VirSCAN VirSCAN

1, 您可以上傳任何檔案,但是檔案大小不能超過20MB。
2, 我們支援RAR或ZIP壓縮檔案格式的自動解壓縮,但壓縮檔案中不能夾帶超過20個檔案。
3, 我們可以辨識並檢測密碼為 'infected' 或 'virus' 的壓縮檔案。
4, 如果您的瀏覽器無法上傳文件,請下載Virscan Uploader進行上傳。

選擇語言
伺服器負載程度
Server Load

VirSCAN
VirSCAN

1, 您可以上傳任何檔案,但是檔案大小不能超過20MB。
2, 我們支援RAR或ZIP壓縮檔案格式的自動解壓縮,但壓縮檔案中不能夾帶超過20個檔案。
3, 我們可以辨識並檢測密碼為 'infected' 或 'virus' 的壓縮檔案。

   文件信息

virscan.org多引擎掃描報告
行為分析報告:         哈勃文件分析

基本信息

MD5:5fdc9e9d6f80a652a6a60815a5365ad9
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:
最低運行環境:
版權:

關鍵行為

行為描述: 屏蔽窗口关闭消息
詳細信息: hWnd = 0x00050340, Text = Easy Context Menu v1.6, ClassName = EcMenu_v1.6.
行為描述: 设置消息钩子
詳細信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\EcMenu_v1.6\EcMenu.exe
行為描述: 获取TickCount值
詳細信息: TickCount = 229900, SleepMilliseconds = 10.

進程行為

行為描述: 创建本地线程
詳細信息: TargetProcess: EcMenu.exe, InheritedFromPID = 2000, ProcessID = 3068, ThreadID = 3080, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: EcMenu.exe, InheritedFromPID = 2000, ProcessID = 3068, ThreadID = 3084, StartAddress = 0044B5E7, Parameter = 01683010
TargetProcess: EcMenu.exe, InheritedFromPID = 2000, ProcessID = 3068, ThreadID = 3212, StartAddress = 4AEA7456, Parameter = 00000000
行為描述: 枚举进程
詳細信息: N/A

文件行為

行為描述: 创建文件
詳細信息: C:\Documents and Settings\Administrator\Local Settings\Temp\aut6.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\krgnxod
行為描述: 覆盖已有文件
詳細信息: C:\Documents and Settings\Administrator\Local Settings\Temp\aut6.tmp
行為描述: 删除文件
詳細信息: C:\Documents and Settings\Administrator\Local Settings\Temp\aut6.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\krgnxod
行為描述: 修改文件内容
詳細信息: C:\Documents and Settings\Administrator\Local Settings\Temp\aut6.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\aut6.tmp ---> Offset = 24576
C:\Documents and Settings\Administrator\Local Settings\Temp\krgnxod ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\krgnxod ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\krgnxod ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\krgnxod ---> Offset = 172032
行為描述: 查找文件
詳細信息: FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\EcMenu_v1.6
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\EcMenu_v1.6\EcMenu.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\krgnxod
FileName = EcMenu.ini
FileName = Items.ini
FileName = C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe

其他行為

行為描述: 检测自身是否被调试
詳細信息: IsDebuggerPresent
行為描述: 创建互斥体
詳細信息: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.AAM
行為描述: 创建事件对象
詳細信息: EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.AAM.IC
EventName = MSCTF.SendReceiveConection.Event.AAM.IC
行為描述: 窗口信息
詳細信息: Pid = 3068, Hwnd=0x10342, Text = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\EcMenu_v1.6\EcMenu.exe, ClassName = Static.
Pid = 3068, Hwnd=0x10344, Text = Easy Context Menu v1.6 - Author by BlueLife, ClassName = Static.
Pid = 3068, Hwnd=0x50340, Text = Easy Context Menu v1.6, ClassName = EcMenu_v1.6.
行為描述: 查找指定窗口
詳細信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行為描述: 打开事件
詳細信息: HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
Global\SvcctrlStartEvent_A3752DX
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
行為描述: 获取TickCount值
詳細信息: TickCount = 229900, SleepMilliseconds = 10.
行為描述: 调整进程token权限
詳細信息: SE_LOAD_DRIVER_PRIVILEGE
行為描述: 屏蔽窗口关闭消息
詳細信息: hWnd = 0x00050340, Text = Easy Context Menu v1.6, ClassName = EcMenu_v1.6.
行為描述: 枚举窗口
詳細信息: N/A
行為描述: 调用Sleep函数
詳細信息: [1]: MilliSeconds = 10.
[2]: MilliSeconds = 10.
[3]: MilliSeconds = 10.
[4]: MilliSeconds = 10.
[5]: MilliSeconds = 10.
[6]: MilliSeconds = 10.
[7]: MilliSeconds = 10.
[8]: MilliSeconds = 10.
[9]: MilliSeconds = 10.
[10]: MilliSeconds = 10.
行為描述: 隐藏指定窗口
詳細信息: [Window,Class] = [AutoIt v3,AutoIt v3]
行為描述: 获取光标位置
詳細信息: CursorPos = (80,18468), SleepMilliseconds = 10.
CursorPos = (6373,26501), SleepMilliseconds = 10.
CursorPos = (19208,15725), SleepMilliseconds = 10.
CursorPos = (11517,29359), SleepMilliseconds = 10.
CursorPos = (27001,24465), SleepMilliseconds = 10.
CursorPos = (5744,28146), SleepMilliseconds = 10.
CursorPos = (23320,16828), SleepMilliseconds = 10.
CursorPos = (10000,492), SleepMilliseconds = 10.
CursorPos = (3034,11943), SleepMilliseconds = 10.
CursorPos = (4866,5437), SleepMilliseconds = 10.
CursorPos = (32430,14605), SleepMilliseconds = 10.
CursorPos = (3941,154), SleepMilliseconds = 10.
CursorPos = (331,12383), SleepMilliseconds = 10.
CursorPos = (17460,18717), SleepMilliseconds = 10.
CursorPos = (19757,19896), SleepMilliseconds = 10.
行為描述: 打开互斥体
詳細信息: ShimCacheMutex