VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:76
Behavior list
Basic Information
MD5:2e0b0fe16c0fb238b05d1abae2127332
file type:EXE
Production company:
version:6.8.0.0---6.08
Shell or compiler information:COMPILER:Microsoft Visual Basic 5.0 / 6.0
Key behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:设置消息钩子
details:c:\%temp%\1422465074.711394.exe
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
DfSharedHeap62BA8
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF2BAC.tmp
DfRoot000062BA8
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\!PrivacIE!SharedMem!Counter
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.MNJ..BIJFF
MSCTF.MarshalInterface.FileMap.MNJ.B.OPJFF
MSCTF.MarshalInterface.FileMap.MNJ.C.OPJFF
MSCTF.MarshalInterface.FileMap.MNJ.D.OPJFF
MSCTF.MarshalInterface.FileMap.MNJ.E.OPJFF
MSCTF.MarshalInterface.FileMap.MNJ.F.OPJFF
MSCTF.MarshalInterface.FileMap.MNJ.G.OPJFF
MSCTF.MarshalInterface.FileMap.MNJ.H.OPJFF
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\monitor\WKSet.ini---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\navcancl[1]---> Offset = 0
C:\monitor\WKSet.ini---> Offset = 19
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\dnserrordiagoff_webOC[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\errorPageStrings[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[3]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[2]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\info_48[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\down[2]---> Offset = 0
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = yulv.net, PORT = 80
Behavior description:建立到一个指定的套接字连接
details:127.0.0.1:1032
Behavior description:打开HTTP请求
details:HttpOpenRequestA: yulv.net:80/wkad.html, hConnect = 0x00000428
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Behavior description:删除注册表键值_IE连接设置
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.MNJ
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Warcraft III,Warcraft III]
NtUserFindWindowEx: [Class,Window] = [Warcraft III,]
NtUserFindWindowEx: [Class,Window] = [Black Warcraft III,]
NtUserFindWindowEx: [Class,Window] = [,Warcraft III]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 2520, Hwnd=0x1035a, Text = 开始改键, ClassName = ThunderRT6CommandButton.
Pid = 2520, Hwnd=0x103be, Text = Alt + 6, ClassName = ThunderRT6OptionButton.
Pid = 2520, Hwnd=0x103c0, Text = Alt + 5, ClassName = ThunderRT6OptionButton.
Pid = 2520, Hwnd=0x103c4, Text = Alt + 7, ClassName = ThunderRT6OptionButton.
Pid = 2520, Hwnd=0x103c6, Text = Alt + 4, ClassName = ThunderRT6OptionButton.
Pid = 2520, Hwnd=0x103ca, Text = Alt + 8, ClassName = ThunderRT6OptionButton.
Pid = 2520, Hwnd=0x103cc, Text = Alt + 3, ClassName = ThunderRT6OptionButton.
Pid = 2520, Hwnd=0x103d0, Text = Alt + 2, ClassName = ThunderRT6OptionButton.
Pid = 2520, Hwnd=0x103d2, Text = Alt + 9, ClassName = ThunderRT6OptionButton.
Pid = 2520, Hwnd=0x103ea, Text = Alt + 0, ClassName = ThunderRT6OptionButton.
Pid = 2520, Hwnd=0x103ec, Text = Alt + 1, ClassName = ThunderRT6OptionButton.
Pid = 2520, Hwnd=0x10444, Text = 隐藏(&H), ClassName = ThunderRT6CommandButton.
Pid = 2520, Hwnd=0x10446, Text = 退出(&X), ClassName = ThunderRT6CommandButton.
Pid = 2520, Hwnd=0x10460, Text = Num7, ClassName = ThunderRT6TextBox.
Pid = 2520, Hwnd=0x10462, Text = Num8, ClassName = ThunderRT6TextBox.
Behavior description:获取系统权限
details:SE_DEBUG_PRIVILEGE
SE_INC_BASE_PRIORITY_PRIVILEGE
Behavior description:设置消息钩子
details:c:\%temp%\1422465074.711394.exe
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号