VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

  Main Menu
VirSCAN  HOME VirSCAN  go Virscan.org VirSCAN  Report VirSCAN  Virus report VirSCAN  Behavior report VirSCAN  Help VirSCAN VirSCAN  Submit Bugs VirSCAN  Contact us
  Powered By
a-squared
a-squared
a-squared
 
File information
Safety rating:30
Behavior list
Basic Information
MD5:1da31b416246918a40ad0788771ac5e0
file type:EXE
Production company:Microsoft Corporation
version:5.1.2600.5512---5.1.2600.5512 (xpsp.080413-2113)
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 - 8.0 *
Key behavior
Behavior description:跨进程写入数据
details:C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\PersonalBankPortal.exe
C:\%temp%\1445893728.929855.exe
C:\%temp%\1445893728.936839.exe
C:\%temp%\1445893728.943763.exe
Behavior description:创建远程线程
details:C:\WINDOWS\system32\winlogon.exe
Behavior description:关闭系统文件保护
details:N/A
Behavior description:修改注册表_系统防火墙可信进程列表
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\C:\WINDOWS\system32\winlogon.exe
Behavior description:通过内存映射跨进程修改内存
details:TargetProcess = [System Process]
Behavior description:按名称获取主机地址
details:ilo.brenz.pl
ant.trenz.pl
Process behavior
Behavior description:跨进程写入数据
details:C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\PersonalBankPortal.exe
C:\%temp%\1445893728.929855.exe
C:\%temp%\1445893728.936839.exe
C:\%temp%\1445893728.943763.exe
Behavior description:创建远程线程
details:C:\WINDOWS\system32\winlogon.exe
Behavior description:通过内存映射跨进程修改内存
details:TargetProcess = [System Process]
Behavior description:枚举进程
details:N/A
Network behavior
Behavior description:发送一个已连接的套接字数据
details:SOCKET = 0x00000318, TotalSize = 20, Offset = 0, ReadSize = 20.
SOCKET = 0x00000318, TotalSize = 40, Offset = 0, ReadSize = 40.
SOCKET = 0x00000494, TotalSize = 20, Offset = 0, ReadSize = 20.
SOCKET = 0x00000494, TotalSize = 40, Offset = 0, ReadSize = 40.
Behavior description:建立到一个指定的套接字连接
details:219.133.40.1:80
Behavior description:按名称获取主机地址
details:ilo.brenz.pl
ant.trenz.pl
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-*\RefCount
Behavior description:修改注册表_系统防火墙可信进程列表
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\C:\WINDOWS\system32\winlogon.exe
Other behavior
Behavior description:关闭系统文件保护
details:N/A
Behavior description:获取系统权限
details:SE_DEBUG_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 484885, SleepMilliseconds = 10.
TickCount = 484900, SleepMilliseconds = 10.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

 pol

京公网安备 11010802020746号