VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:77
Behavior list
Basic Information
MD5:07c39c9775a030ca688f016cd1dc9000
file type:7z
Production company:游侠网
version:1.0.5.32---1.0.5.32
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [Overlay]
Subfile information:upx_c_fe9460f1dumpFile / 2b7507a3d41de7879c1209fedc60ed36 / EXE
ali213box.dll / 0e4a90a8be93441ee8e5847a5d2e30bf / DLL
ali213_box.exe / big file / EXE
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.MEJ..ICDIH
MSCTF.MarshalInterface.FileMap.MEJ.B.ICDIH
MSCTF.MarshalInterface.FileMap.MEJ.C.ICDIH
MSCTF.MarshalInterface.FileMap.MEJ.D.ICDIH
MSCTF.MarshalInterface.FileMap.MEJ.E.ICDIH
MSCTF.MarshalInterface.FileMap.MEJ.F.HFDIH
MSCTF.MarshalInterface.FileMap.MEJ.G.HFDIH
\WINDOWS\system32\zh-cn\ieframe.dll.mui
MSCTF.Shared.SFM.MEJ
Local\C:_Documents and Settings_Administrator_IECompatCache_index.dat_16384
Local\!PrivacIE!SharedMem!Counter
MSCTF.MarshalInterface.FileMap.EMO..MDEKH
\WINDOWS\system32\zh-cn\mshtml.dll.mui
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\游侠云盒.lnk
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IECompatCache
Behavior description:按名称获取主机地址
details:api.ali213.net
nui8gcldcwwm9aujb3bb.5mz8cfvwxevxz4tf0pyp.com
box.ali213.net
f09er35s9ur4zpzxh1da.2yoje9871xlsls8e0th5.com
127.0.0.1
router.bittorrent.com
router.utorrent.com
router.bitcomet.com
box.update.ali213.net
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\511C6BAF-309F-478A-8AF9-999A1771832D-alibox\ali213_box.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\511C6BAF-309F-478A-8AF9-999A1771832D-alibox\ali213_box.exe" /downloadinstall 2007205873 2135634250
ImagePath = D:\Program Files\ali213\ali213_box\ali213_box.exe, CmdLine = "D:\Program Files\ali213\ali213_box\ali213_box.exe"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\Administrator\「开始」菜单\程序\游侠软件\游侠云盒\游侠云盒.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\游侠软件\游侠云盒\卸载.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\游侠软件\游侠云盒\官方网站.url
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\511C6BAF-309F-478A-8AF9-999A1771832D-alibox\ali213_box.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\511C6BAF-309F-478A-8AF9-999A1771832D-alibox\ali213box.dll
C:\DiskD\Program Files\ali213\ali213_box\ali213_box.exe
C:\DiskD\Program Files\ali213\ali213_box\ali213box.dll
Behavior description:查找文件
details:FileName = C:\*.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\511C6BAF-309F-478A-8AF9-999A1771832D-alibox
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\511C6BAF-309F-478A-8AF9-999A1771832D-alibox\ali213_box.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\511C6BAF-309F-478A-8AF9-999A1771832D-alibox\ali213box.dll
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445494145.357770.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\511C6BAF-309F-478A-8AF9-999A1771832D-alibox\*.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\游侠云盒.lnk
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.MEJ..ICDIH
MSCTF.MarshalInterface.FileMap.MEJ.B.ICDIH
MSCTF.MarshalInterface.FileMap.MEJ.C.ICDIH
MSCTF.MarshalInterface.FileMap.MEJ.D.ICDIH
MSCTF.MarshalInterface.FileMap.MEJ.E.ICDIH
MSCTF.MarshalInterface.FileMap.MEJ.F.HFDIH
MSCTF.MarshalInterface.FileMap.MEJ.G.HFDIH
\WINDOWS\system32\zh-cn\ieframe.dll.mui
MSCTF.Shared.SFM.MEJ
Local\C:_Documents and Settings_Administrator_IECompatCache_index.dat_16384
Local\!PrivacIE!SharedMem!Counter
MSCTF.MarshalInterface.FileMap.EMO..MDEKH
\WINDOWS\system32\zh-cn\mshtml.dll.mui
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IECompatCache
Behavior description:修改文件内容
