VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:74
Behavior list
Basic Information
MD5:37208debfea7a51d28375467800ea79f
file type:Rar5
Production company:
version:
Shell or compiler information:
Subfile information:360mipan.exe / 25bfa4f1b02a826b10a5d97fd6bd68ac / EXE
360Common.dll / c853fb18e5d05852dbc85aeb91b54769 / DLL
MipanShellExt64.dll / 72168d8f8a16a8bcbcf70cb1e0e35f6f / DLL
MipanShellExt.dll / 64e91e901a846e3dc611eb014da5887d / DLL
CCClientComm.dll / e709b58dbda6a6e0ca1f3561a333ff75 / DLL
SafeDriverCtrl.dll / 872e39cc6058b7771be6a9dc033333f2 / DLL
360mipanfloat.exe / bbd904f2c4762629c5dd9f429f570495 / EXE
AlgorithmLib.dll / 0b8f3cfe24294822394fe0745749ce30 / DLL
MipanShellMenu64.dll / 1445c3bc259d687512b8e1b2edb03a40 / DLL
MipanShellMenu.dll / 6f5cf46109670f19b682df409ea4f959 / DLL
xmllite.dll / 215422272bbadd7dda57d0372062d293 / DLL
360mipan_client.dll / bbfca949f2acca9eed7e7f7d5fc28726 / DLL
mpcom.dll / 8ff01ae6ee2f3456b6b81fbf923af385 / DLL
EfiProc.dll / 15d275d88b87c339651e73e57079eba6 / DLL
DefineDosDevice.exe / f7d03ba58799e0f5cb0271ef7879864e / EXE
360mipan.sys / 1d9bc3499d9fc722e39fcd5ae297ef34 / SYS
360mipan64.sys / 9db592bac536efde07fbf42d8649b55f / SYS
360mipan.dat / aa178b8f0a855c0ff025e0e7cec29e41 / Unknown
mipan.ini / 6d37079bafab022aa14528ec482904a5 / Unknown
Key behavior
Behavior description:常规加载驱动
details:\??\C:\WINDOWS\system32\drivers\360mipan.sys
System32\Drivers\Efimon.sys
Behavior description:设置特殊文件夹属性
details:C:\DiskD\360mipan
Behavior description:创建系统服务
details:[服务创建成功]: 360mipan, C:\WINDOWS\system32\drivers\360mipan.sys
[服务创建成功]: EfiMon, System32\Drivers\Efimon.sys
Behavior description:获取TickCount值
details:TickCount = 231628, SleepMilliseconds = 50.
TickCount = 234018, SleepMilliseconds = 50.
TickCount = 234034, SleepMilliseconds = 50.
TickCount = 234050, SleepMilliseconds = 50.
TickCount = 237581, SleepMilliseconds = 50.
TickCount = 237596, SleepMilliseconds = 50.
TickCount = 237612, SleepMilliseconds = 50.
TickCount = 237628, SleepMilliseconds = 50.
TickCount = 237643, SleepMilliseconds = 50.
TickCount = 237659, SleepMilliseconds = 50.
TickCount = 237675, SleepMilliseconds = 50.
TickCount = 237690, SleepMilliseconds = 50.
TickCount = 237706, SleepMilliseconds = 50.
TickCount = 237815, SleepMilliseconds = 50.
TickCount = 237831, SleepMilliseconds = 50.
Process behavior
Behavior description:创建进程
details:[0x0000077c]ImagePath = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\360密盘64位\mipan\360mipanfloat.exe, CmdLine = "C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\360密盘64位\mipan\360mipanfloat.exe"
[0x000001d8]ImagePath = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\360密盘64位\mipan\360mipan.exe, CmdLine = "C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\360密盘64位\mipan\360mipan.exe" /login
Behavior description:创建本地线程
details:TargetProcess: 360mipan.exe, InheritedFromPID = 2000, ProcessID = 4008, ThreadID = 4020, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: 360mipanfloat.exe, InheritedFromPID = 4008, ProcessID = 1916, ThreadID = 144, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: 360mipan.exe, InheritedFromPID = 1916, ProcessID = 472, ThreadID = 552, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: 360mipan.exe, InheritedFromPID = 1916, ProcessID = 472, ThreadID = 2212, StartAddress = 005594E7, Parameter = 017BF218
TargetProcess: 360mipan.exe, InheritedFromPID = 1916, ProcessID = 472, ThreadID = 2188, StartAddress = 005594E7, Parameter = 017BF438
TargetProcess: 360mipan.exe, InheritedFromPID = 1916, ProcessID = 472, ThreadID = 2284, StartAddress = 005594E7, Parameter = 017BF218
TargetProcess: 360mipan.exe, InheritedFromPID = 1916, ProcessID = 472, ThreadID = 2288, StartAddress = 005594E7, Parameter = 017BF438
TargetProcess: 360mipan.exe, InheritedFromPID = 1916, ProcessID = 472, ThreadID = 1788, StartAddress = 005594E7, Parameter = 017BF218
TargetProcess: 360mipan.exe, InheritedFromPID = 1916, ProcessID = 472, ThreadID = 656, StartAddress = 005594E7, Parameter = 017BF438
File behavior
Behavior description:创建文件
details:C:\WINDOWS\system32\drivers\360mipan.sys
