VirSCAN VirSCAN

1, Puteți ÎNCĂRCA orice tip de fișier, însă limita este de 20Mb per fișier.
2, VirSCAN suportă decompresie Rar/Zip, însă arhiva nu trebuie să conțină mai mult de 20 fișiere.
3, VirSCAN poate scana fișiere arhivate cu parola 'infected' sau 'virus'

Limba
Nivelul de încărcare a serverului
Server Load



Informații Fișier
Nume Fișier :com.hzj.den.apk (File not down)
Mărime Fișier :1984029 byte
Tip Fișier :application/zip
MD5:3e31ca0480f8e3005b901361eb0419c5
SHA1:12b55fbd1b6334396b208e39485675d4519e99b3
  • 扫描结果
  • 权限
  • 文件行为分析
  • Rezultatele Scanării
    Rezultatele Scanării:6%din Scanere(2/32)au găsit viruși!
    Raport de analiză a comportamentului:         Analiza fișierelor Habo
    Timp: 2018-03-30 10:59:46 (CST)
    VirSCANVirSCAN
    Scaner Versiunea Motorului Versiunea Semnăturii Data Semnăturii Rezultatele Scanării Timp
    antiy AVL SDK 2.0 1970-01-01 Nu s-a găsit nimic 5
    asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Nu s-a găsit nimic 2
    avast 170303-1 4.7.4 2017-03-03 Nu s-a găsit nimic 60
    avg 2109/15023 10.0.1405 2018-03-29 Nu s-a găsit nimic 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Nu s-a găsit nimic 6
    baidusd 1.0 1.0 2017-03-22 Nu s-a găsit nimic 2
    bitdefender 7.58879 7.90123 2015-01-16 Nu s-a găsit nimic 60
    clamav 24427 0.97.5 2018-03-28 Nu s-a găsit nimic 60
    drweb 5.0.2.3300 5.0.1.1 2018-03-29 Nu s-a găsit nimic 60
    fortinet 1.000, 57.204, 57.157, 57.061 5.4.247 2018-03-30 Nu s-a găsit nimic 60
    fprot 4.6.2.117 6.5.1.5418 2016-02-05 Nu s-a găsit nimic 60
    fsecure 2015-08-01-02 9.13 2015-08-01 Nu s-a găsit nimic 60
    gdata 25.16545 25.16545 2018-03-29 Android.Riskware.Drolock.AH 14
    ikarus 4.00.06 V1.32.31.0 2018-03-29 Nu s-a găsit nimic 60
    jiangmin 16.0.100 1.0.0.0 2017-12-22 Nu s-a găsit nimic 2
    kaspersky 5.5.33 5.5.33 2014-04-01 Nu s-a găsit nimic 60
    kingsoft 2.1 2.1 2018-03-29 Nu s-a găsit nimic 7
    mcafee 8620 5400.1158 2017-08-12 Nu s-a găsit nimic 60
    nod32 7131 3.0.21 2018-03-28 Nu s-a găsit nimic 60
    panda 9.05.01 9.05.01 2018-03-29 Nu s-a găsit nimic 4
    pcc 13.302.06 9.500-1005 2017-03-27 Nu s-a găsit nimic 60
    qh360 1.0.1 1.0.1 1.0.1 Nu s-a găsit nimic 3
    qqphone 1.0.0.0 1.0.0.0 2015-12-30 Nu s-a găsit nimic 60
    quickheal 14.00 14.00 2017-11-18 Android.Agent.GEN1478 4
    rising 3396 3396 2017-12-26 Nu s-a găsit nimic 7
    sophos 5.32 3.65.2 2016-10-10 Nu s-a găsit nimic 60
    symantec 20151230.005 1.3.0.24 2015-12-30 Nu s-a găsit nimic 60
    tachyon 9.9.9 9.9.9 2013-12-27 Nu s-a găsit nimic 7
    thehacker 6.8.0.5 6.8.0.5 2018-03-27 Nu s-a găsit nimic 10
    tws 17.47.17308 1.0.2.2108 2018-03-29 Nu s-a găsit nimic 17
    vba 3.12.29.5 beta 3.12.29.5 beta 2018-03-29 Nu s-a găsit nimic 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Nu s-a găsit nimic 60
    Heuristic/Suspicious Exact
    NOTĂ: Unele scanere ar putea da alarme false în legătură cu virușii detectați, deci ar trebui să judecați pe cont propriu.
