSCTF.SendReceive.Event.EMM.IC
行为描述: 查找指定窗口
详细信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述: 获取系统权限
详细信息: SE_LOAD_DRIVER_PRIVILEGE
行为描述: 窗口信息
详细信息: Pid = 3264, Hwnd=0x202cc, Text = &Next >, ClassName = Button.
Pid = 3264, Hwnd=0x202b4, Text = Cancel, ClassName = Button.
Pid = 3264, Hwnd=0x202d6, Text = Nullsoft Install System v2.46 , ClassName = Static.
Pid = 3264, Hwnd=0x202d8, Text = Nullsoft Install System v2.46, ClassName = Static.
Pid = 3264, Hwnd=0x202b0, Text = Welcome to the Jawbone Updater Setup Wizard, ClassName = Static.
Pid = 3264, Hwnd=0x202ae, Text = This wizard will guide you through the installation of Jawbone Updater. Click Next to continue., ClassName = Static.
Pid = 3264, Hwnd=0x202a4, Text = Jawbone Updater Setup, ClassName = #32770.
Pid = 3264, Hwnd=0x202a8, Text = < &Back, ClassName = Button.
Pid = 3264, Hwnd=0x202cc, Text = I &Agree, ClassName = Button.
Pid = 3264, Hwnd=0x202c4, Text = License Agreement, ClassName = Static.
Pid = 3264, Hwnd=0x202c8, Text = Please review the license terms before installing Jawbone Updater., ClassName = Static.
Pid = 3264, Hwnd=0x302ae, Text = Press Page Down to see the rest of the agreement., ClassName = Static.
Pid = 3264, Hwnd=0x402b8, Text = If you accept the terms of the agreement, click I Agree to continue. You must accept the agreement to install Jawbone Updater., ClassName = Static.
行为描述: 可执行文件签名信息
详细信息: C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\nsisos.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\System.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\UserInfo.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\Processes.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\InstallOptions.dll(签名验证: 未通过)
行为描述: 隐藏指定窗口
详细信息: [Window,Class] = [,Button]
[Window,Class] = [Nullsoft Install System v2.46,Static]
[Window,Class] = [Nullsoft Install System v2.46 ,Static]
[Window,Class] = [,Static]
行为描述: 可执行文件MD5
详细信息: C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\nsisos.dll ---> 69806691d649ef1c8703fd9e29231d44
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\System.dll ---> c17103ae9072a06da581dec998343fc1
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\UserInfo.dll ---> 7579ade7ae1747a31960a228ce02e666
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\Processes.dll ---> f3948f1afb94ff45aa52bb4a85e49dcd
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp\InstallOptions.dll ---> 325b008aec81e5aaa57096f05d4212b5
行为描述: 加载新释放的文件
详细信息: Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsr5.tmp\nsisos.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsr5.tmp\System.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsr5.tmp\UserInfo.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsr5.tmp\Processes.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsr5.tmp\InstallOptions.dll.