VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:77
Behavior list
Basic Information
MD5:1e1c40198e22972fba29c1231faf133e
file type:EXE
Production company:RealNetworks, Inc.
version:2.4.153.0---2.4.153
Shell or compiler information:PACKER:UPX V2.00-V3.00 -> Markus Oberhumer & Laszlo Molnar & John Reiser [Overlay] *
Subfile information:upx30_bc41add6dumpFile / 361ba069d3e143bd5571b178a5bfa750 / EXE
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\!PrivacIE!SharedMem!Counter
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.IEF..HFDIH
\WINDOWS\system32\zh-cn\mshtml.dll.mui
MSCTF.MarshalInterface.FileMap.IEF.B.DMBHH
MSCTF.MarshalInterface.FileMap.IEF.C.DMBHH
MSCTF.MarshalInterface.FileMap.IEF.D.DMBHH
MSCTF.MarshalInterface.FileMap.IEF.E.DMBHH
MSCTF.MarshalInterface.FileMap.IEF.F.DMBHH
MSCTF.MarshalInterface.FileMap.IEF.G.DMBHH
MSCTF.MarshalInterface.FileMap.IEF.H.DMBHH
MSCTF.MarshalInterface.FileMap.IEF.I.DMBHH
MSCTF.MarshalInterface.FileMap.IEF.J.CNBHH
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a4, Text = Error - Golden Age of Racing, ClassName = #32770.
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:按名称获取主机地址
details:d.trymedia.com
Behavior description:修改注册表_启动项
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Run\b5e72c2b3248734b660e9c4f831d5345
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\!PrivacIE!SharedMem!Counter
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.IEF..HFDIH
\WINDOWS\system32\zh-cn\mshtml.dll.mui
MSCTF.MarshalInterface.FileMap.IEF.B.DMBHH
MSCTF.MarshalInterface.FileMap.IEF.C.DMBHH
MSCTF.MarshalInterface.FileMap.IEF.D.DMBHH
MSCTF.MarshalInterface.FileMap.IEF.E.DMBHH
MSCTF.MarshalInterface.FileMap.IEF.F.DMBHH
MSCTF.MarshalInterface.FileMap.IEF.G.DMBHH
MSCTF.MarshalInterface.FileMap.IEF.H.DMBHH
MSCTF.MarshalInterface.FileMap.IEF.I.DMBHH
MSCTF.MarshalInterface.FileMap.IEF.J.CNBHH
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\dm[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\language[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\background[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\dm_bar_up[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\dm_bar_left[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\dm_bar_right[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\dm_bar_down[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\pause[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\cancel[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\trans[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\line[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\downloading_icon[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\resume[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\paused_icon[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\error_icon[1]---> Offset = 0
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446059633.285739.exe
FileName = C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015082520150826\*.*
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = d.trymedia.com, PORT = 80
Behavior description:联网打开网址
details:InternetOpenUrlA: http://d.trymedia.com/dd/midas/60m5p_d/dfg2_com/GoldenAgeRacingSetup.exe hInternet = 0x000005b8
InternetOpenUrlA: http://d.trymedia.com/dd/midas/60m5p_d/dfg2_com/GoldenAgeRacingSetup.exe hInternet = 0x00000514
InternetOpenUrlA: http://d.trymedia.com/dd/midas/60m5p_d/dfg2_com/GoldenAgeRacingSetup.exe hInternet = 0x000004a0
InternetOpenUrlA: http://d.trymedia.com/dd/midas/60m5p_d/dfg2_com/GoldenAgeRacingSetup.exe hInternet = 0x0000049c
InternetOpenUrlA: http://d.trymedia.com/dd/midas/60m5p_d/dfg2_com/GoldenAgeRacingSetup.exe hInternet = 0x000004ac
InternetOpenUrlA: http://d.trymedia.com/dd/midas/60m5p_d/dfg2_com/GoldenAgeRacingSetup.exe hInternet = 0x00000614
InternetOpenUrlA: http://d.trymedia.com/dd/midas/60m5p_d/dfg2_com/GoldenAgeRacingSetup.exe hInternet = 0x000004b0
InternetOpenUrlA: http://d.trymedia.com/dd/midas/60m5p_d/dfg2_com/GoldenAgeRacingSetup.exe hInternet = 0x00000498
InternetOpenUrlA: http://d.trymedia.com/dd/midas/60m5p_d/dfg2_com/GoldenAgeRacingSetup.exe hInternet = 0x000005f8
InternetOpenUrlA: http://d.trymedia.com/dd/midas/60m5p_d/dfg2_com/GoldenAgeRacingSetup.exe hInternet = 0x00000494
InternetOpenUrlA: http://d.trymedia.com/dd/midas/60m5p_d/dfg2_com/GoldenAgeRacingSetup.exe hInternet = 0x000004a4
InternetOpenUrlA: http://d.trymedia.com/dd/midas/60m5p_d/dfg2_com/GoldenAgeRacingSetup.exe hInternet = 0x00000490
InternetOpenUrlA: http://d.trymedia.com/dd/midas/60m5p_d/dfg2_com/GoldenAgeRacingSetup.exe hInternet = 0x00000478
InternetOpenUrlA: http://d.trymedia.com/dd/midas/60m5p_d/dfg2_com/GoldenAgeRacingSetup.exe hInternet = 0x00000560
InternetOpenUrlA: http://d.trymedia.com/dd/midas/60m5p_d/dfg2_com/GoldenAgeRacingSetup.exe hInternet = 0x00000470
Behavior description:读取网络文件
details:hFile = 0x000005b8, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000514, BytesToRead =1024, BytesRead = 1024.
