VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:0c89b294a9765432b08b6039b0a5487a
file type:zip
Production company:
version:
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [ZIP SFX]
Subfile information:upx_c_9f4f6d24dumpFile / c77b505b7fadaee42eb10551f29c9d4f / EXE
upx_c_39e6cdebdumpFile / c77b505b7fadaee42eb10551f29c9d4f / EXE
upx_c_239dc8b2dumpFile / 1b83feaaed457ccf95507e392a71bc32 / EXE
unzip.exe / dfa534dd64d9783ab688e9febc76f1ae / EXE
upx_c_0b62872adumpFile / f550b7c24d6c1db817efb505abb0cf03 / EXE
upx_c_f7681543dumpFile / 970466b0d0268530c042e35d95839528 / EXE
SFXWiz32.exe / e1d56c792050cf0f69e06bc83c810c1f / EXE
funzip.exe / 68efb997950690da34bb3050b7a05d71 / EXE
unzip.txt / 2001e8b5c6f96bf0a1f6b4857e6fcdf1 / Unknown
unzipsfx.exe / ce22a5f128325395b27086c63d107c44 / EXE
SFXWiz32-gcc.exe / a19060dd8e49652ccb6e811fcc304bd3 / EXE
unzipsfx-gcc.exe / f60bc05f504d9ddd7d6009f6e5858287 / EXE
zipinfo.txt / e7561e4a916c74608c20f049b1e0656d / Unknown
README / da4423d413876a54869501e9c393b7c3 / Unknown
unzipsfx.txt / 72bff9c654a51307dfdd852f2eb41289 / Unknown
ziplimit.txt / f9849bb35b21802455681b857742e648 / Unknown
WHERE / a8867601bc0a6fdb9a40ce0f84add7d3 / Unknown
COPYING.OLD / 3d70778ee3df779cfcb095019085b87e / Unknown
funzip.txt / 8e7b2f8424a31b73f903f22cf57b6abc / Unknown
Process behavior
Behavior description:创建本地线程
details:N/A
Behavior description:进程退出
details:N/A
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\README
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\LICENSE
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\COPYING.OLD
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\WHERE
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\unzip.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\unzipsfx.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\funzip.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\zipinfo.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\ziplimit.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\README.NT
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\unzip.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\funzip.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\unzipsfx.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\SFXWiz32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\unzipsfx-gcc.exe
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\unzip.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\funzip.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\unzipsfx.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\SFXWiz32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\unzipsfx-gcc.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\SFXWiz32-gcc.exe
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\README---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\LICENSE---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\COPYING.OLD---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\WHERE---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\unzip.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\unzipsfx.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\funzip.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\zipinfo.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\ziplimit.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\README.NT---> Offset = 0
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1454282297.972130.exe
FileName = README
FileName = LICENSE
FileName = COPYING.OLD
FileName = WHERE
FileName = unzip.txt
FileName = unzipsfx.txt
FileName = funzip.txt
FileName = zipinfo.txt
FileName = ziplimit.txt
FileName = README.NT
FileName = unzip.exe
FileName = funzip.exe
FileName = unzipsfx.exe
FileName = SFXWiz32.exe
Other behavior
Behavior description:可执行文件MD5
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\unzip.exe ---> dfa534dd64d9783ab688e9febc76f1ae
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\funzip.exe ---> 68efb997950690da34bb3050b7a05d71
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\unzipsfx.exe ---> ce22a5f128325395b27086c63d107c44
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\SFXWiz32.exe ---> e1d56c792050cf0f69e06bc83c810c1f
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\unzipsfx-gcc.exe ---> f60bc05f504d9ddd7d6009f6e5858287
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\SFXWiz32-gcc.exe ---> a19060dd8e49652ccb6e811fcc304bd3
Behavior description:可执行文件签名信息
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\unzip.exe(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\funzip.exe(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\unzipsfx.exe(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\SFXWiz32.exe(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\unzipsfx-gcc.exe(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\SFXWiz32-gcc.exe(签名验证: 未通过)
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号