VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:71
Behavior list
Basic Information
MD5:06ec7a105bb6b0d3f9db0c169c0363c1
file type:EXE
Production company:思民Time
version:2.0.1.7---2.0.1.7
Shell or compiler information:COMPILER:Microsoft Visual C++ v6.0 DLL *
Key behavior
Behavior description:设置特殊文件夹属性
details:C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
Behavior description:直接获取CPU时钟
details:EAX = 0x96907a08, EDX = 0x00000075
EAX = 0x99437984, EDX = 0x00000075
EAX = 0xa131476d, EDX = 0x00000075
EAX = 0xc3704d6a, EDX = 0x00000075
EAX = 0x171d3486, EDX = 0x00000076
EAX = 0x171d34d2, EDX = 0x00000076
EAX = 0x171d351e, EDX = 0x00000076
EAX = 0x171d356a, EDX = 0x00000076
EAX = 0x19d034e6, EDX = 0x00000076
EAX = 0x19d03532, EDX = 0x00000076
Behavior description:获取TickCount值
details:TickCount = 140941, SleepMilliseconds = 4.
TickCount = 140957, SleepMilliseconds = 4.
TickCount = 140976, SleepMilliseconds = 8.
File behavior
Behavior description:设置特殊文件夹属性
details:C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
Behavior description:查找文件
details:FileName = C:\Users\Administrator
FileName = C:\Users\Administrator\Documents
Network behavior
Behavior description:建立到一个指定的套接字连接
details:URL: ww****cn, IP: **.133.40.**:128, SOCKET = 0x00000158
Behavior description:按名称获取主机地址
details:GetAddrInfoW: ww****cn
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:Local\_!MSFTHISTORY!_
Local\c:!users!administrator!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Local\c:!users!administrator!appdata!roaming!microsoft!windows!cookies!
Local\c:!users!administrator!appdata!local!microsoft!windows!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Behavior description:隐藏指定窗口
details:[Window,Class] = [,tooltips_class32]
Behavior description:打开互斥体
details:Local\MSCTF.Asm.MutexDefault1
Local\_!MSFTHISTORY!_
Local\c:!users!administrator!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Local\c:!users!administrator!appdata!roaming!microsoft!windows!cookies!
Local\c:!users!administrator!appdata!local!microsoft!windows!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [,全国中小学教师继续教育网挂机助手 - 思民软件]
Behavior description:窗口信息
details:Pid = 3040, Hwnd=0x501dc, Text = 欢迎使用 思民系列软件, ClassName = msctls_statusbar32.
Pid = 3040, Hwnd=0xb0154, Text = 全国中小学教师继续教育网挂机助手 - 思民软件, ClassName = Afx:00A00000:b:00010003:00000006:005301C7.
Behavior description:获取TickCount值
details:TickCount = 140941, SleepMilliseconds = 4.
TickCount = 140957, SleepMilliseconds = 4.
TickCount = 140976, SleepMilliseconds = 8.
Behavior description:获取光标位置
details:CursorPos = (806,18728), SleepMilliseconds = 8.
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
\KernelObjects\MaximumCommitCondition
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 4.
[2]: MilliSeconds = 8.
[3]: MilliSeconds = 0.
[4]: MilliSeconds = 0.
[5]: MilliSeconds = 0.
[6]: MilliSeconds = 0.
[7]: MilliSeconds = 0.
[8]: MilliSeconds = 0.
[9]: MilliSeconds = 0.
[10]: MilliSeconds = 0.
Behavior description:直接获取CPU时钟
details:EAX = 0x96907a08, EDX = 0x00000075
EAX = 0x99437984, EDX = 0x00000075
EAX = 0xa131476d, EDX = 0x00000075
EAX = 0xc3704d6a, EDX = 0x00000075
EAX = 0x171d3486, EDX = 0x00000076
EAX = 0x171d34d2, EDX = 0x00000076
EAX = 0x171d351e, EDX = 0x00000076
EAX = 0x171d356a, EDX = 0x00000076
EAX = 0x19d034e6, EDX = 0x00000076
EAX = 0x19d03532, EDX = 0x00000076
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号