VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:50
Behavior list
Basic Information
MD5:319ca6a3b52252cc10e4aca08b0f38bc
file type:EXE
Production company:
version:1.0.0.0---1.0.0.0
Shell or compiler information:PACKER:PE+(32)
Key behavior
Behavior description:常规加载驱动
details:\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OU7X3G45Z5F5LB5HX5D5JZ3N3TJ3P3L3R3XO4U4AQ4W4CS4Y.dat
\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\R05932SA2G2MD3J3PF3L3RH3N3T3P3VL3R3XN.dat
Behavior description:直接获取CPU时钟
details:EAX = 0x7c4b005d, EDX = 0x000000b4
EAX = 0x7c4b00a9, EDX = 0x000000b4
EAX = 0x7c4b00f5, EDX = 0x000000b4
EAX = 0x7c4b0141, EDX = 0x000000b4
EAX = 0x7c4b018d, EDX = 0x000000b4
EAX = 0x7c4b01d9, EDX = 0x000000b4
EAX = 0x7c4b0225, EDX = 0x000000b4
EAX = 0x7efe01a1, EDX = 0x000000b4
EAX = 0x7efe01ed, EDX = 0x000000b4
EAX = 0x7efe0239, EDX = 0x000000b4
Behavior description:创建系统服务
details:[服务创建成功]: OU7X3G45Z5F5LB5HX5D5JZ3N3TJ3P3L3R3XO4U4AQ4W4CS4Y, C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\\OU7X3G45Z5F5LB5HX5D5JZ3N3TJ3P3L3R3XO4U4AQ4W4CS4Y.dat
[服务创建成功]: R05932SA2G2MD3J3PF3L3RH3N3T3P3VL3R3XN, C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\\R05932SA2G2MD3J3PF3L3RH3N3T3P3VL3R3XN.dat
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\OU7X3G45Z5F5LB5HX5D5JZ3N3TJ3P3L3R3XO4U4AQ4W4CS4Y.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\R05932SA2G2MD3J3PF3L3RH3N3T3P3VL3R3XN.dat
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\OU7X3G45Z5F5LB5HX5D5JZ3N3TJ3P3L3R3XO4U4AQ4W4CS4Y.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\R05932SA2G2MD3J3PF3L3RH3N3T3P3VL3R3XN.dat
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\OU7X3G45Z5F5LB5HX5D5JZ3N3TJ3P3L3R3XO4U4AQ4W4CS4Y.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\R05932SA2G2MD3J3PF3L3RH3N3T3P3VL3R3XN.dat
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\OU7X3G45Z5F5LB5HX5D5JZ3N3TJ3P3L3R3XO4U4AQ4W4CS4Y.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\R05932SA2G2MD3J3PF3L3RH3N3T3P3VL3R3XN.dat ---> Offset = 0
Network behavior
Behavior description:连接指定站点
details:WinHttpConnect: ServerName = wp****om, PORT = 80, UserName = , Password = , hSession = 0x014f5000, hConnect = 0x014f5100, Flags = 0x00000000
Behavior description:建立到一个指定的套接字连接
details:URL: wp****om, IP: **.133.40.**:80, SOCKET = 0x000000e4
Behavior description:发送HTTP包
details:GET /wpa/qunwpa?idkey=0f2ac5cbeb77dbafb1c1da02688bf2e9ffd5ae73f7b283be127292edf703b5cf HTTP/1.1 User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: text/html, application/xhtml+xml, */* Accept-Encoding: gbk, GB2312 Accept-Language: zh-cn Cache-Control: no-cache Host: wp****om Connection: Keep-Alive
Behavior description:打开HTTP请求
details:WinHttpOpenRequest: wp****om:80/wpa/qunwpa?idkey=0f2ac5cbeb77dbafb1c1da02688bf2e9ffd5ae73f7b283be127292edf703b5cf, hConnect = 0x014f5100, hRequest = 0x01560000, Verb: GET, Referer: , Flags = 0x00000000
