VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:21
Behavior list
Basic Information
MD5:4028b185671be2a21e62598f267e8c26
file type:zip
Production company:
version:
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo
Subfile information:不看玩你妈逼辅助[双击鼠标].txt / 7d6c8b041ff2d1ac3d890accc32d2234 / Unknown
凌哥QQ飞车一键刷商城辅助V5.1.exe / be71aaba9132817ace7b66e6a2f07b67 / EXE
upx_c_30caddbadumpFile / 340cb0c7918648d76da22b32ac09a67d / EXE
点击下载更多资源 (3).url / 35d3f4365c5a7bd26b7c12fe1c216497 / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MJB..LCLGH
MSCTF.MarshalInterface.FileMap.MJB.B.LCLGH
MSCTF.MarshalInterface.FileMap.MJB.C.LCLGH
MSCTF.MarshalInterface.FileMap.MJB.D.LCLGH
MSCTF.MarshalInterface.FileMap.MJB.E.LCLGH
MSCTF.MarshalInterface.FileMap.MJB.F.LDLGH
MSCTF.MarshalInterface.FileMap.MJB.G.LDLGH
Behavior description:修改注册表_IE首页
details:\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\Start Page
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
Behavior description:隐藏指定窗口
details:[Window,Class] = [loger command window,TXLOGGER_BYCORETEAM]
[Window,Class] = [TENCENT-INSTLLER-WINDOW,TENCENT-INSTLLER]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
Behavior description:获取User基本信息
details:Level = 10.
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\禁止后可能会严重影响系统稳定性,建议不要禁止!
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\Documents and Settings\Administrator\Application Data\9ifz\9ifz.exe, CmdLine = "C:\Documents and Settings\Administrator\Application Data\9ifz\9ifz.exe"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MJB..LCLGH
MSCTF.MarshalInterface.FileMap.MJB.B.LCLGH
MSCTF.MarshalInterface.FileMap.MJB.C.LCLGH
MSCTF.MarshalInterface.FileMap.MJB.D.LCLGH
MSCTF.MarshalInterface.FileMap.MJB.E.LCLGH
MSCTF.MarshalInterface.FileMap.MJB.F.LDLGH
MSCTF.MarshalInterface.FileMap.MJB.G.LDLGH
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Application Data\9ifz\dlcore.dll
C:\Documents and Settings\Administrator\Application Data\9ifz\9ifz.exe
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-*\a18ca4003deb042bbee7a40f15e1970b_dcff734b-bc3f-43cb-8911-9b5d467629cf---> Offset = 0
C:\Documents and Settings\Administrator\「开始」菜单\程序\Internet Explorer.lnk---> Offset = 0
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Application Data\9ifz
FileName = C:\Documents and Settings\Administrator\Application Data\9ifz\9ifz.exe
FileName = C:\Documents and Settings\Administrator\Application Data\Tencent\Logs\9ifz.tlg
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\Documents and Settings\Administrator\桌面\*.lnk
FileName = C:\Documents and Settings\Administrator\「开始」菜单\*.lnk
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序\*.lnk
FileName = C:\Program Files
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-*\a18ca4003deb042bbee7a40f15e1970b_*
FileName = C:\Program Files\Internet Explorer
FileName = C:\Program Files\Internet Explorer\iexplore.exe
FileName = C:\Documents and Settings\Administrator\My Documents
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x16(565 0)
\REGISTRY\USER\S-*\Software\Tencent\TodayDo\RunTaskQQ
\REGISTRY\MACHINE\SOFTWARE\Tencent\BackupDownloader\times
\REGISTRY\USER\S-*\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Default_Page_URL
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Default_Search_URL
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Use_Async_DNS
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Search Bar
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Search Page
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Local Page
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Start Page
Behavior description:修改注册表_IE关键属性
details:\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
Behavior description:修改注册表_组策略
details:\REGISTRY\USER\S-*\Software\Policies\Microsoft\Internet Explorer\Main\Default_Page_URL
\REGISTRY\USER\S-*\Software\Policies\Microsoft\Internet Explorer\Main\Search Bar
\REGISTRY\USER\S-*\Software\Policies\Microsoft\Internet Explorer\Main\Search Page
\REGISTRY\USER\S-*\Software\Policies\Microsoft\Internet Explorer\Main\Start Page
Behavior description:修改注册表_IE首页
details:\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\Start Page
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\禁止后可能会严重影响系统稳定性,建议不要禁止!
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
_TX~QQSetupEx~0503~A1C22B84-CE8D-437A-AA60-6D3ABCB18ACF
MSCTF.Shared.MUTEX.ELH
Global\winlogon: Logon UserProfileMapping Mutex
Behavior description:隐藏指定窗口
details:[Window,Class] = [loger command window,TXLOGGER_BYCORETEAM]
[Window,Class] = [TENCENT-INSTLLER-WINDOW,TENCENT-INSTLLER]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [LogView_qqpcmgr,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [DiDaSG,]
NtUserFindWindowEx: [Class,Window] = [DiDaGrid,]
NtUserFindWindowEx: [Class,Window] = [DiDaViewCtrl,]
NtUserFindWindowEx: [Class,Window] = [,GINA Logon]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 1476, Hwnd=0x202c8, Text = 确定, ClassName = Button.
Pid = 1476, Hwnd=0x202c6, Text = 辅助未成功获取到游戏目录,请先设置, ClassName = Static.
Pid = 1476, Hwnd=0x202c4, Text = 信息:, ClassName = #32770.
Pid = 1476, Hwnd=0x302c4, Text = 请选择您的QQ飞车安装目录, ClassName = Static.
Pid = 1476, Hwnd=0x302ca, Text = 我的电脑, ClassName = Edit.
Pid = 1476, Hwnd=0x302b4, Text = 确定, ClassName = Button.
Pid = 1476, Hwnd=0x402b0, Text = 取消, ClassName = Button.
Pid = 1476, Hwnd=0x302a8, Text = 浏览文件夹, ClassName = #32770.
Behavior description:获取User基本信息
details:Level = 10.
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Behavior description:内联HOOK
details:C:\WINDOWS\system32\GDI32.dll--->ExtTextOutA Offset = 0x0
C:\WINDOWS\system32\GDI32.dll--->ExtTextOutW Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetWindowLongA Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->SetWindowLongA Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->SetWindowLongW Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetWindowLongW Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->BeginPaint Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->EndPaint Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetDC Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetWindowDC Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->ReleaseDC Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->WindowFromDC Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetScrollInfo Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetScrollPos Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetScrollRange Offset = 0x0
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号