VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:77
Behavior list
Basic Information
MD5:3a81dcd2cdd0ab1b3411714caa3bbd39
file type:7z
Production company:
version:
Shell or compiler information:
Subfile information:cygwin1.dll / 23c7f511f6eec2154cc471745cc3a822 / DLL
cygiconv-2.dll / d9f1e51f181cab4988cfa5b936f9553a / DLL
rsync.exe / e8c76dfec3c03e44eddff089dd85f489 / EXE
cyggcc_s-1.dll / 6663a80da58e7610d219c0b6d97a5b49 / DLL
cygintl-8.dll / 6482ee64bd6167ba624111303b684c5c / DLL
cygpopt-0.dll / 75cfa1e81ca103b0b753a70e06160c49 / DLL
Key behavior
Behavior description:修改原系统的EXE文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygwin1.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygiconv-2.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygpopt-0.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygintl-8.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cyggcc_s-1.dll
Behavior description:获取User基本信息
details:Level = 3.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: rsync.exe, InheritedFromPID = 2000, ProcessID = 3396, ThreadID = 3456, StartAddress = 61005320, Parameter = 611B6C40
File behavior
Behavior description:修改原系统的EXE文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygwin1.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygiconv-2.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygpopt-0.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygintl-8.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cyggcc_s-1.dll
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygwin1.dll ---> Offset = 856064
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygiconv-2.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygiconv-2.dll ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygiconv-2.dll ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygiconv-2.dll ---> Offset = 196608
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygiconv-2.dll ---> Offset = 262144
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygpopt-0.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygpopt-0.dll ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygintl-8.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygintl-8.dll ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cyggcc_s-1.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cyggcc_s-1.dll ---> Offset = 65536
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Cygwin\Installations\f92534333ecb00b9
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:tty_list::mutex.0
Behavior description:修改后的可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygwin1.dll ---> 23c7f511f6eec2154cc471745cc3a822
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygiconv-2.dll ---> d9f1e51f181cab4988cfa5b936f9553a
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygpopt-0.dll ---> 75cfa1e81ca103b0b753a70e06160c49
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygintl-8.dll ---> 6482ee64bd6167ba624111303b684c5c
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cyggcc_s-1.dll ---> 6663a80da58e7610d219c0b6d97a5b49
Behavior description:获取User基本信息
details:Level = 3.
Behavior description:调整进程token权限
details:SE_RESTORE_PRIVILEGE
SE_BACKUP_PRIVILEGE
SE_DEBUG_PRIVILEGE
Behavior description:修改后的可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygwin1.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygiconv-2.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygpopt-0.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cygintl-8.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\rsync-win-i386-3.1.2\cyggcc_s-1.dll(签名验证: 未通过)
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号