VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:70
behaviorlist
Basic Information
MD5:0216ea33096cc80037ae35d5ea2dee97
file type:EXE
Production company:
version:
Shell or compiler information:COMPILER:Borland Delphi 6.0 - 7.0
Key behavior
Behavior description:跨进程写入数据
details:TargetProcess = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe, WriteAddress = 0x00400000, Size = 0x00014000 TargetPID = 0x00000a8c
TargetProcess = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe, WriteAddress = 0x7ffde008, Size = 0x00000004 TargetPID = 0x00000a8c
Behavior description:设置线程上下文
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\SICE
\??\NTICE
\??\NTICE7871
\??\NTICED052
Process behavior
Behavior description:创建进程
details:[0x00000a8c]ImagePath = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe, CmdLine = "C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe"
Behavior description:设置线程上下文
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
Behavior description:枚举进程
details:N/A
Behavior description:跨进程写入数据
details:TargetProcess = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe, WriteAddress = 0x00400000, Size = 0x00014000 TargetPID = 0x00000a8c
TargetProcess = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe, WriteAddress = 0x7ffde008, Size = 0x00000004 TargetPID = 0x00000a8c
File behavior
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
Other behavior
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Behavior description:打开互斥体
details:ShimCacheMutex
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\SICE
\??\NTICE
\??\NTICE7871
\??\NTICED052
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号