VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:57f4bbe7962b2487bed2a7f3e000d53c
file type:Rar
Production company:
version:
Shell or compiler information:
Subfile information:AdMunch.exedumpFile / f9a34c7d21ebfb6de535610b8c51ae2b / EXE
AdMunch.exe / f9a34c7d21ebfb6de535610b8c51ae2b / EXE
AM64-34121.dlldumpFile / f711cdf0ac714a8b77207983b650b937 / DLL
AM64-34121.dll / f711cdf0ac714a8b77207983b650b937 / DLL
AM32-34121.dlldumpFile / 89e57176dbb7f9b0ddf0d4543ece289c / DLL
AM32-34121.dll / 89e57176dbb7f9b0ddf0d4543ece289c / DLL
AdMunch64.exedumpFile / 378bfb8dd2ab90552356732852e710be / EXE
AdMunch64.exe / 378bfb8dd2ab90552356732852e710be / EXE
AdMunch.dlldumpFile / 3a625215478700e33ac72a19333f7c10 / DLL
AdMunch.dll / 3a625215478700e33ac72a19333f7c10 / DLL
Install.inidumpFile / de09c2be25b218c47b34456b66de05fa / Unknown
Install.ini / de09c2be25b218c47b34456b66de05fa / Unknown
Ad MuncherdumpFile / d41d8cd98f00b204e9800998ecf8427e / Unknown
Key behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:停止系统服务
details:ServiceName = Messenger
Behavior description:设置消息钩子
details:c:\%temp%\1413721091.135098.exe_7zdump\ad muncher\AM32-34121.dll
Behavior description:按名称获取主机地址
details:216.227.221.254
Process behavior
Behavior description:创建新文件进程
details:ImagePath = c:\%temp%\1413721089.526716.exe_7zdump\ad muncher\admunch.exe, CmdLine = /r "216.227.221.254"
ImagePath = c:\%temp%\1413721089.567925.exe_7zdump\ad muncher\admunch.exe, CmdLine = /r "216.227.221.254"
File behavior
Behavior description:写权限映射文件
details:AMIPC_34121_HookDLL_FileMapping
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\%temp%\1413721089.650691.exe_7zdump\Ad Muncher\Config.dat---> Offset = 0
C:\%temp%\1413721089.691933.exe_7zdump\Ad Muncher\Config.dat---> Offset = 0
C:\%temp%\1413721089.733122.exe_7zdump\Ad Muncher\Config.dat---> Offset = 0
C:\%temp%\1413721089.774353.exe_7zdump\Ad Muncher\Config.dat---> Offset = 0
C:\%temp%\1413721089.815533.exe_7zdump\Ad Muncher\Config.dat---> Offset = 0
C:\%temp%\1413721089.856761.exe_7zdump\Ad Muncher\Config.dat---> Offset = 0
C:\%temp%\1413721089.897954.exe_7zdump\Ad Muncher\Config.dat---> Offset = 0
C:\%temp%\1413721089.939208.exe_7zdump\Ad Muncher\Config.dat---> Offset = 0
Network behavior
Behavior description:建立到一个指定的套接字连接
details:127.0.0.1:80
Behavior description:按名称获取主机地址
details:216.227.221.254
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\禁用脚本调试
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\DLG时出错显示的每个错误
Other behavior
Behavior description:创建互斥体
details:AMStartupMutex
AMC32CCMutex
AMIPC_34121_HookDLL_Mutex_Client
AMIPC_34121_HookDLL_Mutex_Server
Behavior description:设置消息钩子
details:c:\%temp%\1413721091.135098.exe_7zdump\ad muncher\AM32-34121.dll
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [AdMuncherMain,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:搜索kernel32.dll基地址
details:Instruction Address = 0x0040225a
Behavior description:停止系统服务
details:ServiceName = Messenger
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号