C:\Documents and Settings\Administrator\Application Data\360safe\mipanlog\mplost.mplog
C:\Documents and Settings\All Users\Application Data\Mipan\Mps_st.3lg
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF50C0.tmp
C:\Documents and Settings\Administrator\Application Data\360safe\mipanlog\20181108.mplog
C:\DiskD\360mipan\360mipan-{07BD7D74-071D-4975-A2B9-48F7E7E75A}.360sv
C:\DiskD\360mipan\360mipan-{B8D25E3B-B037-4012-9D8E-7A8672E9D6}.360sv
C:\DiskD\360mipan\360mipan-{4737D284-C1C9-4297-9761-556F9BB470}.360sv
Behavior description:覆盖已有文件
details:C:\Documents and Settings\All Users\Application Data\Mipan\Mps_st.3lg
Behavior description:复制文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\360密盘64位\mipan\360mipan.sys ---> C:\WINDOWS\system32\drivers\360mipan.sys
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\360密盘64位\mipan\360mipan.dat
C:\DiskD\360mipan\360mipan-{07BD7D74-071D-4975-A2B9-48F7E7E75A}.360sv
C:\DiskD\360mipan\360mipan-{B8D25E3B-B037-4012-9D8E-7A8672E9D6}.360sv
C:\DiskD\360mipan\360mipan-{4737D284-C1C9-4297-9761-556F9BB470}.360sv
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF50C0.tmp
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\360密盘64位
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\360密盘64位\mipan
FileName = C:\Documents and Settings\Administrator\Application Data\360safe\mipanlog\*.mplog
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\360密盘64位\mipan\360mipan.exe
Behavior description:设置特殊文件夹属性
details:C:\DiskD\360mipan
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\360密盘64位\360Common.dll ---> Offset = 262144
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\360密盘64位\360Common.dll ---> Offset = 327680
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\360密盘64位\360Common.dll ---> Offset = 393216
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\360密盘64位\360Common.dll ---> Offset = 458752
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\360密盘64位\mipan\360mipan_client.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\360密盘64位\mipan\360mipan_client.dll ---> Offset = 57344
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\360密盘64位\mipan\360mipan_client.dll ---> Offset = 69632
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\360密盘64位\mipan\mpcom.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\360密盘64位\mipan\mpcom.dll ---> Offset = 45056
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\360密盘64位\mipan\CCClientComm.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\360密盘64位\mipan\CCClientComm.dll ---> Offset = 274432
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\360密盘64位\mipan\CCClientComm.dll ---> Offset = 294912
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\360密盘64位\mipan\AlgorithmLib.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\360密盘64位\mipan\AlgorithmLib.dll ---> Offset = 167936
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\360密盘64位\mipan\AlgorithmLib.dll ---> Offset = 184320
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\360密盘64位\mipan\360mipanfloat.exe
\REGISTRY\MACHINE\SOFTWARE\360Safe\safemon\MiPanDiskFile\D__360mipan_360mipan-{07BD7D74-071D-4975-A2B9-48F7E7E75A}_360sv
\REGISTRY\MACHINE\SOFTWARE\360Safe\safemon\MiPanDiskFile\D__360mipan
\REGISTRY\MACHINE\SOFTWARE\360Safe\safemon\MiPanDiskFile\D__360mipan_360mipan-{B8D25E3B-B037-4012-9D8E-7A8672E9D6}_360sv
\REGISTRY\MACHINE\SOFTWARE\360Safe\safemon\MiPanDiskFile\D__360mipan_360mipan-{4737D284-C1C9-4297-9761-556F9BB470}_360sv
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\360Mipan
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
oleacc-msaa-loaded
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Global\Q360MipanFloatMutex
Global\Q360MipanUsedMutex
Q360MipanLoginMutex
Q360MipanWizardMutex
Behavior description:生成会话密钥
details:[CryptDeriveKey] Algorithm: CALG_RC2 (0x00006602) Flags: 0x00000001
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.AMB.IC
EventName = MSCTF.SendReceiveConection.Event.AMB.IC
EventName = MSCTF.SendReceive.Event.AIH.IC
EventName = MSCTF.SendReceiveConection.Event.AIH.IC