    Copiază în Clipboard
  • 没有相关的权限信息

  • 文件信息
    安全评分 :
    基本信息
    MD5:3e31ca0480f8e3005b901361eb0419c5
    包名:
    最低运行环境:
    版权:
    关键行为
    行为描述:获取TickCount值
    详情信息:TickCount = 220441, SleepMilliseconds = 20.
    TickCount = 220457, SleepMilliseconds = 20.
    TickCount = 220473, SleepMilliseconds = 20.
    TickCount = 220551, SleepMilliseconds = 20.
    TickCount = 221988, SleepMilliseconds = 20.
    TickCount = 222098, SleepMilliseconds = 20.
    TickCount = 222113, SleepMilliseconds = 20.
    TickCount = 222129, SleepMilliseconds = 20.
    TickCount = 222160, SleepMilliseconds = 20.
    TickCount = 222176, SleepMilliseconds = 20.
    TickCount = 222207, SleepMilliseconds = 20.
    TickCount = 222285, SleepMilliseconds = 20.
    TickCount = 222473, SleepMilliseconds = 20.
    TickCount = 222488, SleepMilliseconds = 20.
    TickCount = 222770, SleepMilliseconds = 20.
    进程行为
    行为描述:创建本地线程
    详情信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3064, ThreadID = 3076, StartAddress = 00401479, Parameter = 00904CB8
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3064, ThreadID = 3080, StartAddress = 77C0A341, Parameter = 00AF0048
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3064, ThreadID = 3216, StartAddress = 77DC845A, Parameter = 00000000
    行为描述:创建新文件进程
    详情信息:[0x00000cdc]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\bdesetup.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\bdesetup.exe" /I
    [0x00000ce4]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\setup.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\setup.exe /s
    行为描述:枚举进程
    详情信息:N/A
    文件行为
    行为描述:创建文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bdesetup.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\setup.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bdesetup.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\GLC6.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\GLK7.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\GLB8.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\GLG9.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\GLFA.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0000.TMP
    C:\Documents and Settings\Administrator\Local Settings\Temp\GLFB.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0001.TMP
    C:\WINDOWS\system32\GLBSINST.%$D
    C:\Documents and Settings\Administrator\Local Settings\Temp\GLFC.tmp
    C:\Program Files\Borland\Common Files\BDE\~GLH0002.TMP
    C:\Program Files\Borland\Common Files\BDE\temp.000
    行为描述:创建可执行文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bdesetup.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\setup.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bdesetup.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\GLC6.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\GLK7.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0000.TMP
    C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0001.TMP
    C:\Program Files\Borland\Common Files\BDE\~GLH0002.TMP
    C:\Program Files\Borland\Common Files\BDE\temp.000
    C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0004.TMP
    C:\Program Files\Borland\Common Files\BDE\~GLH0006.TMP
    C:\Program Files\Borland\Common Files\BDE\~GLH0008.TMP
    C:\WINDOWS\system32\~GLH000c.TMP
    C:\Program Files\Borland\Common Files\BDE\~GLH000f.TMP
    C:\Program Files\Borland\Common Files\BDE\~GLH0015.TMP
    行为描述:覆盖已有文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\GLC6.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\GLK7.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\GLG9.tmp
