VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:0%Antivirus software(0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2017-07-01 09:05:22 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 2.0 1970-01-01 Found nothing 16
asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 4
avast 170303-1 4.7.4 2017-03-03 Found nothing 60
avg 2109/14122 10.0.1405 2017-06-29 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 4
baidusd 1.0 1.0 2017-03-22 Found nothing 4
bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
clamav 23503 0.97.5 2017-06-24 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2017-06-18 Found nothing 60
fortinet 49.866, 49.796 5.4.247 2017-07-01 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
gdata 25.13138 25.13138 2017-06-30 Found nothing 25
ikarus 1.06.01 V1.32.31.0 2016-11-28 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2017-06-29 Found nothing 3
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2017-06-30 Found nothing 6
mcafee 8261 5400.1158 2016-08-18 Found nothing 60
nod32 1777 3.0.21 2015-06-12 Found nothing 60
panda 9.05.01 9.05.01 2017-06-29 Found nothing 6
pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 18
qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
quickheal 14.00 14.00 2017-06-30 Found nothing 6
rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 32
sophos 5.32 3.65.2 2016-10-10 Found nothing 60
symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 8
thehacker 6.8.0.5 6.8.0.5 2017-06-27 Found nothing 12
tws 17.47.17308 1.0.2.2108 2017-06-30 Found nothing 31
vba 3.12.29.5 beta 3.12.29.5 beta 2017-06-30 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60

没有相关的权限信息

文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:e4eff15533fa73ceb9ce053edabecb12
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:
最低运行环境:
版权:
关键行为
VirSCANVirSCAN
行为描述: 跨进程写入数据
详情信息: TargetProcess = C:\Windows\supportf18.exe, WriteAddress = 0x00150000, Size = 0x00000020 TargetPID = 0x00000b34
TargetProcess = C:\Windows\supportf18.exe, WriteAddress = 0x00150020, Size = 0x00000034 TargetPID = 0x00000b34
TargetProcess = C:\Windows\supportf18.exe, WriteAddress = 0x7ffdf238, Size = 0x00000004 TargetPID = 0x00000b34
行为描述: 常规加载驱动
详情信息: \??\C:\Windows\ipsec32.sys
行为描述: 获取TickCount值
详情信息: TickCount = 129281, SleepMilliseconds = 60000.
TickCount = 129296, SleepMilliseconds = 60000.
TickCount = 129312, SleepMilliseconds = 60000.
TickCount = 129343, SleepMilliseconds = 60000.
TickCount = 129546, SleepMilliseconds = 60000.
TickCount = 129562, SleepMilliseconds = 60000.
TickCount = 129593, SleepMilliseconds = 60000.
TickCount = 129609, SleepMilliseconds = 60000.
TickCount = 129625, SleepMilliseconds = 60000.
TickCount = 129656, SleepMilliseconds = 60000.
TickCount = 129906, SleepMilliseconds = 60000.
TickCount = 129921, SleepMilliseconds = 60000.
TickCount = 129937, SleepMilliseconds = 60000.
TickCount = 129953, SleepMilliseconds = 60000.
TickCount = 130015, SleepMilliseconds = 60000.
行为描述: 查找PE资源信息
详情信息: (FindResourceExExW) hModule = 0x00000000, ResName: 95(ID), ResType: WIN32EXE
(FindResourceExExW) hModule = 0x00000000, ResName: 140(ID), ResType: WIN32EXE
(FindResourceExExW) hModule = 0x00000000, ResName: 97(ID), ResType: WIN32EXE
(FindResourceExExW) hModule = 0x00400000, ResName: 84(ID), ResType: EXE
行为描述: 设置特殊文件夹属性
详情信息: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
行为描述: 直接获取CPU时钟
详情信息: EAX = 0x3da48480, EDX = 0x00000039
EAX = 0x405783fc, EDX = 0x00000039
EAX = 0x40578448, EDX = 0x00000039
EAX = 0x40578494, EDX = 0x00000039
EAX = 0x5033201a, EDX = 0x00000039
EAX = 0x50332066, EDX = 0x00000039
EAX = 0x6d3757f6, EDX = 0x00000039
EAX = 0x6d375842, EDX = 0x00000039
EAX = 0x6fea57be, EDX = 0x00000039
EAX = 0x6fea580a, EDX = 0x00000039
EAX = 0x26abdd27, EDX = 0x0000003b
EAX = 0x314caa40, EDX = 0x0000003b
EAX = 0x4b9de2a0, EDX = 0x0000003b
EAX = 0x4bc912df, EDX = 0x0000003b
行为描述: 创建系统服务
详情信息: [服务创建成功]: ipsec32.sys, C:\Windows\ipsec32.sys
进程行为
VirSCANVirSCAN
行为描述: 跨进程写入数据
详情信息: TargetProcess = C:\Windows\supportf18.exe, WriteAddress = 0x00150000, Size = 0x00000020 TargetPID = 0x00000b34
TargetProcess = C:\Windows\supportf18.exe, WriteAddress = 0x00150020, Size = 0x00000034 TargetPID = 0x00000b34
TargetProcess = C:\Windows\supportf18.exe, WriteAddress = 0x7ffdf238, Size = 0x00000004 TargetPID = 0x00000b34
行为描述: 常规加载驱动
详情信息: \??\C:\Windows\ipsec32.sys
行为描述: 获取TickCount值
详情信息: TickCount = 129281, SleepMilliseconds = 60000.
