VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:77
Behavior list
Basic Information
MD5:3ad4e23550e94d07f97a66b22a614520
file type:EXE
Production company:Kaka.Smile
version:1.3.4.6---1.3.4.6
Shell or compiler information:PACKER:UPolyX v0.5
Key behavior
Behavior description:直接调用系统关键API
details:Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x01054F87
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x01054F87
Behavior description:直接获取CPU时钟
details:EAX = 0x1bfea6df, EDX = 0x000000b7
EAX = 0x1bfea72b, EDX = 0x000000b7
EAX = 0x1e8676b4, EDX = 0x000000b7
EAX = 0x1e867700, EDX = 0x000000b7
EAX = 0x1e86774c, EDX = 0x000000b7
EAX = 0x1e867798, EDX = 0x000000b7
EAX = 0x1e8677e4, EDX = 0x000000b7
EAX = 0x1e867830, EDX = 0x000000b7
EAX = 0x1e86787c, EDX = 0x000000b7
EAX = 0x1e8678c8, EDX = 0x000000b7
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2660, ThreadID = 2672, StartAddress = 77DC845A, Parameter = 00000000
Behavior description:枚举进程
details:N/A
Other behavior
Behavior description:直接调用系统关键API
details:Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x01054F87
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x01054F87
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
Behavior description:直接获取CPU时钟
details:EAX = 0x1bfea6df, EDX = 0x000000b7
EAX = 0x1bfea72b, EDX = 0x000000b7
EAX = 0x1e8676b4, EDX = 0x000000b7
EAX = 0x1e867700, EDX = 0x000000b7
EAX = 0x1e86774c, EDX = 0x000000b7
EAX = 0x1e867798, EDX = 0x000000b7
EAX = 0x1e8677e4, EDX = 0x000000b7
EAX = 0x1e867830, EDX = 0x000000b7
EAX = 0x1e86787c, EDX = 0x000000b7
EAX = 0x1e8678c8, EDX = 0x000000b7
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:窗口信息
details:Pid = 2660, Hwnd=0x103a4, Text = 请勿更改默认文件名, ClassName = Afx:400000:b:10011:1900015:0.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,tooltips_class32]
[Window,Class] = [,Afx:400000:8]
[Window,Class] = [,_EL_Timer]
Behavior description:打开互斥体
details:RasPbFile
ShimCacheMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号