VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:71
Behavior list
Basic Information
MD5:0029a840305dc99cecefda1e619ad880
file type:EXE
Production company:CyberLink Corp.
version:14.0.0.5010---14.0.0.5010
Shell or compiler information:PACKER:PESpin 0.3x - 1.xx -> cyberbob [Overlay]
Key behavior
Behavior description:跨进程写入数据
details:TargetProcess = sample.exe, WriteAddress = 0x00432300, Size = 4
TargetProcess = sample.exe, WriteAddress = 0x0043233c, Size = 4
TargetProcess = sample.exe, WriteAddress = 0x00432374, Size = 4
TargetProcess = sample.exe, WriteAddress = 0x004323ac, Size = 4
Behavior description:设置线程上下文
details:C:\%temp%\1412367227.155283.exe
C:\%temp%\1412367227.243737.exe
C:\%temp%\1412367227.336236.exe
C:\%temp%\1412367227.419214.exe
C:\%temp%\1412367227.501997.exe
C:\%temp%\1412367227.584726.exe
C:\%temp%\1412367227.667419.exe
C:\%temp%\1412367227.750096.exe
C:\%temp%\1412367227.832743.exe
C:\%temp%\1412367227.915482.exe
C:\%temp%\1412367227.998310.exe
C:\%temp%\1412367228.080989.exe
C:\%temp%\1412367228.163672.exe
C:\%temp%\1412367228.246366.exe
C:\%temp%\1412367228.329043.exe
Process behavior
Behavior description:跨进程写入数据
details:TargetProcess = sample.exe, WriteAddress = 0x00432300, Size = 4
TargetProcess = sample.exe, WriteAddress = 0x0043233c, Size = 4
TargetProcess = sample.exe, WriteAddress = 0x00432374, Size = 4
TargetProcess = sample.exe, WriteAddress = 0x004323ac, Size = 4
Behavior description:创建新文件进程
details:ImagePath = c:\%temp%\1412367227.111908.exe, CmdLine = c:\%temp%\1412367227.111908.exe
Behavior description:设置线程上下文
details:C:\%temp%\1412367227.155283.exe
C:\%temp%\1412367227.243737.exe
C:\%temp%\1412367227.336236.exe
C:\%temp%\1412367227.419214.exe
C:\%temp%\1412367227.501997.exe
C:\%temp%\1412367227.584726.exe
C:\%temp%\1412367227.667419.exe
C:\%temp%\1412367227.750096.exe
C:\%temp%\1412367227.832743.exe
C:\%temp%\1412367227.915482.exe
C:\%temp%\1412367227.998310.exe
C:\%temp%\1412367228.080989.exe
C:\%temp%\1412367228.163672.exe
C:\%temp%\1412367228.246366.exe
C:\%temp%\1412367228.329043.exe
Behavior description:枚举进程
details:N/A
Other behavior
Behavior description:创建互斥体
details:LHRVLCVU
Local\{48AA538A-042E-47f9-9202-B43A9CBFE987}
Behavior description:搜索kernel32.dll基地址
details:Instruction Address = 0x004983c0
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号