VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:77
Behavior list
Behavior analysis report:         Threatbook file behavior analysis report
Basic Information
MD5:056ab2f8046656f7fddcac41e6c1aca0
file type:EXE
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [RAR SFX] *
Subfile information:Start.exe / b2f6a2e2361afd68e933afe1227fc325 / EXE
MatConvert.exe / d4c27aa0064a36c017bff5b3c7d4f416 / EXE
Key behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2720, ThreadID = 2780, StartAddress = 00410EE4, Parameter = 00ADB0F0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2720, ThreadID = 2784, StartAddress = 00410EE4, Parameter = 00ADB0F0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2720, ThreadID = 2788, StartAddress = 00410EE4, Parameter = 00ADB0F0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2720, ThreadID = 2792, StartAddress = 00410EE4, Parameter = 00ADB0F0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2720, ThreadID = 2796, StartAddress = 00410EE4, Parameter = 00ADB0F0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2720, ThreadID = 2800, StartAddress = 00410EE4, Parameter = 00ADB0F0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2720, ThreadID = 2804, StartAddress = 00410EE4, Parameter = 00ADB0F0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2720, ThreadID = 2808, StartAddress = 00410EE4, Parameter = 00ADB0F0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2720, ThreadID = 2812, StartAddress = 00410EE4, Parameter = 00ADB0F0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2720, ThreadID = 2816, StartAddress = 00410EE4, Parameter = 00ADB0F0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2720, ThreadID = 2820, StartAddress = 00410EE4, Parameter = 00ADB0F0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2720, ThreadID = 2824, StartAddress = 00410EE4, Parameter = 00ADB0F0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2720, ThreadID = 2828, StartAddress = 00410EE4, Parameter = 00ADB0F0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2720, ThreadID = 2832, StartAddress = 00410EE4, Parameter = 00ADB0F0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2720, ThreadID = 2836, StartAddress = 00410EE4, Parameter = 00ADB0F0
File behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.EKK
Behavior description:创建事件对象
details:EventName = MSCTF.SendReceive.Event.EKK.IC
EventName = MSCTF.SendReceiveConection.Event.EKK.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [EDIT,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:窗口信息
details:Pid = 2720, Hwnd=0x10340, Text = 目标文件夹(&D), ClassName = Static.
Pid = 2720, Hwnd=0x10342, Text = C:\Program Files\Materialise, ClassName = ComboBox.
Pid = 2720, Hwnd=0x10346, Text = C:\Program Files\Materialise, ClassName = Edit.
Pid = 2720, Hwnd=0x10348, Text = 浏览(&W)..., ClassName = Button.
Pid = 2720, Hwnd=0x1034c, Text = 解压进度, ClassName = Static.
Pid = 2720, Hwnd=0x10352, Text = 解压, ClassName = Button.
Pid = 2720, Hwnd=0x10354, Text = 取消, ClassName = Button.
Pid = 2720, Hwnd=0x1033a, Text = WinRAR 自解压文件, ClassName = #32770.
Pid = 2720, Hwnd=0x20366, Text = 确定, ClassName = Button.
Pid = 2720, Hwnd=0x30378, Text = "" 文件夹无法访问, ClassName = Static.
Pid = 2720, Hwnd=0x30356, Text = 错误, ClassName = #32770.
Pid = 2720, Hwnd=0x1034a, Text = 正解压文件到 文件夹 , ClassName = RichEdit20W.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,RichEdit20W]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [,Internet Explorer_Server]
Behavior description:打开互斥体
details:ShimCacheMutex
Local\WininetStartupMutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!IETld!Mutex
CtfmonInstMutexDefaultS-*
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号