VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
文件信息
安全评分 :78
基本信息
MD5:53b23de1ea97be7bfd488eb13ef92f13
文件类型:Rar
出品公司:
版本:
壳或编译器信息:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation *
子文件信息:background.bmpdumpFile / bf1f41b212f6936a52d42f1d41a41924 / Unknown
menubg.bmpdumpFile / 3f9eff643fa8eefa5e2e19e371bc0c25 / Unknown
CLaunch.exedumpFile / 44ddff5a4af7dfefc0be89cb72db53ab / EXE
CLaunch.exe / 44ddff5a4af7dfefc0be89cb72db53ab / EXE
background.bmpdumpFile / 2a882941de7b087b9acb8c2c9666c2da / Unknown
CLaunch_ja.chmdumpFile / d75e7ae39ac847abbb8194863033deb7 / Chm
CLaunch_ja.chm / d75e7ae39ac847abbb8194863033deb7 / Chm
CLaunch_en.chm / 9bf58d13067a5d7ffd634dd3b2b61ad2 / Chm
CLaunch_en.chmdumpFile / 9bf58d13067a5d7ffd634dd3b2b61ad2 / Chm
Setup.exedumpFile / 6735c898d763534168486f6d0e168b83 / EXE
Setup.exe / 6735c898d763534168486f6d0e168b83 / EXE
English.dll / a596c26d1b8c9010f8024c3813b13caa / DLL
English.dlldumpFile / a596c26d1b8c9010f8024c3813b13caa / DLL
Chinese.dll / 55967f0e8b724796d9c2de16da1ba568 / DLL
Chinese.dlldumpFile / 55967f0e8b724796d9c2de16da1ba568 / DLL
CLaunch.jpgdumpFile / 92edef1cd832b03edc1fdb358b132837 / Unknown
CLaunch.jpgdumpFile / 92edef1cd832b03edc1fdb358b132837 / Unknown
Glass.zipdumpFile / 502a241c47b36070c97e3f7b6aecc292 / zip
Glass.zip / 502a241c47b36070c97e3f7b6aecc292 / zip
关键行为
行为描述:设置消息钩子
详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\cl327u\ClHook.dll
行为描述:获取TickCount值
详情信息:TickCount = 5435459, SleepMilliseconds = 100.
进程行为
行为描述:创建本地线程
详情信息:TargetProcess: CLaunch.exe, InheritedFromPID = 1944, ProcessID = 2836, ThreadID = 2908, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: CLaunch.exe, InheritedFromPID = 1944, ProcessID = 2836, ThreadID = 2912, StartAddress = 00483507, Parameter = 00B542B0
文件行为
行为描述:创建文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\cl327u\Data\Administrator\CLaunch.ini
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\cl327u\Data\Administrator\Design.ini
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\cl327u\Data\Administrator\Mode1.cic
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\cl327u\Data\Administrator\Mode2.cic
行为描述:修改文件内容
详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\cl327u\Data\Administrator\CLaunch.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\cl327u\Data\Administrator\CLaunch.ini ---> Offset = 2
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\cl327u\Data\Administrator\CLaunch.ini ---> Offset = 28
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\cl327u\Data\Administrator\CLaunch.ini ---> Offset = 64
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\cl327u\Data\Administrator\CLaunch.ini ---> Offset = 88
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\cl327u\Data\Administrator\Design.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\cl327u\Data\Administrator\Design.ini ---> Offset = 2
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\cl327u\Data\Administrator\Design.ini ---> Offset = 22
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\cl327u\Data\Administrator\Design.ini ---> Offset = 36
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\cl327u\Data\Administrator\Design.ini ---> Offset = 66
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\cl327u\Data\Administrator\Mode1.cic ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\cl327u\Data\Administrator\Mode1.cic ---> Offset = 12
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\cl327u\Data\Administrator\Mode1.cic ---> Offset = 36
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\cl327u\Data\Administrator\Mode1.cic ---> Offset = 40
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\cl327u\Data\Administrator\Mode1.cic ---> Offset = 44
行为描述:查找文件
详情信息:FileName = Data
FileName = Languages
FileName = Plugins
FileName = Skins
FileName = CLaunch.ini
FileName = Administrator
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\SHELL32.dll,-8964
其他行为
行为描述:获取光标位置
详情信息:CursorPos = (96,18500), SleepMilliseconds = 100.
CursorPos = (6389,26533), SleepMilliseconds = 100.
CursorPos = (19224,15757), SleepMilliseconds = 100.
CursorPos = (11533,29391), SleepMilliseconds = 100.
CursorPos = (27017,24497), SleepMilliseconds = 100.
CursorPos = (5760,28178), SleepMilliseconds = 100.
CursorPos = (23336,16860), SleepMilliseconds = 100.
CursorPos = (10016,524), SleepMilliseconds = 100.
CursorPos = (3050,11975), SleepMilliseconds = 100.
CursorPos = (4882,5469), SleepMilliseconds = 100.
CursorPos = (32446,14637), SleepMilliseconds = 100.
CursorPos = (3957,186), SleepMilliseconds = 100.
CursorPos = (347,12415), SleepMilliseconds = 100.
CursorPos = (17476,18749), SleepMilliseconds = 100.
CursorPos = (19773,19928), SleepMilliseconds = 100.
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
CLICK_MUTEX
CIRCLE_MUTEX
WNDCTRLREQ_MUTEX
CLKEY_MUTEX
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,tooltips_class32]
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [CLaunchWndClass,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
行为描述:获取TickCount值
详情信息:TickCount = 5435459, SleepMilliseconds = 100.
行为描述:调整进程token权限
详情信息:SE_INC_BASE_PRIORITY_PRIVILEGE
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
行为描述:调用Sleep函数
详情信息:[1]: MilliSeconds = 100.
[2]: MilliSeconds = 100.
[3]: MilliSeconds = 100.
[4]: MilliSeconds = 100.
[5]: MilliSeconds = 100.
[6]: MilliSeconds = 100.
[7]: MilliSeconds = 100.
[8]: MilliSeconds = 100.
[9]: MilliSeconds = 100.
[10]: MilliSeconds = 100.
行为描述:打开互斥体
详情信息:ShimCacheMutex
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号