Behavior description:按名称获取主机地址
details:GetAddrInfoW: wp****om
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x32(BGR 0)
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
Behavior description:删除服务
details:[DeleteService] ServiceStartName: , DisplayName: OU7X3G45Z5F5LB5HX5D5JZ3N3TJ3P3L3R3XO4U4AQ4W4CS4Y, BinaryPathName: \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OU7X3G45Z5F5LB5HX5D5JZ3N3TJ3P3L3R3XO4U4AQ4W4CS4Y.dat
[DeleteService] ServiceStartName: , DisplayName: R05932SA2G2MD3J3PF3L3RH3N3T3P3VL3R3XN, BinaryPathName: \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\R05932SA2G2MD3J3PF3L3RH3N3T3P3VL3R3XN.dat
Behavior description:常规加载驱动
details:\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OU7X3G45Z5F5LB5HX5D5JZ3N3TJ3P3L3R3XO4U4AQ4W4CS4Y.dat
\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\R05932SA2G2MD3J3PF3L3RH3N3T3P3VL3R3XN.dat
Behavior description:打开互斥体
details:ShimCacheMutex
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [,]
Behavior description:启动系统服务
details:[服务启动成功]: , OU7X3G45Z5F5LB5HX5D5JZ3N3TJ3P3L3R3XO4U4AQ4W4CS4Y, \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OU7X3G45Z5F5LB5HX5D5JZ3N3TJ3P3L3R3XO4U4AQ4W4CS4Y.dat
[服务启动成功]: , R05932SA2G2MD3J3PF3L3RH3N3T3P3VL3R3XN, \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\R05932SA2G2MD3J3PF3L3RH3N3T3P3VL3R3XN.dat
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Global\SvcctrlStartEvent_A3752DX
Behavior description:停止系统服务
details:ServiceName = OU7X3G45Z5F5LB5HX5D5JZ3N3TJ3P3L3R3XO4U4AQ4W4CS4Y
ServiceName = R05932SA2G2MD3J3PF3L3RH3N3T3P3VL3R3XN
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\OU7X3G45Z5F5LB5HX5D5JZ3N3TJ3P3L3R3XO4U4AQ4W4CS4Y.dat(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\R05932SA2G2MD3J3PF3L3RH3N3T3P3VL3R3XN.dat(签名验证: 未通过)
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,_EL_Timer]
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\OU7X3G45Z5F5LB5HX5D5JZ3N3TJ3P3L3R3XO4U4AQ4W4CS4Y.dat ---> 98ab3cce2fd9953ec544f64d1fb7247c
C:\Documents and Settings\Administrator\Local Settings\Temp\R05932SA2G2MD3J3PF3L3RH3N3T3P3VL3R3XN.dat ---> 98ab3cce2fd9953ec544f64d1fb7247c
Behavior description:直接获取CPU时钟
details:EAX = 0x7c4b005d, EDX = 0x000000b4
EAX = 0x7c4b00a9, EDX = 0x000000b4
EAX = 0x7c4b00f5, EDX = 0x000000b4
EAX = 0x7c4b0141, EDX = 0x000000b4
EAX = 0x7c4b018d, EDX = 0x000000b4
EAX = 0x7c4b01d9, EDX = 0x000000b4
EAX = 0x7c4b0225, EDX = 0x000000b4
EAX = 0x7efe01a1, EDX = 0x000000b4
EAX = 0x7efe01ed, EDX = 0x000000b4
EAX = 0x7efe0239, EDX = 0x000000b4
Behavior description:创建系统服务
details:[服务创建成功]: OU7X3G45Z5F5LB5HX5D5JZ3N3TJ3P3L3R3XO4U4AQ4W4CS4Y, C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\\OU7X3G45Z5F5LB5HX5D5JZ3N3TJ3P3L3R3XO4U4AQ4W4CS4Y.dat
[服务创建成功]: R05932SA2G2MD3J3PF3L3RH3N3T3P3VL3R3XN, C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\\R05932SA2G2MD3J3PF3L3RH3N3T3P3VL3R3XN.dat
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号