VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:59
Behavior list
Basic Information
MD5:3d911f72c50e835d30a9c55c4834cbc7
file type:EXE
Production company:秋枫(Fresco) @ Fresco Space/明经通道/晓东CAD空间;7zsfx: Igor Pavlov
version:4.16.0.0---4, 16, 0, 0
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Subfile information:setup.exe / a873c101f52b30a96c4183d055c4ed10 / EXE
BatchPlot.VLX / 4a771efe7052395dde9d41de75a19d1f / Unknown
WizModernImage-IS.bmp / 28b66cba58591601880bf3bb2a7ee6b1 / Unknown
BP_Help.htm / 6290e4615db05e0cad7c1ab483f23817 / Unknown
License.rtf / 52b209d374415e857ca98696ebce8670 / Unknown
History.htm / 5617a512257e36218f2d7e0279761f52 / Unknown
Info.rtf / 4c9d3325f3d3e8a6466739d1c9352c9c / Unknown
AddBplotMenu.VLX / f4e0cf42f8d2ec6619f77a9f8207908f / Unknown
loadBatchPlot.VLX / 500477dfc689b0d979571afd57aed048 / Unknown
setup.ini / 4f3c920b5db1f66778fc058eb09dde55 / Unknown
WizModernSmallImage10.bmp / 28b626202ba2e4b94b5aa3dfb86b3b55 / Unknown
donate.htm / 6a89a2905139522d3a1b4269d0b6ebd6 / Unknown
Batchplot.ini / 3a10c8ca361c29a3b25ec29e87ac1f4b / Unknown
如何手工加载.txt / 5c316dbc95e954cb15175d708f9556dc / Unknown
Visit Home Page.url / 79d0b300f17c1f9af86876d49d66401d / Unknown
Key behavior
Behavior description:查找PE资源信息
details:(FindResourceA) hModule = 0x00400000, ResName: REGDLL_EXE, ResType:
(FindResourceA) hModule = 0x00400000, ResName: SHFOLDERDLL, ResType:
Behavior description:获取TickCount值
details:TickCount = 219753, SleepMilliseconds = 50.
TickCount = 219815, SleepMilliseconds = 50.
TickCount = 219878, SleepMilliseconds = 50.
TickCount = 219940, SleepMilliseconds = 50.
TickCount = 220003, SleepMilliseconds = 50.
TickCount = 220065, SleepMilliseconds = 50.
TickCount = 220128, SleepMilliseconds = 50.
TickCount = 220190, SleepMilliseconds = 50.
TickCount = 220253, SleepMilliseconds = 50.
TickCount = 220315, SleepMilliseconds = 50.
TickCount = 220378, SleepMilliseconds = 50.
TickCount = 220440, SleepMilliseconds = 50.
TickCount = 220503, SleepMilliseconds = 50.
TickCount = 220565, SleepMilliseconds = 50.
TickCount = 220628, SleepMilliseconds = 50.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2820, ThreadID = 2832, StartAddress = 00407C8F, Parameter = 00B20418
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2820, ThreadID = 2836, StartAddress = 00407FA3, Parameter = 003F6D90
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2820, ThreadID = 2840, StartAddress = 004114B9, Parameter = 0012FD44
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2820, ThreadID = 2844, StartAddress = 00407C8F, Parameter = 00B20418
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2820, ThreadID = 2848, StartAddress = 00407FA3, Parameter = 003F6D90
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2820, ThreadID = 2852, StartAddress = 00407C8F, Parameter = 00B20418
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2820, ThreadID = 2856, StartAddress = 00407FA3, Parameter = 003F6D90
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2820, ThreadID = 2860, StartAddress = 00407FA3, Parameter = 00B27930
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2820, ThreadID = 2864, StartAddress = 00407FA3, Parameter = 00B27A30
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2820, ThreadID = 2868, StartAddress = 00407FA3, Parameter = 00B26870
Behavior description:创建新文件进程
details:[0x00000b44]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS3.tmp\setup.exe, CmdLine = .\setup.exe
[0x00000b84]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-D3BET.tmp\setup.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-D3BET.tmp\setup.tmp" /SL5="$3033C,54272,54272,C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS3.tmp\setup.exe"
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\WizModernImage-IS.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\WizModernSmallImage10.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\BP_Help.htm
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\donate.htm
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\History.htm
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\Batchplot.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\setup.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\Info.rtf
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\License.rtf
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\如何手工加载.txt
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\Visit Home Page.url
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\AddBplotMenu.VLX
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\BatchPlot.VLX
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\loadBatchPlot.VLX
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\is-RNP2N.tmp\_isetup\_RegDLL.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\is-RNP2N.tmp\_isetup\_shfoldr.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\AddBplotMenu.VLX
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\Batchplot.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\BatchPlot.VLX
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\BP_Help.htm
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\donate.htm
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\History.htm
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\Info.rtf
