VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 47 AntiVirus Engines!

Main Menu

File information

Safety rating:78

Basic Information
MD5:	1e1b2344806b64adc0929be36aa940c0
file type:	EXE
Production company:
version:
Shell or compiler information:	PACKER:NothingFound

Key behavior
Behavior description:	打开注册表_检测虚拟机相关
details:	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions
Behavior description:	按名称获取主机地址
details:	ya.ru
	www.kolbasa.2ru.name

Process behavior
Behavior description:	枚举进程
details:	N/A

File behavior
Behavior description:	查找文件
details:	FileName = C:\Documents and Settings\*
	FileName = C:\Documents and Settings\Administrator\Application Data\BatMail\.
	FileName = C:\Documents and Settings\Administrator\Application Data\The Bat!\.
	FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\pbk\rasphone.pbk
	FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\pbk\rasphone.pbk
	FileName = C:\Documents and Settings\Administrator\Application Data\Ipswitch\WS_FTP\Sites\*.ini
	FileName = C:\Documents and Settings\Administrator\Application Data\Ipswitch\WS_FTP Home\Sites\*.ini
	FileName = C:\Documents and Settings\All Users\Application Data\Ipswitch\WS_FTP\Sites\*.ini
	FileName = C:\Documents and Settings\All Users\Application Data\Ipswitch\WS_FTP Home\Sites\*.ini
	FileName = C:\Documents and Settings\Administrator\My Documents\*.rdp

Network behavior
Behavior description:	发送一个已连接的套接字数据
details:	SOCKET = 0x00000664, TotalSize = 5937, Offset = 0, ReadSize = 2048.
	SOCKET = 0x00000664, TotalSize = 5937, Offset = 2048, ReadSize = 2048.
	SOCKET = 0x00000664, TotalSize = 5937, Offset = 4096, ReadSize = 1841.
Behavior description:	建立到一个指定的套接字连接
details:	219.133.40.1:80
Behavior description:	按名称获取主机地址
details:	ya.ru
	www.kolbasa.2ru.name

Other behavior
Behavior description:	创建互斥体
details:	FNmzogqWXhHligvECDBZCu
	RasPbFile
	ALLOK
Behavior description:	查找指定窗口
details:	NtUserFindWindowEx: [Class,Window] = [AVP.AlertDialog,]
	NtUserFindWindowEx: [Class,Window] = [AVP.AhAppChangedDialog,]
	NtUserFindWindowEx: [Class,Window] = [AVP.AhLearnDialog,]
	NtUserFindWindowEx: [Class,Window] = [AVP.Product_Notification,]
	NtUserFindWindowEx: [Class,Window] = [AVP.Tray,]
Behavior description:	获取系统权限
details:	SE_DEBUG_PRIVILEGE
Behavior description:	获取TickCount值
details:	TickCount = 485005, SleepMilliseconds = 5.
	TickCount = 485551, SleepMilliseconds = 5.
	TickCount = 485567, SleepMilliseconds = 5.
	TickCount = 485614, SleepMilliseconds = 5.
	TickCount = 485630, SleepMilliseconds = 5.
	TickCount = 485645, SleepMilliseconds = 5.
	TickCount = 485676, SleepMilliseconds = 5.
	TickCount = 485786, SleepMilliseconds = 5.
	TickCount = 485801, SleepMilliseconds = 5.
	TickCount = 485817, SleepMilliseconds = 5.
	TickCount = 485864, SleepMilliseconds = 5.
	TickCount = 485895, SleepMilliseconds = 5.
	TickCount = 485911, SleepMilliseconds = 5.
	TickCount = 485973, SleepMilliseconds = 5.
	TickCount = 487208, SleepMilliseconds = 5.
Behavior description:	打开注册表_检测虚拟机相关
details:	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions
Behavior description:	调用Sleep函数
details:	[1]: MilliSeconds = 600.

Run screenshot