TickCount = 129296, SleepMilliseconds = 60000.
TickCount = 129312, SleepMilliseconds = 60000.
TickCount = 129343, SleepMilliseconds = 60000.
TickCount = 129546, SleepMilliseconds = 60000.
TickCount = 129562, SleepMilliseconds = 60000.
TickCount = 129593, SleepMilliseconds = 60000.
TickCount = 129609, SleepMilliseconds = 60000.
TickCount = 129625, SleepMilliseconds = 60000.
TickCount = 129656, SleepMilliseconds = 60000.
TickCount = 129906, SleepMilliseconds = 60000.
TickCount = 129921, SleepMilliseconds = 60000.
TickCount = 129937, SleepMilliseconds = 60000.
TickCount = 129953, SleepMilliseconds = 60000.
TickCount = 130015, SleepMilliseconds = 60000.
行为描述: 查找PE资源信息
详情信息: (FindResourceExExW) hModule = 0x00000000, ResName: 95(ID), ResType: WIN32EXE
(FindResourceExExW) hModule = 0x00000000, ResName: 140(ID), ResType: WIN32EXE
(FindResourceExExW) hModule = 0x00000000, ResName: 97(ID), ResType: WIN32EXE
(FindResourceExExW) hModule = 0x00400000, ResName: 84(ID), ResType: EXE
行为描述: 设置特殊文件夹属性
详情信息: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
行为描述: 直接获取CPU时钟
详情信息: EAX = 0x3da48480, EDX = 0x00000039
EAX = 0x405783fc, EDX = 0x00000039
EAX = 0x40578448, EDX = 0x00000039
EAX = 0x40578494, EDX = 0x00000039
EAX = 0x5033201a, EDX = 0x00000039
EAX = 0x50332066, EDX = 0x00000039
EAX = 0x6d3757f6, EDX = 0x00000039
EAX = 0x6d375842, EDX = 0x00000039
EAX = 0x6fea57be, EDX = 0x00000039
EAX = 0x6fea580a, EDX = 0x00000039
EAX = 0x26abdd27, EDX = 0x0000003b
EAX = 0x314caa40, EDX = 0x0000003b
EAX = 0x4b9de2a0, EDX = 0x0000003b
EAX = 0x4bc912df, EDX = 0x0000003b
行为描述: 创建系统服务
详情信息: [服务创建成功]: ipsec32.sys, C:\Windows\ipsec32.sys
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\Windows\libegl.dll
C:\Windows\supportf18.exe
C:\Windows\ipsec32.sys
C:\Windows\System32\PanData\log\20170705075501.log
C:\Windows\System32\PanData\aria2c.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KQWVTOD\wpad[1].dat
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KQWVTOD\api[1]
C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb
C:\Users\Administrator\AppData\Local\Microsoft\Windows\WER\ERC\statecache.lock
行为描述: 创建可执行文件
详情信息: C:\Windows\libegl.dll
C:\Windows\supportf18.exe
C:\Windows\ipsec32.sys
C:\Windows\System32\PanData\aria2c.exe
行为描述: 查找文件
详情信息: FileName = C:\Windows\libegl.zh-CN
FileName = C:\Windows\libegl.zh-Hans
FileName = C:\Windows\libegl.zh
FileName = C:\Windows\libegl.en-US
FileName = C:\Windows\libegl.en
FileName = C:\Windows\libegl.CHS
FileName = C:\Windows\libegl.CH
FileName = C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk
FileName = C:\ProgramData\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\Windows\system32\Ras\*.pbk
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\Windows
FileName = C:\Windows\*.*
FileName = C:\Users\Administrator\Desktop\QQ浏览器.lnk
行为描述: 删除文件
详情信息: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KQWVTOD\wpad[1].dat
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KQWVTOD\api[1]
C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb
C:\Users\Administrator\AppData\Local\Microsoft\Windows\WER\ERC\statecache.lock
行为描述: 设置特殊文件夹属性
详情信息: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
行为描述: 修改文件内容
详情信息: C:\Windows\libegl.dll ---> Offset = 0
C:\Windows\supportf18.exe ---> Offset = 0
C:\Windows\ipsec32.sys ---> Offset = 0
C:\Windows\System32\PanData\log\20170705075501.log ---> Offset = 0
C:\Windows\System32\PanData\aria2c.exe ---> Offset = 0
C:\Windows\WindowsUpdate.log ---> Offset = 53248
C:\Windows\WindowsUpdate.log ---> Offset = 54288
C:\Windows\WindowsUpdate.log ---> Offset = 54408
C:\Windows\WindowsUpdate.log ---> Offset = 54492
C:\Windows\WindowsUpdate.log ---> Offset = 54575
C:\Windows\WindowsUpdate.log ---> Offset = 54631