hFile = 0x000004a0, BytesToRead =1024, BytesRead = 1024.
hFile = 0x0000049c, BytesToRead =1024, BytesRead = 1024.
hFile = 0x000004ac, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000614, BytesToRead =1024, BytesRead = 1024.
hFile = 0x000004b0, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000498, BytesToRead =1024, BytesRead = 1024.
hFile = 0x000005f8, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000494, BytesToRead =1024, BytesRead = 1024.
hFile = 0x000004a4, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000490, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000478, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000560, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000470, BytesToRead =1024, BytesRead = 1024.
Behavior description:按名称获取主机地址
details:d.trymedia.com
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\International\CpMRU\Enable
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\International\CpMRU\Size
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\International\CpMRU\Factor
Behavior description:修改注册表_启动项
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Run\b5e72c2b3248734b660e9c4f831d5345
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Golden Age of Racing
Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
MSCTF.Shared.MUTEX.ELH
MSIMGSIZECacheMutex
MSCTF.Shared.MUTEX.IEF
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取TickCount值
details:TickCount = 490984, SleepMilliseconds = 5000.
TickCount = 491000, SleepMilliseconds = 5000.
TickCount = 491046, SleepMilliseconds = 5000.
TickCount = 491156, SleepMilliseconds = 5000.
TickCount = 491171, SleepMilliseconds = 5000.
TickCount = 491187, SleepMilliseconds = 5000.
TickCount = 491203, SleepMilliseconds = 5000.
TickCount = 491218, SleepMilliseconds = 5000.
TickCount = 491250, SleepMilliseconds = 5000.
TickCount = 491265, SleepMilliseconds = 5000.
TickCount = 491375, SleepMilliseconds = 5000.
TickCount = 491531, SleepMilliseconds = 5000.
TickCount = 491578, SleepMilliseconds = 5000.
TickCount = 491593, SleepMilliseconds = 5000.
TickCount = 487093, SleepMilliseconds = 500.
Behavior description:获取光标位置
details:CursorPos = (106,18467), SleepMilliseconds = 5000.
CursorPos = (6399,26500), SleepMilliseconds = 5000.
CursorPos = (19234,15724), SleepMilliseconds = 5000.
CursorPos = (11543,29358), SleepMilliseconds = 5000.
CursorPos = (27027,24464), SleepMilliseconds = 5000.
CursorPos = (5770,28145), SleepMilliseconds = 5000.
CursorPos = (23346,16827), SleepMilliseconds = 5000.
CursorPos = (10026,491), SleepMilliseconds = 5000.
CursorPos = (3060,11942), SleepMilliseconds = 5000.
CursorPos = (4892,5436), SleepMilliseconds = 5000.
CursorPos = (32456,14604), SleepMilliseconds = 5000.
CursorPos = (3967,153), SleepMilliseconds = 5000.
CursorPos = (357,12382), SleepMilliseconds = 5000.
CursorPos = (17486,18716), SleepMilliseconds = 5000.
CursorPos = (19783,19895), SleepMilliseconds = 5000.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a4, Text = Error - Golden Age of Racing, ClassName = #32770.
Behavior description:窗口信息
details:Pid = 1372, Hwnd=0x202a4, Text = Error - Golden Age of Racing, ClassName = #32770.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 5000.
[2]: MilliSeconds = 5000.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 5000.
[5]: MilliSeconds = 5000.
[6]: MilliSeconds = 5000.
[7]: MilliSeconds = 5000.
[8]: MilliSeconds = 5000.
[9]: MilliSeconds = 5000.
[10]: MilliSeconds = 5000.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号