VirSCAN VirSCAN

1, 你可以上传任何文件,但是文件的尺寸不能超过20兆。
2, 我们支持RAR或ZIP格式的自动解压缩,但压缩文件中不能包含超过20个文件。
3, 我们可以识别并检测密码为 'infected' 或 'virus' 的压缩文件包。

选择语言
服务器负载
Server Load

文件信息
安全评分:50
行为列表
基本信息
MD5:b3f709e37621306c45451da5744faafe
文件类型:EXE
出品公司:QQ:67895212
版本:1.0.0.1---1.0.0.1
壳或编译器信息:PACKER:UPolyX v0.5
子文件信息:upx30_37ebb5ebdumpFile / c38537b5ed850b04e2835a7d1d761ff3 / EXE
关键行为
行为描述:直接获取CPU时钟
详细信息:EAX = 0x3368b89d, EDX = 0x000000b6
EAX = 0x3368b8e9, EDX = 0x000000b6
EAX = 0x3368b935, EDX = 0x000000b6
EAX = 0x3368b981, EDX = 0x000000b6
EAX = 0x3368b9cd, EDX = 0x000000b6
EAX = 0x3368ba19, EDX = 0x000000b6
EAX = 0x3368ba65, EDX = 0x000000b6
EAX = 0x3368bab1, EDX = 0x000000b6
EAX = 0x3368bafd, EDX = 0x000000b6
EAX = 0x3368bb49, EDX = 0x000000b6
行为描述:获取窗口截图信息
详细信息:Foreground window Info: HWND = 0x00010356, DC = 0x04010618.
Foreground window Info: HWND = 0x00010344, DC = 0x04010618.
Foreground window Info: HWND = 0x00010356, DC = 0x01010055.
Foreground window Info: HWND = 0x00010344, DC = 0x01010055.
注册表行为
行为描述:修改注册表
详细信息:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x32(BGR 0)
其他行为
行为描述:创建互斥体
详细信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.EDK
行为描述:创建事件对象
详细信息:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.EDK.IC
EventName = MSCTF.SendReceiveConection.Event.EDK.IC
行为描述:打开互斥体
详细信息:ShimCacheMutex
行为描述:查找指定窗口
详细信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述:打开事件
详细信息:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
行为描述:窗口信息
详细信息:Pid = 2608, Hwnd=0x10356, Text = 提示信息, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2608, Hwnd=0x1034e, Text = 开始测试, ClassName = Button.
Pid = 2608, Hwnd=0x1034c, Text = 隐藏窗口, ClassName = Button.
Pid = 2608, Hwnd=0x10346, Text = 清空列表, ClassName = Button.
Pid = 2608, Hwnd=0x10344, Text = 隐藏窗口, ClassName = Button.
Pid = 2608, Hwnd=0x10342, Text = 测试工具, ClassName = WTWindow.
行为描述:获取窗口截图信息
详细信息:Foreground window Info: HWND = 0x00010356, DC = 0x04010618.
Foreground window Info: HWND = 0x00010344, DC = 0x04010618.
Foreground window Info: HWND = 0x00010356, DC = 0x01010055.
Foreground window Info: HWND = 0x00010344, DC = 0x01010055.
行为描述:直接获取CPU时钟
详细信息:EAX = 0x3368b89d, EDX = 0x000000b6
EAX = 0x3368b8e9, EDX = 0x000000b6
EAX = 0x3368b935, EDX = 0x000000b6
EAX = 0x3368b981, EDX = 0x000000b6
EAX = 0x3368b9cd, EDX = 0x000000b6
EAX = 0x3368ba19, EDX = 0x000000b6
EAX = 0x3368ba65, EDX = 0x000000b6
EAX = 0x3368bab1, EDX = 0x000000b6
EAX = 0x3368bafd, EDX = 0x000000b6
EAX = 0x3368bb49, EDX = 0x000000b6
运行截图
VirSCAN

关于VirSCAN | 免责声明 | 联系我们 | 友情链接 | 帮助我们
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号