VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:60
Behavior list
Basic Information
MD5:13cb2f2905b83e71b1833be2557d439c
file type:EXE
Production company:
version:1.0.0.0---1.0.0.0
Shell or compiler information:PACKER:PolyEnE 0.01+ by Lennart Hedlund *
Key behavior
Behavior description:直接获取CPU时钟
details:EAX = 0xf1df10dd, EDX = 0x000000b7
EAX = 0xf1df1129, EDX = 0x000000b7
EAX = 0xf1df1175, EDX = 0x000000b7
EAX = 0xf1df11c1, EDX = 0x000000b7
EAX = 0xf1df120d, EDX = 0x000000b7
EAX = 0xf1df1259, EDX = 0x000000b7
EAX = 0xf1df12a5, EDX = 0x000000b7
EAX = 0xf1df12f1, EDX = 0x000000b7
EAX = 0xf1df133d, EDX = 0x000000b7
EAX = 0xf1df1389, EDX = 0x000000b7
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00010fac, DC = 0x01010055.
Foreground window Info: HWND = 0x00010fb4, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010daa, DC = 0x01010057.
Foreground window Info: HWND = 0x00010bb6, DC = 0x0a010375.
Foreground window Info: HWND = 0x00010bae, DC = 0x01010055.
Foreground window Info: HWND = 0x000109d6, DC = 0x01010055.
Process behavior
Behavior description:创建进程
details:[0x00000b4c]ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 myts10.dll -s
[0x00000b74]ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 myts10 -s
[0x00000b80]ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 myts10 -s
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2660, ThreadID = 2848, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2660, ThreadID = 2852, StartAddress = 719CD33A, Parameter = 01E1C100
TargetProcess: regsvr32.exe, InheritedFromPID = 2660, ProcessID = 2892, ThreadID = 2900, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: regsvr32.exe, InheritedFromPID = 2660, ProcessID = 2932, ThreadID = 2940, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: regsvr32.exe, InheritedFromPID = 2660, ProcessID = 2944, ThreadID = 2952, StartAddress = 77DC845A, Parameter = 00000000
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\myts10.dll
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\myts10.dll
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\myts10.dll ---> Offset = 0
Behavior description:查找文件
details:FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\regsvr32.exe
Network behavior
Behavior description:建立到一个指定的套接字连接
details:IP: **.115.138.**:19730, SOCKET = 0x000001a0
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.IGK
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = MSCTF.SendReceiveConection.Event.IGK.IC
EventName = MSCTF.SendReceive.Event.IGK.IC
Behavior description:打开互斥体
details:ShimCacheMutex
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:窗口信息
details:Pid = 2660, Hwnd=0x10d18, Text = ×, ClassName = Button.
Pid = 2660, Hwnd=0x10d4a, Text = ×, ClassName = Button.
Pid = 2660, Hwnd=0x10b5a, Text = 清空所有角色信息(双击), ClassName = Button.
Pid = 2660, Hwnd=0x10b58, Text = 保存所有角色信息(双击), ClassName = Button.
Pid = 2660, Hwnd=0x10b56, Text = 替换, ClassName = Button.
Pid = 2660, Hwnd=0x10b54, Text = 替换, ClassName = Button.
Pid = 2660, Hwnd=0x10b52, Text = 替换, ClassName = Button.
Pid = 2660, Hwnd=0x10b50, Text = 替换, ClassName = Button.
Pid = 2660, Hwnd=0x10b4e, Text = 替换, ClassName = Button.
Pid = 2660, Hwnd=0x10b4c, Text = 替换, ClassName = Button.
Pid = 2660, Hwnd=0x10b4a, Text = 替换, ClassName = Button.
Pid = 2660, Hwnd=0x10b48, Text = 替换, ClassName = Button.
Pid = 2660, Hwnd=0x10b46, Text = 替换, ClassName = Button.
Pid = 2660, Hwnd=0x10b44, Text = 替换, ClassName = Button.
Pid = 2660, Hwnd=0x10b42, Text = 替换, ClassName = Button.
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00010fac, DC = 0x01010055.
Foreground window Info: HWND = 0x00010fb4, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010daa, DC = 0x01010057.
Foreground window Info: HWND = 0x00010bb6, DC = 0x0a010375.
Foreground window Info: HWND = 0x00010bae, DC = 0x01010055.
Foreground window Info: HWND = 0x000109d6, DC = 0x01010055.
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\myts10.dll(签名验证: 未通过)
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Button]
[Window,Class] = [×,Afx:400000:b:10011:1900015:0]
[Window,Class] = [,Afx:400000:8:10011:1900015:0]
[Window,Class] = [游戏响动,Button]
[Window,Class] = [未出意外,Button]
[Window,Class] = [使用以下物品,Button]
[Window,Class] = [心魔宝珠,Afx:400000:b:10011:1900015:0]
[Window,Class] = [回梦丹,Afx:400000:b:10011:1900015:0]
[Window,Class] = [银币,Afx:400000:b:10011:1900015:0]
[Window,Class] = [队长礼盒,Afx:400000:b:10011:1900015:0]
[Window,Class] = [宝石箱子,Afx:400000:b:10011:1900015:0]
[Window,Class] = [白银先合并\使用黄金宝箱,Afx:400000:b:10011:1900015:0]
[Window,Class] = [修炼果,Afx:400000:b:10011:1900015:0]
[Window,Class] = [九转金丹,Afx:400000:b:10011:1900015:0]
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\myts10.dll ---> 30433355a5527a860c8a2185d240711f
Behavior description:直接获取CPU时钟
details:EAX = 0xf1df10dd, EDX = 0x000000b7
EAX = 0xf1df1129, EDX = 0x000000b7
EAX = 0xf1df1175, EDX = 0x000000b7
EAX = 0xf1df11c1, EDX = 0x000000b7
EAX = 0xf1df120d, EDX = 0x000000b7
EAX = 0xf1df1259, EDX = 0x000000b7
EAX = 0xf1df12a5, EDX = 0x000000b7
EAX = 0xf1df12f1, EDX = 0x000000b7
EAX = 0xf1df133d, EDX = 0x000000b7
EAX = 0xf1df1389, EDX = 0x000000b7
Behavior description:加载新释放的文件
details:Image: C:\Documents and Settings\Administrator\Local Settings\%temp%\myts10.dll.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号