VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:70
Behavior list
Basic Information
MD5:3c04867d0608feeb5de799b4c5c7f919
file type:EXE
Production company:李先欣
version:1.0.0.0---1.0.0.0
Shell or compiler information:PACKER:ASPack 2.12 -> Alexey Solodovnikov
Subfile information:aspack22_be75e0b7dumpFile / c1f9e31c07e4dcc06ec9b88666461014 / EXE
Key behavior
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00010346, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x0001034c, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010346, DC = 0x0a010375.
Foreground window Info: HWND = 0x00010348, DC = 0x01010057.
Foreground window Info: HWND = 0x00010346, DC = 0x01010057.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2724, ThreadID = 2736, StartAddress = 77DC845A, Parameter = 00000000
File behavior
Behavior description:创建文件
details:C:\DiskD\yyx
C:\Documents and Settings\Administrator\Local Settings\%temp%\peizi.ini
C:\Documents and Settings\Administrator\Local Settings\%temp%\config.ini
Behavior description:修改文件内容
details:C:\DiskD\yyx ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\peizi.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\peizi.ini ---> Offset = 21
C:\Documents and Settings\Administrator\Local Settings\%temp%\peizi.ini ---> Offset = 44
C:\Documents and Settings\Administrator\Local Settings\%temp%\peizi.ini ---> Offset = 67
C:\Documents and Settings\Administrator\Local Settings\%temp%\peizi.ini ---> Offset = 90
C:\Documents and Settings\Administrator\Local Settings\%temp%\peizi.ini ---> Offset = 39
C:\Documents and Settings\Administrator\Local Settings\%temp%\peizi.ini ---> Offset = 62
C:\Documents and Settings\Administrator\Local Settings\%temp%\peizi.ini ---> Offset = 85
C:\Documents and Settings\Administrator\Local Settings\%temp%\peizi.ini ---> Offset = 108
C:\Documents and Settings\Administrator\Local Settings\%temp%\config.ini ---> Offset = 0
Behavior description:查找文件
details:FileName = d:\yyx
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\daik.lxx
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Speech\Voices\DefaultTokenId
Other behavior
Behavior description:创建互斥体
details:RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_Voices_Tokens_MSSam_Mutex
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.IKK
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_Voices_Tokens_MSSam_Event
EventName = MSCTF.SendReceive.Event.IKK.IC
EventName = MSCTF.SendReceiveConection.Event.IKK.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceive.Event.IOH.IC
MSCTF.SendReceiveConection.Event.IOH.IC
Behavior description:调整进程token权限
details:SE_INC_BASE_PRIORITY_PRIVILEGE
Behavior description:窗口信息
details:Pid = 2724, Hwnd=0x10366, Text = 是(&Y), ClassName = Button.
Pid = 2724, Hwnd=0x10368, Text = 否(&N), ClassName = Button.
Pid = 2724, Hwnd=0x1036c, Text = 本软件不含任何有害代码,您可以任意使用、复制、传播。但传播或使用过程中不能保证不被其它有害软件感染,作者对使用本软件可能造成的任何损失不负任何责任。您同意本条款方可继续使用,不同意本条款则退出使用,您同意吗?, ClassName = Static.
Pid = 2724, Hwnd=0x10364, Text = 作者郑重申明:本软件完全自主开发,不含任何有害代码, ClassName = #32770.
Pid = 2724, Hwnd=0x10354, Text = 请输入您的登录密码, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2724, Hwnd=0x10352, Text = 确 定, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2724, Hwnd=0x10350, Text = 管理员密码初始值为空 如果管理员尚未设置修改密码请直接点确定进入, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2724, Hwnd=0x10346, Text = 阶梯水费管理系统2018互联网版主机 (建议您先关闭各种杀毒软件、卫士、管家), ClassName = WTWindow.
Pid = 2724, Hwnd=0x2036c, Text = 确定, ClassName = Button.
Pid = 2724, Hwnd=0x20368, Text = 第一次使用,密码为空,直接点 确定 即可, ClassName = Static.
Pid = 2724, Hwnd=0x20364, Text = 温馨提示:管理员初始密码为空, ClassName = #32770.
Pid = 2724, Hwnd=0x1034e, Text = 123456, ClassName = Edit.
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00010346, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x0001034c, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010346, DC = 0x0a010375.
Foreground window Info: HWND = 0x00010348, DC = 0x01010057.
Foreground window Info: HWND = 0x00010346, DC = 0x01010057.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Edit]
[Window,Class] = [,Button]
[Window,Class] = [,_EL_CommonDlg]
[Window,Class] = [,Afx:400000:b:10011:110005b:0]
[Window,Class] = [,Afx:400000:b:10011:0:0]
Behavior description:打开互斥体
details:RasPbFile
ShimCacheMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号