VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:55
Behavior list
Basic Information
MD5:1e049e9927e37aadc83d25d9ccb59629
file type:EXE
Production company:Adobe Systems Incorporated
version:9.5.0.270---9.5.0.270
Shell or compiler information:COMPILER:NothingFound
Key behavior
Behavior description:修改原系统的EXE文件
details:C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\ARPPRODUCTICON.exe---> Offset = 61440
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe---> Offset = 106496
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe---> Offset = 61440
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe---> Offset = 106496
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe---> Offset = 106496
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Temp\sogouexplorerup.exe---> Offset = 565248
C:\Documents and Settings\Administrator\Application Data\SogouPY\SogouExplorer.exe---> Offset = 126976
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\commonf_inst\TXSSOSetup.exe---> Offset = 978944
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\SafeBase\QQSafeUD.exe---> Offset = 28672
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\STemp\SetupEx~0\QQSetupEx.exe---> Offset = 237568
Behavior description:跨进程写入数据
details:C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
Behavior description:设置特殊文件属性
details:C:\WINDOWS\system32\runouce.exe
Behavior description:创建远程线程
details:C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Runonce
Process behavior
Behavior description:跨进程写入数据
details:C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446032395.183392.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446032395.183392.exe
ImagePath = C:\WINDOWS\system32\runouce.exe, CmdLine = C:\WINDOWS\system32\runouce.exe
Behavior description:创建远程线程
details:C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:修改原系统的EXE文件
details:C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\ARPPRODUCTICON.exe---> Offset = 61440
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe---> Offset = 106496
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe---> Offset = 61440
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe---> Offset = 106496
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe---> Offset = 106496
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Temp\sogouexplorerup.exe---> Offset = 565248
C:\Documents and Settings\Administrator\Application Data\SogouPY\SogouExplorer.exe---> Offset = 126976
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\commonf_inst\TXSSOSetup.exe---> Offset = 978944
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\SafeBase\QQSafeUD.exe---> Offset = 28672
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\STemp\SetupEx~0\QQSetupEx.exe---> Offset = 237568
Behavior description:设置特殊文件属性
details:C:\WINDOWS\system32\runouce.exe
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\readme.eml---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\backgroundpage.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\readme.eml---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\backgroundpage.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\readme.eml---> Offset = 14880
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\popup.html---> Offset = 39547
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.1\readme.eml---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.1\backgroundpage.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.share\0.0.0.1\readme.eml---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.share\0.0.0.1\backgroundpage.html---> Offset = 5201
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\readme.eml---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\background.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\readme.eml---> Offset = 14880
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\callback.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\pop.html---> Offset = 12867
Behavior description:查找文件
details:FileName = C:\WINDOWS
FileName = C:\WINDOWS\WinSxS
FileName = C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446032395.491508.exe
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\runouce.exe
FileName = KERNEL32.DLL
FileName = *.*
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\SessionInformation\ProgramCount
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Runonce
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:创建互斥体
details:ChineseHacker-2
Behavior description:枚举窗口
details:N/A
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号