VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:74
Behavior list
Basic Information
MD5:1eb13a41367008f9a7e0b5f6f4f605a6
file type:EXE
Production company:Microsoft Corporation
version:5.1.2600.0---5.1.2600.0 (xpclient.010817-1148)
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 - 8.0 *
Key behavior
Behavior description:修改原系统的EXE文件
details:C:\WINDOWS\regedit.exe---> Offset = 131072
C:\WINDOWS\TASKMAN.EXE---> Offset = 12288
C:\WINDOWS\system32\auditusr.exe---> Offset = 12288
C:\WINDOWS\system32\autochk.exe---> Offset = 0
C:\WINDOWS\system32\bootok.exe---> Offset = 4096
C:\WINDOWS\system32\ca.exe---> Offset = 0
C:\WINDOWS\system32\chkntfs.exe---> Offset = 8192
C:\WINDOWS\system32\CMBPBUninstall.exe---> Offset = 765952
C:\WINDOWS\system32\compact.exe---> Offset = 20480
C:\WINDOWS\system32\doskey.exe---> Offset = 8192
C:\WINDOWS\system32\driverquery.exe---> Offset = 69632
C:\WINDOWS\system32\eventtriggers.exe---> Offset = 94208
C:\WINDOWS\system32\forcedos.exe---> Offset = 8192
C:\WINDOWS\system32\fsquirt.exe---> Offset = 192512
C:\WINDOWS\system32\gpupdate.exe---> Offset = 61440
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:修改原系统的EXE文件
details:C:\WINDOWS\regedit.exe---> Offset = 131072
C:\WINDOWS\TASKMAN.EXE---> Offset = 12288
C:\WINDOWS\system32\auditusr.exe---> Offset = 12288
C:\WINDOWS\system32\autochk.exe---> Offset = 0
C:\WINDOWS\system32\bootok.exe---> Offset = 4096
C:\WINDOWS\system32\ca.exe---> Offset = 0
C:\WINDOWS\system32\chkntfs.exe---> Offset = 8192
C:\WINDOWS\system32\CMBPBUninstall.exe---> Offset = 765952
C:\WINDOWS\system32\compact.exe---> Offset = 20480
C:\WINDOWS\system32\doskey.exe---> Offset = 8192
C:\WINDOWS\system32\driverquery.exe---> Offset = 69632
C:\WINDOWS\system32\eventtriggers.exe---> Offset = 94208
C:\WINDOWS\system32\forcedos.exe---> Offset = 8192
C:\WINDOWS\system32\fsquirt.exe---> Offset = 192512
C:\WINDOWS\system32\gpupdate.exe---> Offset = 61440
Behavior description:查找文件
details:FileName = C:\WINDOWS\*.*
FileName = C:\WINDOWS\Debug\*.*
FileName = C:\WINDOWS\Debug\UserMode\*.*
FileName = C:\WINDOWS\Driver Cache\*.*
FileName = C:\WINDOWS\Help\*.*
FileName = C:\WINDOWS\java\*.*
FileName = C:\WINDOWS\PeerNet\*.*
FileName = C:\WINDOWS\security\*.*
FileName = C:\WINDOWS\security\logs\*.*
FileName = C:\WINDOWS\system32\*.*
FileName = C:\WINDOWS\system32\1025\*.*
FileName = C:\WINDOWS\system32\1031\*.*
FileName = C:\WINDOWS\system32\1037\*.*
FileName = C:\WINDOWS\system32\1054\*.*
FileName = C:\WINDOWS\system32\2052\*.*
Other behavior
Behavior description:样本控制台输出内容
details:N/A
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号