C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb ---> Offset = 0
C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb ---> Offset = 393216
C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb ---> Offset = 131072
C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb ---> Offset = 65536
网络行为
VirSCANVirSCAN
行为描述: 联网打开网址
详情信息: InternetOpenUrlA: http://u.****om/gameall/api?a=s&nm=ggggg&q=d43&v=1.0.0&s3=0&m=08-00-27-48-89-80, hInternet = 0x00cc0004, Flags = 0x00000001
InternetOpenUrlA: http://**.133.40.**:128/wpad.dat, hInternet = 0x00cc0008, Flags = 0x00000010
行为描述: 打开HTTP连接
详情信息: InternetOpenA: UserAgent: b70c, hSession = 0x00cc0004
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0), hSession = 0x00cc0008
行为描述: 建立到一个指定的套接字连接
详情信息: URL: wpad, IP: **.133.40.**:128, SOCKET = 0x00000424
URL: u.****om, IP: **.133.40.**:80, SOCKET = 0x00000420
行为描述: 读取网络文件
详情信息: hFile = 0x00cc0010, BytesToRead =4010, BytesRead = 4010.
行为描述: 发送HTTP包
详情信息: GET /wpad.dat HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0) Host: **.133.40.**:128
GET /gameall/api?a=s&nm=ggggg&q=d43&v=1.0.0&s3=0&m=08-00-27-48-89-80 HTTP/1.1 User-Agent: b70c Host: u.****om
行为描述: 按名称获取主机地址
详情信息: GetAddrInfoW: a-PC
GetAddrInfoW: wpad
GetAddrInfoW: u.****om
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows Script\Settings\JITDebug
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\EnableFileTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\EnableConsoleTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\FileTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\ConsoleTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\MaxFileSize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\FileDirectory
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASMANCS\EnableFileTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASMANCS\EnableConsoleTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASMANCS\FileTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASMANCS\ConsoleTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASMANCS\MaxFileSize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASMANCS\FileDirectory
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-*\RefCount
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\BITS\Performance\PerfMMFileName
其他行为
VirSCANVirSCAN
行为描述: 检测自身是否被调试
详情信息: IsDebuggerPresent
行为描述: 创建互斥体
详情信息: Local\_!MSFTHISTORY!_
Local\c:!users!administrator!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Local\c:!users!administrator!appdata!roaming!microsoft!windows!cookies!
Local\c:!users!administrator!appdata!local!microsoft!windows!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
RasPbFile
PanDownload
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
IESQMMUTEX_0_208
Local\!IETld!Mutex
行为描述: 常规加载驱动
详情信息: \??\C:\Windows\ipsec32.sys
行为描述: 打开互斥体
详情信息: Local\MSCTF.Asm.MutexDefault1
Local\_!MSFTHISTORY!_
Local\c:!users!administrator!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Local\c:!users!administrator!appdata!roaming!microsoft!windows!cookies!
Local\c:!users!administrator!appdata!local!microsoft!windows!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!IETld!Mutex
CDBurnNotify
Global\CDBurnExclusive
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [SystemTray_Main,]
行为描述: 启动系统服务
详情信息: [服务启动成功]: , ipsec32.sys, \??\C:\Windows\ipsec32.sys
行为描述: 窗口信息
详情信息: Pid = 2868, Hwnd=0x20168, Text = 本软件仅供学习交流使用,不得用于商业用途!, ClassName = MsgBoxUI.
Pid = 2484, Hwnd=0x20186, Text = 1:, ClassName = Static.
Pid = 2484, Hwnd=0x20184, Text = load, ClassName = Button.
Pid = 2484, Hwnd=0x20182, Text = 1, ClassName = Button.
Pid = 2484, Hwnd=0x20180, Text = 2, ClassName = Button.
Pid = 2484, Hwnd=0x201ba, Text = 3, ClassName = Button.
Pid = 2484, Hwnd=0x201e6, Text = 4, ClassName = Button.
