VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:40
Behavior list
Basic Information
MD5:1ceed62671ae93d39358ad3c926c802a
file type:Autoit
Production company:
version:3.3.9.4---3, 3, 9, 4
Shell or compiler information:COMPILER:PE+(64)
Subfile information:AutoItScript / 8e1c641929a06a9fc14a4f32b024ae99 / Unknown
Keygen.exe / 2cc594ff52e5df9a784f3c027242dac6 / EXE
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = "C:\Windows\system32\cmd.exe" /c explorer.exe https://www.2345.com/?21294
Behavior description:创建进程
details:[0x00000ca8]ImagePath = C:\Windows\System32\cmd.exe, CmdLine = "C:\Windows\system32\cmd.exe" /c explorer.exe https://www.2345.com/?21294
[0x000007cc]ImagePath = C:\Windows\System32\VBoxService.exe, CmdLine = C:\Windows\System32\VBoxService.exe guestsession --session-id=5 --session-proto=2 --user Administrator
[0x00000cf4]ImagePath = C:\Windows\explorer.exe, CmdLine = explorer.exe https://www.2345.com/?21294
[0x00000540]ImagePath = C:\Windows\System32\VBoxService.exe, CmdLine = vbox_stat --machinereadable -- C:/StaticAnalyze/%temp%\****.exe.json
Behavior description:创建本地线程
details:ProcessId = 3880, ThreadId = 3580.
ProcessId = 3316, ThreadId = 488.
ProcessId = 3316, ThreadId = 768.
ProcessId = 3436, ThreadId = 1920.
ProcessId = 3436, ThreadId = 2688.
ProcessId = 3436, ThreadId = 1876.
ProcessId = 3436, ThreadId = 3952.
ProcessId = 3900, ThreadId = 3764.
Behavior description:创建新文件进程
details:[0x00000f3c]ImagePath = C:\Users\ADMINI~1\AppData\Local\Temp\Keygen.exe, CmdLine = C:\Users\ADMINI~1\AppData\Local\Temp\Keygen.exe
[0x000007c0]ImagePath = C:\Users\ADMINI~1\AppData\Local\Temp\KeygenSrv.exe, CmdLine = C:\Users\ADMINI~1\AppData\Local\Temp\KeygenSrv.exe
File behavior
Behavior description:创建文件
details:C:\Users\Administrator\AppData\Local\Temp\aut6FFA.tmp
C:\Users\Administrator\AppData\Local\Temp\Keygen.exe
C:\Users\Administrator\AppData\Local\Temp\KeygenSrv.exe
C:\Program Files (x86)\Microsoft\px79CE.tmp
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
Behavior description:创建可执行文件
details:C:\Users\Administrator\AppData\Local\Temp\aut6FFA.tmp
C:\Users\Administrator\AppData\Local\Temp\Keygen.exe
C:\Users\Administrator\AppData\Local\Temp\KeygenSrv.exe
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
Behavior description:覆盖已有文件
details:C:\Users\Administrator\AppData\Local\Temp\aut6FFA.tmp
C:\Program Files (x86)\Microsoft\px79CE.tmp
Behavior description:查找文件
details:FileName = C:\Users
FileName = C:\Users\Administrator\AppData
FileName = C:\Users\Administrator\AppData\Local
FileName = C:\Users\Administrator\AppData\Local\Temp
FileName = C:\Users\Administrator\AppData\Local\%temp%
FileName = C:\Users\Administrator\AppData\Local\%temp%\****.exe
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\Keygen.exe
FileName = C:\Users\ADMINI~1
FileName = C:\Users\ADMINI~1\AppData
FileName = C:\Users\ADMINI~1\AppData\Local
FileName = C:\Users\ADMINI~1\AppData\Local\Temp
FileName = C:\Users\Administrator
FileName = C:\Users\Administrator\AppData\Local\%temp%\explorer.exe
FileName = C:\Users\Administrator\AppData\Local\%temp%\explorer.exe.*
FileName = C:\ProgramData\Oracle\Java\javapath\explorer.exe
Behavior description:删除文件
details:C:\Users\Administrator\AppData\Local\Temp\aut6FFA.tmp
C:\Program Files (x86)\Microsoft\px79CE.tmp
Behavior description:复制文件
details:C:\Users\ADMINI~1\AppData\Local\Temp\aut6FFA.tmp ---> C:\Users\ADMINI~1\AppData\Local\Temp\Keygen.exe
C:\Users\ADMINI~1\AppData\Local\Temp\KeygenSrv.exe ---> C:\Program Files (x86)\Microsoft\DesktopLayer.exe
Behavior description:修改文件内容
details:C:\Users\Administrator\AppData\Local\Temp\aut6FFA.tmp ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\aut6FFA.tmp ---> Offset = 65536
C:\Users\Administrator\AppData\Local\Temp\aut6FFA.tmp ---> Offset = 131072
C:\Users\Administrator\AppData\Local\Temp\aut6FFA.tmp ---> Offset = 196608
C:\Users\Administrator\AppData\Local\Temp\aut6FFA.tmp ---> Offset = 262144
C:\Users\Administrator\AppData\Local\Temp\Keygen.exe ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\Keygen.exe ---> Offset = 262144
C:\Users\Administrator\AppData\Local\Temp\Keygen.exe ---> Offset = 524288
C:\Users\Administrator\AppData\Local\Temp\Keygen.exe ---> Offset = 786432
C:\Users\Administrator\AppData\Local\Temp\Keygen.exe ---> Offset = 1048576