details:C:\DiskD\aliBoxGames\desktop.ini---> Offset = 0
C:\DiskD\aliBoxGames\desktop.ini---> Offset = 148
C:\DiskD\aliBoxGames\desktop.ini---> Offset = 161
C:\DiskD\Program Files\ali213\ali213_box\ico\uninstall.ico---> Offset = 0
C:\Documents and Settings\Administrator\「开始」菜单\程序\游侠软件\游侠云盒\游侠云盒.lnk---> Offset = 0
C:\Documents and Settings\Administrator\桌面\游侠云盒.lnk---> Offset = 0
C:\Documents and Settings\Administrator\「开始」菜单\程序\游侠软件\游侠云盒\卸载.lnk---> Offset = 0
C:\Documents and Settings\Administrator\「开始」菜单\程序\游侠软件\游侠云盒\官方网站.url---> Offset = 0
C:\Documents and Settings\Administrator\「开始」菜单\程序\游侠软件\游侠云盒\官方网站.url---> Offset = 48
C:\Documents and Settings\Administrator\Local Settings\Application Data\ali213box\registry2.db-journal---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\ali213box\registry2.db-journal---> Offset = 516
C:\Documents and Settings\Administrator\Local Settings\Application Data\ali213box\registry2.db---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]---> Offset = 0
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = box.ali213.net, PORT = 80
Behavior description:发送一个已连接的套接字数据
details:SOCKET = 0x000002a4, TotalSize = 151, Offset = 0, ReadSize = 151.
SOCKET = 0x00000578, TotalSize = 110, Offset = 0, ReadSize = 110.
Behavior description:建立到一个指定的套接字连接
details:110.110.110.110:80
127.0.0.1:1035
Behavior description:打开HTTP请求
details:HttpOpenRequestA: box.ali213.net:80/game-box/tj.html, hConnect = 0x00000434
Behavior description:按名称获取主机地址
details:api.ali213.net
nui8gcldcwwm9aujb3bb.5mz8cfvwxevxz4tf0pyp.com
box.ali213.net
f09er35s9ur4zpzxh1da.2yoje9871xlsls8e0th5.com
127.0.0.1
router.bittorrent.com
router.utorrent.com
router.bitcomet.com
box.update.ali213.net
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\511C6BAF-309F-478A-8AF9-999A1771832D-alibox\ali213_box.exe
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
\REGISTRY\USER\S-*\Software\ali213\ali213_box\Name
\REGISTRY\USER\S-*\Software\ali213\ali213_box\Version
\REGISTRY\USER\S-*\Software\ali213\ali213_box\ExePath
\REGISTRY\USER\S-*\Software\ali213\ali213_box\InstallExePath
\REGISTRY\USER\S-*\Software\ali213\ali213_box\Path
\REGISTRY\USER\S-*\Software\ali213\ali213_box\InstallPath
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\App Paths\ali213_box.exe\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Uninstall\ali213_box\DisplayName
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Uninstall\ali213_box\DisplayIcon
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Uninstall\ali213_box\DisplayVersion
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Uninstall\ali213_box\InstallLocation
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Uninstall\ali213_box\UninstallString
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW
Behavior description:修改注册表_URL协议关联
details:\REGISTRY\USER\S-*_CLASSES\alibox\URL Protocol
Behavior description:删除注册表键值_IE连接设置
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\DWFileTreeRoot
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [shell embedding,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
Behavior description:打开HTTP连接
details:Mozilla/4.0
Behavior description:窗口信息
details:Pid = 2372, Hwnd=0x202a6, Text = 正在准备下载游戏......, ClassName = AAU_FORM[TID:2380].
Pid = 3776, Hwnd=0x302dc, Text = 游侠云盒, ClassName = FRM_ALI213BOX_MAIN[TID:3780].
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
oleacc-msaa-loaded
MSCTF.Shared.MUTEX.ELH
{A79F2403-D111-48EE-AF93-06236A292ACB}ALIBOX.mutex
RasPbFile
MSCTF.Shared.MUTEX.MEJ
Behavior description:获取系统权限
details:SE_DEBUG_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号