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\License.rtf
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\loadBatchPlot.VLX
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\Visit Home Page.url
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\如何手工加载.txt
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\setup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\is-D3BET.tmp\setup.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\is-RNP2N.tmp\_isetup\_RegDLL.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\is-RNP2N.tmp\_isetup\_shfoldr.dll
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\WizModernImage-IS.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\WizModernSmallImage10.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\BP_Help.htm ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\donate.htm ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\History.htm ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\Batchplot.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\setup.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\Info.rtf ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\License.rtf ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\如何手工加载.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\Visit Home Page.url ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\AddBplotMenu.VLX ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\BatchPlot.VLX ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DATA\loadBatchPlot.VLX ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\setup.exe ---> Offset = 0
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS3.tmp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS3.tmp\WizModernImage-IS.bmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS3.tmp\WizModernSmallImage10.bmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS3.tmp\DATA\BP_Help.htm
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS3.tmp\DATA\donate.htm
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS3.tmp\DATA\History.htm
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS3.tmp\DATA\Batchplot.ini
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS3.tmp\setup.ini
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS3.tmp\DATA\Info.rtf
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS3.tmp\DATA\License.rtf
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS3.tmp\DATA\如何手工加载.txt
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS3.tmp\DATA\Visit Home Page.url
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS3.tmp\DATA\AddBplotMenu.VLX
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS3.tmp\DATA\BatchPlot.VLX
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
SHIMLIB_LOG_MUTEX
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:窗口信息
details:Pid = 2948, Hwnd=0x10350, Text = 确定, ClassName = Button.
Pid = 2948, Hwnd=0x10354, Text = 您的系统中没有安装本程序支持的AutoCAD版本。 本程序是运行在特定的AutoCAD平台上的,所以不能安装。 本程序支持的AutoCAD版本:R15.0;>R15.0, ClassName = Static.
Pid = 2948, Hwnd=0x1034e, Text = 安装, ClassName = #32770.
Behavior description:获取TickCount值
details:TickCount = 219753, SleepMilliseconds = 50.
TickCount = 219815, SleepMilliseconds = 50.
TickCount = 219878, SleepMilliseconds = 50.
TickCount = 219940, SleepMilliseconds = 50.
TickCount = 220003, SleepMilliseconds = 50.
TickCount = 220065, SleepMilliseconds = 50.
TickCount = 220128, SleepMilliseconds = 50.
TickCount = 220190, SleepMilliseconds = 50.
TickCount = 220253, SleepMilliseconds = 50.
TickCount = 220315, SleepMilliseconds = 50.
TickCount = 220378, SleepMilliseconds = 50.
TickCount = 220440, SleepMilliseconds = 50.
TickCount = 220503, SleepMilliseconds = 50.
TickCount = 220565, SleepMilliseconds = 50.
TickCount = 220628, SleepMilliseconds = 50.
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
Behavior description:枚举窗口
details:N/A
Behavior description:查找PE资源信息
details:(FindResourceA) hModule = 0x00400000, ResName: REGDLL_EXE, ResType:
(FindResourceA) hModule = 0x00400000, ResName: SHFOLDERDLL, ResType:
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\setup.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\is-D3BET.tmp\setup.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\is-RNP2N.tmp\_isetup\_RegDLL.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\is-RNP2N.tmp\_isetup\_shfoldr.dll(签名验证: 未通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 50.
[2]: MilliSeconds = 50.
[3]: MilliSeconds = 50.
[4]: MilliSeconds = 50.
[5]: MilliSeconds = 50.
[6]: MilliSeconds = 50.
[7]: MilliSeconds = 50.
[8]: MilliSeconds = 50.
[9]: MilliSeconds = 50.
[10]: MilliSeconds = 50.
[2]: MilliSeconds = 250.
[3]: MilliSeconds = 250.
[4]: MilliSeconds = 250.
[5]: MilliSeconds = 250.
[6]: MilliSeconds = 250.
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\setup.exe ---> a873c101f52b30a96c4183d055c4ed10
C:\Documents and Settings\Administrator\Local Settings\Temp\is-D3BET.tmp\setup.tmp ---> 620f32e56b46e90e8aee43febc59f6e3
C:\Documents and Settings\Administrator\Local Settings\Temp\is-RNP2N.tmp\_isetup\_RegDLL.tmp ---> 0ee914c6f0bb93996c75941e1ad629c6
C:\Documents and Settings\Administrator\Local Settings\Temp\is-RNP2N.tmp\_isetup\_shfoldr.dll ---> 92dc6ef532fbb4a5c3201469a5b5eb63
Behavior description:打开互斥体
details:ShimCacheMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号