    C:\Program Files\Borland\Common Files\BDE\IDAPI32.CFG
    行为描述:查找文件
    详情信息:FileName = C:\DOCUME~1
    FileName = C:\DOCUME~1\ADMINI~1
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\bdesetup.exe
    FileName = C:\Documents and Settings\ADMINI~1
    FileName = C:\Documents and Settings\Administrator\LOCALS~1
    FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
    FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000
    FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bdesetup.exe
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\setup.exe
    FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\GLFA.tmp
    FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\GLFB.tmp
    FileName = C:\Program Files
    行为描述:删除文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\GLB8.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\GLFA.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\GLFB.tmp
    C:\WINDOWS\system32\GLBSINST.%$D
    C:\Program Files\Borland\Common Files\BDE\~GLH0002.TMP
    C:\Documents and Settings\Administrator\Local Settings\Temp\GLFC.tmp
    C:\Program Files\Borland\Common Files\BDE\~GLH0006.TMP
    C:\Program Files\Borland\Common Files\BDE\~GLH0008.TMP
    C:\Program Files\Borland\Common Files\BDE\~GLH000f.TMP
    C:\Program Files\Borland\Common Files\BDE\~GLH0017.TMP
    C:\Program Files\Borland\Common Files\BDE\~GLH0019.TMP
    C:\Program Files\Borland\Common Files\BDE\~GLH001b.TMP
    C:\Program Files\Borland\Common Files\BDE\~GLH001d.TMP
    C:\Program Files\Borland\Common Files\BDE\~GLH001f.TMP
    C:\Program Files\Borland\Common Files\BDE\~GLH0021.TMP
    行为描述:重命名文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0000.TMP ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLFA.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0001.TMP ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLFB.tmp
    C:\Program Files\Borland\Common Files\BDE\temp.000 ---> C:\PROGRA~1\Borland\COMMON~1\BDE\~GLH0003.TMP
    C:\Program Files\Borland\Common Files\BDE\~GLH0003.TMP ---> C:\PROGRA~1\Borland\COMMON~1\BDE\IDR20009.DLL
    C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0004.TMP ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IDAPINST.DLL
    C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0005.TMP ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLFC.tmp
    C:\Program Files\Borland\Common Files\BDE\temp.000 ---> C:\PROGRA~1\Borland\COMMON~1\BDE\~GLH0007.TMP
    C:\Program Files\Borland\Common Files\BDE\~GLH0007.TMP ---> C:\PROGRA~1\Borland\COMMON~1\BDE\IDAPI32.DLL
    C:\Program Files\Borland\Common Files\BDE\temp.000 ---> C:\PROGRA~1\Borland\COMMON~1\BDE\~GLH0009.TMP
    C:\Program Files\Borland\Common Files\BDE\~GLH0009.TMP ---> C:\PROGRA~1\Borland\COMMON~1\BDE\BDEADMIN.EXE
    C:\Program Files\Borland\Common Files\BDE\~GLH000a.TMP ---> C:\Program Files\Borland\Common Files\BDE\BDEADMIN.HLP
    C:\Program Files\Borland\Common Files\BDE\~GLH000b.TMP ---> C:\Program Files\Borland\Common Files\BDE\BDEADMIN.CNT
    C:\WINDOWS\system32\~GLH000c.TMP ---> C:\WINDOWS\system32\BDEADMIN.CPL
    C:\Program Files\Borland\Common Files\BDE\~GLH000d.TMP ---> C:\Program Files\Borland\Common Files\BDE\BDE32.HLP
    C:\Program Files\Borland\Common Files\BDE\~GLH000e.TMP ---> C:\Program Files\Borland\Common Files\BDE\BDE32.CNT
    行为描述:修改文件内容
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bdesetup.exe ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\setup.exe ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\setup.exe ---> Offset = 2044
    C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\setup.exe ---> Offset = 133112
