VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:77
Behavior list
Basic Information
MD5:12174bccf3b599936a6c7b63947af79d
file type:Rar
Production company:
version:
Shell or compiler information:PACKER:UPolyX v0.5
Subfile information:合同付款协议函.exe / bc1ecc97a5c4909e1d2cc215fdb526c8 / EXE
Key behavior
Behavior description:直接调用系统关键API
details:Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x0113946B
Behavior description:直接获取CPU时钟
details:EAX = 0xfe9c064f, EDX = 0x000000bf
Behavior description:获取TickCount值
details:TickCount = 231546, SleepMilliseconds = 1000.
TickCount = 231578, SleepMilliseconds = 1000.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: 合同付款协议函.exe, InheritedFromPID = 2000, ProcessID = 2716, ThreadID = 2752, StartAddress = 010DF070, Parameter = 00000000
TargetProcess: 合同付款协议函.exe, InheritedFromPID = 2000, ProcessID = 2716, ThreadID = 2756, StartAddress = 010DF080, Parameter = 00000048
Other behavior
Behavior description:直接调用系统关键API
details:Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x0113946B
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:3D21E658-B095-441a-8FE9-6C10952714C7
RasPbFile
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
Behavior description:直接获取CPU时钟
details:EAX = 0xfe9c064f, EDX = 0x000000bf
Behavior description:获取TickCount值
details:TickCount = 231546, SleepMilliseconds = 1000.
TickCount = 231578, SleepMilliseconds = 1000.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 1000.
[2]: MilliSeconds = 1000.
[3]: MilliSeconds = 1000.
[4]: MilliSeconds = 1000.
[5]: MilliSeconds = 1000.
[6]: MilliSeconds = 1000.
[7]: MilliSeconds = 1000.
[8]: MilliSeconds = 1000.
[9]: MilliSeconds = 1000.
[10]: MilliSeconds = 1000.
Behavior description:打开互斥体
details:DBWinMutex
RasPbFile
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号