VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:65
Behavior list
Basic Information
MD5:4146d8824fa419632b9b7e395749cb7b
file type:EXE
Production company:360安全中心
version:2.2.0.4---2, 2, 0, 4
Shell or compiler information:PACKER:UPolyX v0.5
Key behavior
Behavior description:直接调用系统关键API
details:Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x0100A46B
Behavior description:直接获取CPU时钟
details:EAX = 0x64ae3c7f, EDX = 0x000000bd
Behavior description:获取TickCount值
details:TickCount = 228500, SleepMilliseconds = 1000.
TickCount = 228515, SleepMilliseconds = 1000.
TickCount = 228593, SleepMilliseconds = 1000.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2688, ThreadID = 2708, StartAddress = 00FB0070, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2688, ThreadID = 2716, StartAddress = 00FB0080, Parameter = 00000048
Registry behavior
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\DWFileTreeRoot
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:3D21E658-B095-441a-8FE9-6C10952714C7
RasPbFile
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
Behavior description:打开互斥体
details:DBWinMutex
RasPbFile
Behavior description:直接调用系统关键API
details:Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x0100A46B
Behavior description:获取TickCount值
details:TickCount = 228500, SleepMilliseconds = 1000.
TickCount = 228515, SleepMilliseconds = 1000.
TickCount = 228593, SleepMilliseconds = 1000.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 1000.
[2]: MilliSeconds = 1000.
[3]: MilliSeconds = 1000.
[4]: MilliSeconds = 1000.
[5]: MilliSeconds = 1000.
[6]: MilliSeconds = 1000.
[7]: MilliSeconds = 1000.
[8]: MilliSeconds = 1000.
[9]: MilliSeconds = 1000.
[10]: MilliSeconds = 1000.
Behavior description:直接获取CPU时钟
details:EAX = 0x64ae3c7f, EDX = 0x000000bd
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号