Pid = 2484, Hwnd=0x30172, Text = C:\Users\Administrator\Desktop, ClassName = MFCEditBrowse.
行为描述: 获取TickCount值
详情信息: TickCount = 129281, SleepMilliseconds = 60000.
TickCount = 129296, SleepMilliseconds = 60000.
TickCount = 129312, SleepMilliseconds = 60000.
TickCount = 129343, SleepMilliseconds = 60000.
TickCount = 129546, SleepMilliseconds = 60000.
TickCount = 129562, SleepMilliseconds = 60000.
TickCount = 129593, SleepMilliseconds = 60000.
TickCount = 129609, SleepMilliseconds = 60000.
TickCount = 129625, SleepMilliseconds = 60000.
TickCount = 129656, SleepMilliseconds = 60000.
TickCount = 129906, SleepMilliseconds = 60000.
TickCount = 129921, SleepMilliseconds = 60000.
TickCount = 129937, SleepMilliseconds = 60000.
TickCount = 129953, SleepMilliseconds = 60000.
TickCount = 130015, SleepMilliseconds = 60000.
行为描述: 调整进程token权限
详情信息: SE_SECURITY_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
SE_ASSIGNPRIMARYTOKEN_PRIVILEGE
SE_MANAGE_VOLUME_PRIVILEGE
行为描述: 打开事件
详情信息: HookSwitchHookEnabledEvent
\KernelObjects\MaximumCommitCondition
MSFT.VSA.COM.DISABLE.2484
MSFT.VSA.IEC.STATUS.6c736db0
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
SC_AutoStartComplete
行为描述: 查找PE资源信息
详情信息: (FindResourceExExW) hModule = 0x00000000, ResName: 95(ID), ResType: WIN32EXE
(FindResourceExExW) hModule = 0x00000000, ResName: 140(ID), ResType: WIN32EXE
(FindResourceExExW) hModule = 0x00000000, ResName: 97(ID), ResType: WIN32EXE
(FindResourceExExW) hModule = 0x00400000, ResName: 84(ID), ResType: EXE
行为描述: 可执行文件签名信息
详情信息: C:\Windows\libegl.dll(签名验证: 未通过)
C:\Windows\supportf18.exe(签名验证: 未通过)
C:\Windows\ipsec32.sys(签名验证: 未通过)
C:\Windows\System32\PanData\aria2c.exe(签名验证: 未通过)
行为描述: 调用Sleep函数
详情信息: [1]: MilliSeconds = 60000.
[2]: MilliSeconds = 60000.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 60000.
[5]: MilliSeconds = 0.
[6]: MilliSeconds = 60000.
[1]: MilliSeconds = 1.
[2]: MilliSeconds = 1.
[3]: MilliSeconds = 1.
[4]: MilliSeconds = 1.
[5]: MilliSeconds = 1.
[6]: MilliSeconds = 1.
[7]: MilliSeconds = 1.
[8]: MilliSeconds = 1.
[9]: MilliSeconds = 1.
行为描述: 可执行文件MD5
详情信息: C:\Windows\libegl.dll ---> 65b2f8a9e6d8975b740d3653d0b074bd
C:\Windows\supportf18.exe ---> 998547ca9f737daa7aac927fd46a3b56
C:\Windows\ipsec32.sys ---> 41c44e42120549e5222c3c6a2b5ad3b4
C:\Windows\System32\PanData\aria2c.exe ---> 4943ba11f55a2140a95847f09ead2fe6
行为描述: 直接获取CPU时钟
详情信息: EAX = 0x3da48480, EDX = 0x00000039
EAX = 0x405783fc, EDX = 0x00000039
EAX = 0x40578448, EDX = 0x00000039
EAX = 0x40578494, EDX = 0x00000039
EAX = 0x5033201a, EDX = 0x00000039
EAX = 0x50332066, EDX = 0x00000039
EAX = 0x6d3757f6, EDX = 0x00000039
EAX = 0x6d375842, EDX = 0x00000039
EAX = 0x6fea57be, EDX = 0x00000039
EAX = 0x6fea580a, EDX = 0x00000039
EAX = 0x26abdd27, EDX = 0x0000003b
EAX = 0x314caa40, EDX = 0x0000003b
EAX = 0x4b9de2a0, EDX = 0x0000003b
EAX = 0x4bc912df, EDX = 0x0000003b
行为描述: 创建系统服务
详情信息: [服务创建成功]: ipsec32.sys, C:\Windows\ipsec32.sys
行为描述: 加载新释放的文件
详情信息: Image: C:\Windows\libegl.dll.
Image: C:\Windows\supportf18.exe.
运行截图
VirSCANVirSCAN
VirSCAN