    C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\setup.exe ---> Offset = 264180
    C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\setup.exe ---> Offset = 395248
    C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bdesetup.dll ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bdesetup.dll ---> Offset = 34529
    C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bdesetup.dll ---> Offset = 165597
    C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bdesetup.dll ---> Offset = 296665
    C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bdesetup.dll ---> Offset = 427733
    C:\Documents and Settings\Administrator\Local Settings\Temp\GLC6.tmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\GLC6.tmp ---> Offset = 32768
    C:\Documents and Settings\Administrator\Local Settings\Temp\GLC6.tmp ---> Offset = 65536
    C:\Documents and Settings\Administrator\Local Settings\Temp\GLC6.tmp ---> Offset = 98304
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\bdesetup.exe
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Borland\Common Files\BDE\IDR20009.DLL
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Borland\Common Files\BDE\IDAPI32.DLL
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Borland\Common Files\BDE\BDEADMIN.EXE
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Borland\Common Files\BDE\BDEADMIN.HLP
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Borland\Common Files\BDE\BDEADMIN.CNT
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\system32\BDEADMIN.CPL
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Borland\Common Files\BDE\BDE32.HLP
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Borland\Common Files\BDE\BDE32.CNT
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Borland\Common Files\BDE\BLW32.DLL
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Borland\Common Files\BDE\CEEUROPE.BTL
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Borland\Common Files\BDE\EUROPE.BTL
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Borland\Common Files\BDE\FAREAST.BTL
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Borland\Common Files\BDE\OTHER.BTL
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Borland\Common Files\BDE\BANTAM.DLL
    其他行为
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MSCTF.Shared.MUTEX.IOH
    Local\ZonesCounterMutex
    Local\ZoneAttributeCacheCounterMutex
    Local\ZonesCacheCounterMutex
    Local\ZonesLockedCacheCounterMutex
    oleacc-msaa-loaded
    SHIMLIB_LOG_MUTEX
    MSCTF.Shared.MUTEX.IOM
    WBEMPROVIDERSTATICMUTEX
    行为描述:创建事件对象
    详情信息:EventName = Global\userenv: User Profile setup event
    EventName = DINPUTWINMM
    EventName = MSCTF.SendReceive.Event.IOM.IC
    EventName = MSCTF.SendReceiveConection.Event.IOM.IC
    EventName = Global\crypt32LogoffEvent
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    行为描述:获取TickCount值
    详情信息:TickCount = 220441, SleepMilliseconds = 20.
    TickCount = 220457, SleepMilliseconds = 20.
    TickCount = 220473, SleepMilliseconds = 20.
    TickCount = 220551, SleepMilliseconds = 20.
    TickCount = 221988, SleepMilliseconds = 20.
    TickCount = 222098, SleepMilliseconds = 20.
    TickCount = 222113, SleepMilliseconds = 20.
    TickCount = 222129, SleepMilliseconds = 20.
    TickCount = 222160, SleepMilliseconds = 20.
    TickCount = 222176, SleepMilliseconds = 20.
    TickCount = 222207, SleepMilliseconds = 20.
    TickCount = 222285, SleepMilliseconds = 20.
    TickCount = 222473, SleepMilliseconds = 20.
    TickCount = 222488, SleepMilliseconds = 20.
    TickCount = 222770, SleepMilliseconds = 20.
