VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:77
Behavior list
Basic Information
MD5:251c1feff8d0226150ed72d9b1dffec2
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation *
Subfile information:PanDownload.exe / 23b1d7fd5f15c695d98bf45fcbefd4da / EXE
演示.gifdumpFile / ddd5e0f0b8200bbe651f4d4c82967afc / Unknown
演示.gif / ddd5e0f0b8200bbe651f4d4c82967afc / Unknown
龙轩导航,一站拥有数年资源网站积累.txt / 0035dce5f8fa551d3ffb5280c20f74ba / Unknown
龙轩导航-做个有用的导航.url / 3fc528e8662d359ab3b5cdf45cfbcc12 / Unknown
Key behavior
Behavior description:查找PE资源信息
details:(FindResourceExExW) hModule = 0x01390000, ResName: 84(ID), ResType: EXE
Behavior description:获取TickCount值
details:TickCount = 767235, SleepMilliseconds = 1.
TickCount = 767719, SleepMilliseconds = 1.
TickCount = 778969, SleepMilliseconds = 1.
TickCount = 778985, SleepMilliseconds = 1.
TickCount = 784985, SleepMilliseconds = 1.
TickCount = 785001, SleepMilliseconds = 1.
File behavior
Behavior description:创建文件
details:C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\[ilxdh.com]PanDownload\PanData\log\20170630053901.log
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\[ilxdh.com]PanDownload\PanData\aria2c.exe
Behavior description:创建可执行文件
details:C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\[ilxdh.com]PanDownload\PanData\aria2c.exe
Behavior description:修改文件内容
details:C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\[ilxdh.com]PanDownload\PanData\log\20170630053901.log ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\[ilxdh.com]PanDownload\PanData\aria2c.exe ---> Offset = 0
Behavior description:查找文件
details:FileName = PanData
FileName = PanData\log
FileName = PanData\log\20170630053901.log
FileName = PanData\temp
FileName = PanData\aria2c.exe
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:PanDownload
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
Behavior description:获取TickCount值
details:TickCount = 767235, SleepMilliseconds = 1.
TickCount = 767719, SleepMilliseconds = 1.
TickCount = 778969, SleepMilliseconds = 1.
TickCount = 778985, SleepMilliseconds = 1.
TickCount = 784985, SleepMilliseconds = 1.
TickCount = 785001, SleepMilliseconds = 1.
Behavior description:窗口信息
details:Pid = 1548, Hwnd=0xb02ca, Text = 本软件仅供学习交流使用,不得用于商业用途!, ClassName = MsgBoxUI.
Behavior description:查找PE资源信息
details:(FindResourceExExW) hModule = 0x01390000, ResName: 84(ID), ResType: EXE
Behavior description:可执行文件签名信息
details:C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\[ilxdh.com]PanDownload\PanData\aria2c.exe(签名验证: 未通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 1.
[2]: MilliSeconds = 1.
[3]: MilliSeconds = 1.
[4]: MilliSeconds = 1.
[5]: MilliSeconds = 1.
[6]: MilliSeconds = 1.
[7]: MilliSeconds = 1.
[8]: MilliSeconds = 1.
[9]: MilliSeconds = 1.
[10]: MilliSeconds = 1.
Behavior description:可执行文件MD5
details:C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\[ilxdh.com]PanDownload\PanData\aria2c.exe ---> 4943ba11f55a2140a95847f09ead2fe6
Behavior description:打开互斥体
details:Local\MSCTF.Asm.MutexDefault1
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号