VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:82
behaviorlist
Basic Information
MD5:44af82ebf8e8c63406ab2867ec245e8c
file type:zip
Production company:
version:
Shell or compiler information:
Subfile information:WinNTSetup_x64.exe / 7b8379e82a3322a5d9b22e0d2211a263 / EXE
WinNTSetup_x86.exe / 32da7c4a01669b93710aaf51b7aba5d0 / EXE
imdisk.cpl / a69179a0a6f84e9eed222beed368f020 / DLL
MSSTMake.exe / 64d41e1e1a0410bf669c1d0820ed4c1f / EXE
imdisk.cpl / 085a36ed3c2cfe0908dfb74118ba7467 / DLL
MSSTMake.exe / 2e9af9e65e109eb9d79f495b4a573e3c / EXE
offreg.dll / b2b03261a0d03cc674713477a1249cc9 / DLL
imdisk.sys / 85e0e6a2e0ff7c2ea46a0ebc9af0e628 / SYS
offreg.dll / 61c48dbb9f317eb4de85470d15d2ba1b / DLL
imdisk.sys / 84bc9bea3de40191ad70227df7ce36c7 / SYS
2058.dll / 3284c83b4b973bc521f4bbaece10a047 / DLL
1046.dll / 90863bb506173f40699ae7f0de61ff90 / DLL
1036.dll / bf6b1454eef8dff70d6ce2e64fe74241 / DLL
1058.dll / ff00509b375efb3fdef199d87512a88e / DLL
1049.dll / c7cc7000fb511bef8d9e439516573e18 / DLL
1042.dll / 329ae115b11ea547fd0c3a920ee62179 / DLL
1028.dll / 4c0946532566dd84e7fa0a6864718bee / DLL
2052.dll / 2466caafb6ab0b64309fa2483012134a / DLL
Disk0_uefi.txt / 06145012b78f1f01e11ab1bce978ce66 / Unknown
Key behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup
Process behavior
Behavior description:创建本地线程
details:TargetProcess: WinNTSetup_x86.exe, InheritedFromPID = 2000, ProcessID = 2136, ThreadID = 2488, StartAddress = 00435B87, Parameter = 0012FF48
TargetProcess: WinNTSetup_x86.exe, InheritedFromPID = 2000, ProcessID = 2136, ThreadID = 2444, StartAddress = 00460338, Parameter = 00F17290
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\Waik_tmp\b86.cab
C:\Documents and Settings\Administrator\Local Settings\Temp\Waik_tmp\w86.cab
C:\Documents and Settings\Administrator\Local Settings\Temp\Waik_tmp\b64.cab
C:\Documents and Settings\Administrator\Local Settings\Temp\Waik_tmp\w64.cab
C:\Documents and Settings\Administrator\Local Settings\Temp\Waik_tmp\w86_new.cab
C:\Documents and Settings\Administrator\Local Settings\Temp\Waik_tmp\w64_new.cab
C:\Documents and Settings\Administrator\Local Settings\Temp\Waik_tmp\wof86.cab
C:\Documents and Settings\Administrator\Local Settings\Temp\Waik_tmp\wof64.cab
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\WinNT-v3.9.2\WinNTSetup_iso.cmd
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\WinNT-v3.9.2\Lang\Language.dll
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\WinNT-v3.9.2\Lang\2052.dll
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
Network behavior
Behavior description:连接指定站点
details:WinHttpConnect: ServerName = do****om, PORT = 80, UserName = , Password = , hSession = 0x01714000, hConnect = 0x01714100, Flags = 0x00000000
Behavior description:打开HTTP连接
details:WinHttpOpen: UserAgent: WinNTSetup/3.0, hSession = 0x01714000
Behavior description:建立到一个指定的套接字连接
details:URL: do****om, IP: **.133.40.**:80, SOCKET = 0x00000154
Behavior description:发送HTTP包
details:GET /download/9/9/F/99F5E440-5EB5-4952-9935-B99662C3DF70/adk/Installers/56dd07dea070851064af5d29cadfac56.cab HTTP/1.1 Range: bytes=0-236504 User-Agent: WinNTSetup/3.0 Host: do****om Connection: Keep-Alive
GET /download/9/9/F/99F5E440-5EB5-4952-9935-B99662C3DF70/adk/Installers/eacac0698d5fa03569c86b25f90113b5.cab HTTP/1.1 Range: bytes=0-265216 User-Agent: WinNTSetup/3.0 Host: do****om Connection: Keep-Alive
GET /download/9/9/F/99F5E440-5EB5-4952-9935-B99662C3DF70/adk/Installers/630e2d20d5f2abcc3403b1d7783db037.cab HTTP/1.1 Range: bytes=0-258321 User-Agent: WinNTSetup/3.0 Host: do****om Connection: Keep-Alive
GET /download/9/9/F/99F5E440-5EB5-4952-9935-B99662C3DF70/adk/Installers/d2611745022d67cf9a7703eb131ca487.cab HTTP/1.1 Range: bytes=0-907264 User-Agent: WinNTSetup/3.0 Host: do****om Connection: Keep-Alive
