VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:55
Behavior list
Basic Information
MD5:302d2d5b871fbecdfccefac01c271918
file type:Nsis
Production company:
version:
Shell or compiler information:
Subfile information:$[34] / big file / EXE
dl.dll / ebe2006294dddc16761ad3f206ebca92 / DLL
lmod.dll / 5a650c9f3d9138a3eaceec25e23be0f6 / DLL
BDMSkin.dll / 1fdae115515799f41a07f2534045f506 / DLL
BDMNet.dll / c7a70450697d6b8ff4c789235fe94025 / DLL
BDMReport.dll / 129d43f0c3aa4541fabd25121469b4ce / DLL
BDMSDWrench.dll / b6ac0cc57a225ec73c391a8e84e10ac2 / DLL
BDMNetGetInfo.dll / 581d31cb00e9c0eb2667c17441604975 / DLL
AladdinInstallHelper.dll / 6c7e4e009af57357c3b73933d393a62b / DLL
BDMYinD.dll / 5c1f4243fa3a372aa559d5df9799f385 / DLL
kmod.tmp / 4e34dac657d26e8534773275ad3bb215 / DLL
AladdinWnd.zip / b957c3d5bc1edef8784ca95a196adc9b / Unknown
setup.ico / 99b3489bed4f63db7f1206d3327b601e / Unknown
logo.png / 1d935d5c5c81ce71889961c375095a59 / Unknown
[NSIS].nsi / be18854dfb1663122309515b5be21b53 / Unknown
task.xml / f96dfc0bd7cb68704d0b636e001fabdf / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MHB..PBHIH
MSCTF.MarshalInterface.FileMap.MHB.B.PDHIH
MSCTF.MarshalInterface.FileMap.MHB.C.PDHIH
MSCTF.MarshalInterface.FileMap.MHB.D.PDHIH
MSCTF.MarshalInterface.FileMap.MHB.E.OEHIH
MSCTF.MarshalInterface.FileMap.MHB.F.OFHIH
MSCTF.MarshalInterface.FileMap.MHB.G.OFHIH
MSCTF.Shared.SFM.MHB
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [AladinDemo Setup: Installing,#32770]
Behavior description:按名称获取主机地址
details:p.x.baidu.com
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MHB..PBHIH
MSCTF.MarshalInterface.FileMap.MHB.B.PDHIH
MSCTF.MarshalInterface.FileMap.MHB.C.PDHIH
MSCTF.MarshalInterface.FileMap.MHB.D.PDHIH
MSCTF.MarshalInterface.FileMap.MHB.E.OEHIH
MSCTF.MarshalInterface.FileMap.MHB.F.OFHIH
MSCTF.MarshalInterface.FileMap.MHB.G.OFHIH
MSCTF.Shared.SFM.MHB
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\BDMSkin.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\BDMYinD.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\dl.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\BDMNet.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\BDMReport.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\BDMNetGetInfo.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\kmod.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\lmod.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\AladdinInstallHelper.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\BDMSDWrench.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2015102214481.269\feige2015_for_Windows_V5.1.150724.1438164797.exe
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\AladdinWnd.zip---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\task.xml---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\logo.png---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\setup.ico---> Offset = 16384
C:\Documents and Settings\All Users\Application Data\Baidu\Common\Global.db---> Offset = 20
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp
FileName = C:\Documents and Settings\All Users\Application Data\Baidu\Common
FileName = C:\
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Application Data
FileName = C:\Documents and Settings\All Users\Application Data\Baidu
FileName = C:\Documents and Settings\Administrator\Application Data\Baidu\Common
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Application Data
Network behavior
Behavior description:发送一个已连接的套接字数据
details:SOCKET = 0x0000068c, TotalSize = 235, Offset = 0, ReadSize = 235.
Behavior description:建立到一个指定的套接字连接
details:219.133.40.1:80
Behavior description:按名称获取主机地址
details:p.x.baidu.com
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MHB
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [AladinDemo Setup: Installing,#32770]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 712, Hwnd=0x3015a, Text = < &Back, ClassName = Button.
Pid = 712, Hwnd=0x702a4, Text = &Close, ClassName = Button.
Pid = 712, Hwnd=0x202a6, Text = Cancel, ClassName = Button.
Pid = 712, Hwnd=0x202b4, Text = Nullsoft Install System (Unicode) v2.46.5-Unicode, ClassName = Static.
Pid = 712, Hwnd=0x302bc, Text = Completed, ClassName = Static.
Pid = 712, Hwnd=0x202d8, Text = Show &details, ClassName = Button.
Pid = 712, Hwnd=0x202c8, Text = 飞鸽传书 安装, ClassName = AladdinInstallWnd.
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Behavior description:样本控制台输出内容
details:N/A
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号