Behavior description:常规加载驱动
details:\??\C:\WINDOWS\system32\drivers\360mipan.sys
System32\Drivers\Efimon.sys
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [360MipanWizard,]
NtUserFindWindowEx: [Class,Window] = [360MipanLogin,]
NtUserFindWindowEx: [Class,Window] = [360MipanVerify,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
NtUserFindWindowEx: [Class,Window] = [360MipanFloat,]
Behavior description:启动系统服务
details:[服务启动成功]: , 360mipan, \??\C:\WINDOWS\system32\drivers\360mipan.sys
[服务启动成功]: , EfiSystemMon, System32\Drivers\Efimon.sys
Behavior description:加密数据
details:[CryptEncrypt] Data: 0x017BF658, PlainTextLen: 128, CipherTextLen: 72, Flags: 0x00000000
[CryptEncrypt] Data: 0x017C0580, PlainTextLen: 128, CipherTextLen: 72, Flags: 0x00000000
[CryptEncrypt] Data: 0x017C0750, PlainTextLen: 872, CipherTextLen: 440, Flags: 0x00000000
[CryptEncrypt] Data: 0x017C0750, PlainTextLen: 128, CipherTextLen: 72, Flags: 0x00000000
[CryptEncrypt] Data: 0x017C1FE0, PlainTextLen: 128, CipherTextLen: 72, Flags: 0x00000000
[CryptEncrypt] Data: 0x017C1FE0, PlainTextLen: 872, CipherTextLen: 440, Flags: 0x00000000
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
Q360CustomFDEvent
Behavior description:解密数据
details:[CryptDecrypt] Data: 0x00E8C488, CipherTextLen: 568, PlainTextLen: 566, Flags: 0x00000000
[CryptDecrypt] Data: 0x017BF740, CipherTextLen: 72, PlainTextLen: 64, Flags: 0x00000000
[CryptDecrypt] Data: 0x017BF8B0, CipherTextLen: 72, PlainTextLen: 64, Flags: 0x00000000
[CryptDecrypt] Data: 0x017BF8F0, CipherTextLen: 72, PlainTextLen: 64, Flags: 0x00000000
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 472, Hwnd=0x10342, Text = 确定, ClassName = Button.
Pid = 472, Hwnd=0x10344, Text = 没有找到以下密盘,其镜像文件可能被移动或被删除了!, ClassName = Static.
Pid = 472, Hwnd=0x10346, Text = 如果您的密盘存放在移动设备中,请插上移动设备再使用!, ClassName = Static.
Pid = 472, Hwnd=0x10382, Text = 我的密盘, ClassName = Edit.
Pid = 472, Hwnd=0x10388, Text = 准备为您创建密盘,请您给密盘设置一个名称和密码, ClassName = Static.
Pid = 472, Hwnd=0x1038a, Text = 密盘名称:, ClassName = Static.
Pid = 472, Hwnd=0x1038c, Text = 密盘密码:, ClassName = Static.
Pid = 472, Hwnd=0x1038e, Text = 再输一次密码:, ClassName = Static.
Pid = 472, Hwnd=0x10390, Text = (6到20位区分大小写), ClassName = Static.
Pid = 472, Hwnd=0x10392, Text = (请牢记,否则无法解密), ClassName = Static.
Pid = 472, Hwnd=0x20360, Text = 下一步, ClassName = Button.
Pid = 472, Hwnd=0x2035e, Text = 下一步, ClassName = Button.
Pid = 472, Hwnd=0x30352, Text = 上一步, ClassName = Button.
Pid = 472, Hwnd=0x3034e, Text = 欢迎, ClassName = Static.
Pid = 472, Hwnd=0x30350, Text = 登录账户, ClassName = Static.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 50.
[2]: MilliSeconds = 50.
[3]: MilliSeconds = 50.
[4]: MilliSeconds = 50.
[5]: MilliSeconds = 50.
[6]: MilliSeconds = 50.
[7]: MilliSeconds = 50.
[8]: MilliSeconds = 50.
[9]: MilliSeconds = 50.
[10]: MilliSeconds = 50.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,360MipanFloat]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,#32770]
[Window,Class] = [打开密盘,Static]
[Window,Class] = [上一步,Button]
[Window,Class] = [下一步,Button]
[Window,Class] = [确定,Button]
[Window,Class] = [,tooltips_class32]
Behavior description:获取TickCount值
details:TickCount = 231628, SleepMilliseconds = 50.
TickCount = 234018, SleepMilliseconds = 50.
TickCount = 234034, SleepMilliseconds = 50.
TickCount = 234050, SleepMilliseconds = 50.
TickCount = 237581, SleepMilliseconds = 50.
TickCount = 237596, SleepMilliseconds = 50.
TickCount = 237612, SleepMilliseconds = 50.
TickCount = 237628, SleepMilliseconds = 50.
TickCount = 237643, SleepMilliseconds = 50.
TickCount = 237659, SleepMilliseconds = 50.
TickCount = 237675, SleepMilliseconds = 50.
TickCount = 237690, SleepMilliseconds = 50.
TickCount = 237706, SleepMilliseconds = 50.
TickCount = 237815, SleepMilliseconds = 50.
TickCount = 237831, SleepMilliseconds = 50.
Behavior description:打开互斥体
details:Local\!IETld!Mutex
ShimCacheMutex
Behavior description:创建系统服务
details:[服务创建成功]: 360mipan, C:\WINDOWS\system32\drivers\360mipan.sys
[服务创建成功]: EfiMon, System32\Drivers\Efimon.sys
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号