VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:20
Behavior list
Basic Information
MD5:571cc8a0e50e965e60701681bfd2e840
file type:Rar
Production company:
version:
Shell or compiler information:PACKER:ASPack 2.12 -> Alexey Solodovnikov
Subfile information:QQ单向好友.exe / c21da549f7112984d6d38af6854a22c3 / EXE
aspack212r_dc3d9796dumpFile / f9f5d8470c8c576479e890cef80624bf / EXE
使用前必看.txt / ef41656a57a63bc54f9d6dd4d64ee6da / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MJB..LJIGH
MSCTF.MarshalInterface.FileMap.MJB.B.LJIGH
MSCTF.MarshalInterface.FileMap.MJB.C.LJIGH
MSCTF.MarshalInterface.FileMap.MJB.D.LJIGH
MSCTF.MarshalInterface.FileMap.MJB.E.LJIGH
MSCTF.MarshalInterface.FileMap.MJB.F.LJIGH
MSCTF.MarshalInterface.FileMap.MJB.G.LJIGH
MSCTF.Shared.SFM.MJB
Behavior description:连接QQ登录服务器
details:InternetConnectA: ServerName = ptlogin2.qq.com, PORT = 80
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Edit]
[Window,Class] = [,Afx:400000:8:10011:1900015:0]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MJB..LJIGH
MSCTF.MarshalInterface.FileMap.MJB.B.LJIGH
MSCTF.MarshalInterface.FileMap.MJB.C.LJIGH
MSCTF.MarshalInterface.FileMap.MJB.D.LJIGH
MSCTF.MarshalInterface.FileMap.MJB.E.LJIGH
MSCTF.MarshalInterface.FileMap.MJB.F.LJIGH
MSCTF.MarshalInterface.FileMap.MJB.G.LJIGH
MSCTF.Shared.SFM.MJB
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1444965186.762755.exe_7zdump\2014最新QQ好友批量查询删除单向QQ好友软件\QQ单向好友.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qrc.png
FileName =
Network behavior
Behavior description:连接QQ登录服务器
details:InternetConnectA: ServerName = ptlogin2.qq.com, PORT = 80
Behavior description:下载文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qrc.png
Behavior description:读取网络文件
details:hFile = 0x00000658, BytesToRead =10240, BytesRead = 10240.
hFile = 0x00000648, BytesToRead =512, BytesRead = 512.
hFile = 0x00000654, BytesToRead =512, BytesRead = 512.
hFile = 0x00000644, BytesToRead =512, BytesRead = 512.
hFile = 0x0000064c, BytesToRead =512, BytesRead = 512.
Behavior description:打开HTTP请求
details:HttpOpenRequestA: ptlogin2.qq.com:80/ptqrshow?appid=549000912&e=2&l=m&s=3&d=72&v=4&t=0.6169928649913426&daid=5, hConnect = 0x0000065c
HttpOpenRequestA: ptlogin2.qq.com:80/ptqrlogin?u1=http%3a%2f%2fqzs.qq.com%2fqzone%2fv5%2floginsucc.html%3fpara%3dizone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=16-44-1412049235444&js_ver=10095&js_type=1&login_sig=&pt_uistyle=32&aid=549000912&daid
Other behavior
Behavior description:创建互斥体
details:RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MJB
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 1360, Hwnd=0x302da, Text = 请使用QQ手机版扫描二维码安全登录, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 1360, Hwnd=0x202c8, Text = QQ扫一扫安全登录, ClassName = WTWindow.
Pid = 1360, Hwnd=0x202d8, Text = 重新查询, ClassName = Afx:400000:b:102f5:1900015:0.
Pid = 1360, Hwnd=0x302dc, Text = 菲菲博客网,欢迎您的使用!, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 1360, Hwnd=0x202d4, Text = QQ单向好友查询器, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 1360, Hwnd=0x202d6, Text = 更多QQ技术 >, ClassName = Afx:400000:b:102f5:1900015:0.
Pid = 1360, Hwnd=0x202a8, Text = QQ单向好友查询器V2.0 - 菲菲博客网, ClassName = WTWindow.
Pid = 1360, Hwnd=0x302dc, Text = 登录失败,请重试!, ClassName = Afx:400000:b:10011:1900015:0.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Edit]
[Window,Class] = [,Afx:400000:8:10011:1900015:0]
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qrc.jpg
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号