GET /download/5/D/9/5D915042-FCAA-4859-A1C3-29E198690493/adk/installers/eacac0698d5fa03569c86b25f90113b5.cab HTTP/1.1 Range: bytes=0-319029 User-Agent: WinNTSetup/3.0 Host: do****om Connection: Keep-Alive
GET /download/0/1/C/01CC78AA-B53B-4884-B7EA-74F2878AA79F/adk/Installers/d2611745022d67cf9a7703eb131ca487.cab HTTP/1.1 Range: bytes=0-1082693 User-Agent: WinNTSetup/3.0 Host: do****om Connection: Keep-Alive
GET /download/9/A/E/9AE69DD5-BA93-44E0-864E-180F5E700AB4/adk/Installers/941dd5f1c32c7cec49703f0dfde8eba5.cab HTTP/1.1 Range: bytes=0-111649 User-Agent: WinNTSetup/3.0 Host: do****om Connection: Keep-Alive
GET /download/9/A/E/9AE69DD5-BA93-44E0-864E-180F5E700AB4/adk/Installers/fdfb8cfc2e4d170431fb6b8c67210672.cab HTTP/1.1 Range: bytes=0-128154 User-Agent: WinNTSetup/3.0 Host: do****om Connection: Keep-Alive
Behavior description:打开HTTP请求
details:WinHttpOpenRequest: do****om:80/download/9/9/f/99f5e440-5eb5-4952-9935-b99662c3df70/adk/installers/56dd07dea070851064af5d29cadfac56.cab, hConnect = 0x01714100, hRequest = 0x01770000, Verb: GET, Referer: , Flags = 0x00000040
WinHttpOpenRequest: do****om:80/download/9/9/f/99f5e440-5eb5-4952-9935-b99662c3df70/adk/installers/eacac0698d5fa03569c86b25f90113b5.cab, hConnect = 0x01714100, hRequest = 0x01770000, Verb: GET, Referer: , Flags = 0x00000040
WinHttpOpenRequest: do****om:80/download/9/9/f/99f5e440-5eb5-4952-9935-b99662c3df70/adk/installers/630e2d20d5f2abcc3403b1d7783db037.cab, hConnect = 0x01714100, hRequest = 0x01770000, Verb: GET, Referer: , Flags = 0x00000040
WinHttpOpenRequest: do****om:80/download/9/9/f/99f5e440-5eb5-4952-9935-b99662c3df70/adk/installers/d2611745022d67cf9a7703eb131ca487.cab, hConnect = 0x01714100, hRequest = 0x01770000, Verb: GET, Referer: , Flags = 0x00000040
WinHttpOpenRequest: do****om:80/download/5/d/9/5d915042-fcaa-4859-a1c3-29e198690493/adk/installers/eacac0698d5fa03569c86b25f90113b5.cab, hConnect = 0x01714100, hRequest = 0x01770000, Verb: GET, Referer: , Flags = 0x00000040
WinHttpOpenRequest: do****om:80/download/0/1/c/01cc78aa-b53b-4884-b7ea-74f2878aa79f/adk/installers/d2611745022d67cf9a7703eb131ca487.cab, hConnect = 0x01714100, hRequest = 0x01770000, Verb: GET, Referer: , Flags = 0x00000040
WinHttpOpenRequest: do****om:80/download/9/a/e/9ae69dd5-ba93-44e0-864e-180f5e700ab4/adk/installers/941dd5f1c32c7cec49703f0dfde8eba5.cab, hConnect = 0x01714100, hRequest = 0x01770000, Verb: GET, Referer: , Flags = 0x00000040
WinHttpOpenRequest: do****om:80/download/9/a/e/9ae69dd5-ba93-44e0-864e-180f5e700ab4/adk/installers/fdfb8cfc2e4d170431fb6b8c67210672.cab, hConnect = 0x01714100, hRequest = 0x01770000, Verb: GET, Referer: , Flags = 0x00000040
Behavior description:按名称获取主机地址
details:GetAddrInfoW: do****om
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.EFI
Behavior description:创建事件对象
details:EventName = Global\crypt32LogoffEvent
EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.EFI.IC
EventName = MSCTF.SendReceiveConection.Event.EFI.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:Global\crypt32LogoffEvent
HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:调整进程token权限
details:SE_SYSTEM_ENVIRONMENT_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 2136, Hwnd=0x10348, Text = 确定, ClassName = Button.
Pid = 2136, Hwnd=0x1034a, Text = 取消, ClassName = Button.
Pid = 2136, Hwnd=0x1034e, Text = WinNTSetup 需要 Windows 8 ADK (2 MB) 的某些文件 现在下载吗?, ClassName = Static.
Pid = 2136, Hwnd=0x20346, Text = 所需文件, ClassName = #32770.
Pid = 2136, Hwnd=0x20348, Text = 确定, ClassName = Button.
Pid = 2136, Hwnd=0x50356, Text = 下载 ADK 文件失败!, ClassName = Static.
Pid = 2136, Hwnd=0x3034a, Text = 错误, ClassName = #32770.
Pid = 2136, Hwnd=0x2034e, Text = 加载文件, ClassName = Static.
Pid = 2136, Hwnd=0x30346, Text = 下载 ADK 文件, ClassName = WindowClass_8.
Behavior description:打开互斥体
details:ShimCacheMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号