    行为描述:调整进程token权限
    详情信息:SE_LOAD_DRIVER_PRIVILEGE
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
    MSCTF.SendReceiveConection.Event.IOH.IC
    MSCTF.SendReceive.Event.IOH.IC
    \SECURITY\LSA_AUTHENTICATION_INITIALIZED
    _fCanRegisterWithShellService
    CTF.ThreadMIConnectionEvent.000007E8.00000000.00000011
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000011
    Global\crypt32LogoffEvent
    SRStopEvent
    行为描述:可执行文件签名信息
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bdesetup.exe(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\setup.exe(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bdesetup.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\GLC6.tmp(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\GLK7.tmp(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0000.TMP(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0001.TMP(签名验证: 未通过)
    C:\Program Files\Borland\Common Files\BDE\~GLH0002.TMP(签名验证: 未通过)
    C:\Program Files\Borland\Common Files\BDE\temp.000(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0004.TMP(签名验证: 未通过)
    C:\Program Files\Borland\Common Files\BDE\~GLH0006.TMP(签名验证: 未通过)
    C:\Program Files\Borland\Common Files\BDE\~GLH0008.TMP(签名验证: 通过)
    C:\Program Files\Borland\Common Files\BDE\temp.000(签名验证: 通过)
    C:\WINDOWS\system32\~GLH000c.TMP(签名验证: 未通过)
    C:\Program Files\Borland\Common Files\BDE\~GLH000f.TMP(签名验证: 未通过)
    行为描述:调用Sleep函数
    详情信息:[1]: MilliSeconds = 20.
    [1]: MilliSeconds = 250.
    [2]: MilliSeconds = 250.
    [3]: MilliSeconds = 250.
    [4]: MilliSeconds = 250.
    [5]: MilliSeconds = 250.
    [6]: MilliSeconds = 250.
    [7]: MilliSeconds = 250.
    [8]: MilliSeconds = 250.
    [9]: MilliSeconds = 4000.
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,Static]
    [Window,Class] = [,Button]
    行为描述:可执行文件MD5
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bdesetup.exe ---> 2a7f58aeba14f15f97b3d96664cbac02
    C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\setup.exe ---> 50ad4c811a24a211be926a3fee96916c
    C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bdesetup.dll ---> 9681c2049b8aa098ee940913868d9d72
    C:\Documents and Settings\Administrator\Local Settings\Temp\GLC6.tmp ---> fbd929bfc7b4a9e4fa4506655bab4c4a
    C:\Documents and Settings\Administrator\Local Settings\Temp\GLK7.tmp ---> 3df61e5730883b2d338addd7acbe4bc4
    C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0000.TMP ---> 8c690db2c58b64b0a8540892354d55e3
    C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0001.TMP ---> 5084b505816dd0060afcbf41ea6ae946
    C:\Program Files\Borland\Common Files\BDE\~GLH0002.TMP ---> f453f022784cc6990146d9424c372663
    C:\Program Files\Borland\Common Files\BDE\temp.000 ---> f453f022784cc6990146d9424c372663
    C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0004.TMP ---> a43100014cc31f9f031daaac6eeaba7b
    C:\Program Files\Borland\Common Files\BDE\~GLH0006.TMP ---> a4f5df47c0b3539d496ce8b09c4b9908
    C:\Program Files\Borland\Common Files\BDE\temp.000 ---> a4f5df47c0b3539d496ce8b09c4b9908
    C:\Program Files\Borland\Common Files\BDE\~GLH0008.TMP ---> 3197b94699727a2512894a4410583535
    C:\Program Files\Borland\Common Files\BDE\temp.000 ---> 3197b94699727a2512894a4410583535
    C:\WINDOWS\system32\~GLH000c.TMP ---> 4bc02bd73338c3a26265f5c64dbec770
    行为描述:打开互斥体
    详情信息:ShimCacheMutex
    Local\!IETld!Mutex
    行为描述:加载新释放的文件
    详情信息:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\bdesetup.dll.
    Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLC6.tmp.
    Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLK7.tmp.
    Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLFB.tmp.
    Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IDAPINST.DLL.
    Image: C:\Program Files\Borland\Common Files\BDE\IDAPI32.DLL.
    Image: C:\Program Files\Borland\Common Files\BDE\IDR20009.DLL.
    Image: C:\Program Files\Borland\Common Files\BDE\BANTAM.DLL.
    运行截图
    VirSCAN

Despre VirSCAN | Politica de confidențialitate | Contact | 友情链接 | Ajută VirSCAN
Tradus de Viorel Petrișor Neculai & Mihai Chiş, România
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号