VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:30
Behavior list
Basic Information
MD5:1da31b416246918a40ad0788771ac5e0
file type:EXE
Production company:Microsoft Corporation
version:5.1.2600.5512---5.1.2600.5512 (xpsp.080413-2113)
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 - 8.0 *
Key behavior
Behavior description:跨进程写入数据
details:C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\PersonalBankPortal.exe
C:\%temp%\1445893728.929855.exe
C:\%temp%\1445893728.936839.exe
C:\%temp%\1445893728.943763.exe
Behavior description:创建远程线程
details:C:\WINDOWS\system32\winlogon.exe
Behavior description:关闭系统文件保护
details:N/A
Behavior description:修改注册表_系统防火墙可信进程列表
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\C:\WINDOWS\system32\winlogon.exe
Behavior description:通过内存映射跨进程修改内存
details:TargetProcess = [System Process]
Behavior description:按名称获取主机地址
details:ilo.brenz.pl
ant.trenz.pl
Process behavior
Behavior description:跨进程写入数据
details:C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\PersonalBankPortal.exe
C:\%temp%\1445893728.929855.exe
C:\%temp%\1445893728.936839.exe
C:\%temp%\1445893728.943763.exe
Behavior description:创建远程线程
details:C:\WINDOWS\system32\winlogon.exe
Behavior description:通过内存映射跨进程修改内存
details:TargetProcess = [System Process]
Behavior description:枚举进程
details:N/A
Network behavior
Behavior description:发送一个已连接的套接字数据
details:SOCKET = 0x00000318, TotalSize = 20, Offset = 0, ReadSize = 20.
SOCKET = 0x00000318, TotalSize = 40, Offset = 0, ReadSize = 40.
SOCKET = 0x00000494, TotalSize = 20, Offset = 0, ReadSize = 20.
SOCKET = 0x00000494, TotalSize = 40, Offset = 0, ReadSize = 40.
Behavior description:建立到一个指定的套接字连接
details:219.133.40.1:80
Behavior description:按名称获取主机地址
details:ilo.brenz.pl
ant.trenz.pl
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-*\RefCount
Behavior description:修改注册表_系统防火墙可信进程列表
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\C:\WINDOWS\system32\winlogon.exe
Other behavior
Behavior description:关闭系统文件保护
details:N/A
Behavior description:获取系统权限
details:SE_DEBUG_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 484885, SleepMilliseconds = 10.
TickCount = 484900, SleepMilliseconds = 10.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号