VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

  Main Menu
VirSCAN  HOME VirSCAN  go Virscan.org VirSCAN  Report VirSCAN  Virus report VirSCAN  Behavior report VirSCAN  Help VirSCAN VirSCAN  Submit Bugs VirSCAN  Contact us
  Powered By
a-squared
a-squared
a-squared
 
File information
Safety rating:77
Behavior list
Basic Information
MD5:3ad4e23550e94d07f97a66b22a614520
file type:EXE
Production company:Kaka.Smile
version:1.3.4.6---1.3.4.6
Shell or compiler information:PACKER:UPolyX v0.5
Key behavior
Behavior description:直接调用系统关键API
details:Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x01054F87
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x01054F87
Behavior description:直接获取CPU时钟
details:EAX = 0x1bfea6df, EDX = 0x000000b7
EAX = 0x1bfea72b, EDX = 0x000000b7
EAX = 0x1e8676b4, EDX = 0x000000b7
EAX = 0x1e867700, EDX = 0x000000b7
EAX = 0x1e86774c, EDX = 0x000000b7
EAX = 0x1e867798, EDX = 0x000000b7
EAX = 0x1e8677e4, EDX = 0x000000b7
EAX = 0x1e867830, EDX = 0x000000b7
EAX = 0x1e86787c, EDX = 0x000000b7
EAX = 0x1e8678c8, EDX = 0x000000b7
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2660, ThreadID = 2672, StartAddress = 77DC845A, Parameter = 00000000
Behavior description:枚举进程
details:N/A
Other behavior
Behavior description:直接调用系统关键API
details:Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x01054F87
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x01054F87
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
Behavior description:直接获取CPU时钟
details:EAX = 0x1bfea6df, EDX = 0x000000b7
EAX = 0x1bfea72b, EDX = 0x000000b7
EAX = 0x1e8676b4, EDX = 0x000000b7
EAX = 0x1e867700, EDX = 0x000000b7
EAX = 0x1e86774c, EDX = 0x000000b7
EAX = 0x1e867798, EDX = 0x000000b7
EAX = 0x1e8677e4, EDX = 0x000000b7
EAX = 0x1e867830, EDX = 0x000000b7
EAX = 0x1e86787c, EDX = 0x000000b7
EAX = 0x1e8678c8, EDX = 0x000000b7
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:窗口信息
details:Pid = 2660, Hwnd=0x103a4, Text = 请勿更改默认文件名, ClassName = Afx:400000:b:10011:1900015:0.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,tooltips_class32]
[Window,Class] = [,Afx:400000:8]
[Window,Class] = [,_EL_Timer]
Behavior description:打开互斥体
details:RasPbFile
ShimCacheMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

 pol

京公网安备 11010802020746号