C:\Users\Administrator\AppData\Local\Temp\KeygenSrv.exe ---> Offset = 0
C:\Program Files (x86)\Microsoft\DesktopLayer.exe ---> Offset = 0
C:\Program Files (x86)\Microsoft\DesktopLayer.exe ---> Offset = 4096
C:\Program Files (x86)\Microsoft\DesktopLayer.exe ---> Offset = 8192
C:\Program Files (x86)\Microsoft\DesktopLayer.exe ---> Offset = 12288
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:KyUffThOkYwRRtgPP
Global\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwWriterMutex
Global\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:iconcache_16.db!dfMaintainer
Global\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:iconcache_32.db!dfMaintainer
Global\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:iconcache_48.db!dfMaintainer
Global\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:iconcache_96.db!dfMaintainer
Global\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:iconcache_256.db!dfMaintainer
Global\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:iconcache_768.db!dfMaintainer
Global\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:iconcache_1280.db!dfMaintainer
Global\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:iconcache_1920.db!dfMaintainer
Global\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:iconcache_2560.db!dfMaintainer
Global\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:iconcache_sr.db!dfMaintainer
Global\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:iconcache_wide.db!dfMaintainer
Global\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:iconcache_exif.db!dfMaintainer
Global\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:iconcache_wide_alternate.db!dfMaintainer
Behavior description:隐藏指定窗口
details:[Window,Class] = [AutoIt v3,AutoIt v3]
[Window,Class] = [,ComboLBox]
Behavior description:查找指定窗口
details:FindWindowW: [Class,Window] = [Shell_TrayWnd,]
Behavior description:窗口信息
details:Pid = 3900, Hwnd=0xf023a, Text = Generate, ClassName = TsButton.
Pid = 3900, Hwnd=0x8022a, Text = Select a product or press Generate..., ClassName = TsMemo.
Pid = 3900, Hwnd=0xa015e, Text = Document Manager 1.2, ClassName = TsComboBox.
Pid = 3900, Hwnd=0xa0260, Text = WonderFox Products Keygen 1.1, ClassName = TMainForm.
Behavior description:获取光标位置
details:CursorPos = (156,18470), SleepMilliseconds = 20.
CursorPos = (6449,26503), SleepMilliseconds = 20.
CursorPos = (19284,15727), SleepMilliseconds = 20.
CursorPos = (11593,29361), SleepMilliseconds = 20.
CursorPos = (27077,24467), SleepMilliseconds = 20.
CursorPos = (5820,28148), SleepMilliseconds = 20.
CursorPos = (23396,16830), SleepMilliseconds = 20.
CursorPos = (10076,494), SleepMilliseconds = 20.
CursorPos = (3110,11945), SleepMilliseconds = 20.
CursorPos = (4942,5439), SleepMilliseconds = 20.
CursorPos = (32506,14607), SleepMilliseconds = 20.
CursorPos = (4017,156), SleepMilliseconds = 20.
CursorPos = (407,12385), SleepMilliseconds = 20.
CursorPos = (17536,18719), SleepMilliseconds = 20.
CursorPos = (19833,19898), SleepMilliseconds = 20.
Behavior description:打开事件
details:\KernelObjects\MaximumCommitCondition
MSFT.VSA.COM.DISABLE.3316
MSFT.VSA.IEC.STATUS.6c736db0
MSFT.VSA.COM.DISABLE.3436
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Behavior description:可执行文件签名信息
details:C:\Users\Administrator\AppData\Local\Temp\aut6FFA.tmp(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\Keygen.exe(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\KeygenSrv.exe(签名验证: 未通过)
C:\Program Files (x86)\Microsoft\DesktopLayer.exe(签名验证: 未通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 20.
Behavior description:创建事件对象
details:EventName = Global\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwWriterEvent
Behavior description:可执行文件MD5
details:C:\Users\Administrator\AppData\Local\Temp\aut6FFA.tmp ---> 2cc594ff52e5df9a784f3c027242dac6
C:\Users\Administrator\AppData\Local\Temp\Keygen.exe ---> 2cc594ff52e5df9a784f3c027242dac6
C:\Users\Administrator\AppData\Local\Temp\KeygenSrv.exe ---> ff5e1f27193ce51eec318714ef038bef
C:\Program Files (x86)\Microsoft\DesktopLayer.exe ---> ff5e1f27193ce51eec318714ef038bef
Behavior description:打开互斥体
details:Local\ShimViewer
Local\MSCTF.Asm.MutexDefault1S-1-5-21-1170589654-2814428265-349930785-500
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault1
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号