VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:60
Behavior list
Behavior analysis report:         Threatbook file behavior analysis report
Basic Information
MD5:59d75bb5d2d4bf4e8cf16547d8b770d7
file type:EXE
Production company:
version:0.10.0.2---0.10.0.2
Shell or compiler information:PACKER:UPX V2.00-V3.00 -> Markus Oberhumer & Laszlo Molnar & John Reiser [Overlay] *
Subfile information:upx30_c73c4077dumpFile / ec2704195d9833900984925a30bb20e8 / EXE
Key behavior
Behavior description:直接获取CPU时钟
details:EAX = 0x1e462268, EDX = 0x0000039e
EAX = 0x30d4bd1e, EDX = 0x0000039e
EAX = 0x559b9258, EDX = 0x0000039e
File behavior
Behavior description:查找文件
details:FileName = C:\Users
FileName = C:\Users\Administrator\AppData
FileName = C:\Users\Administrator\AppData\Local
FileName = C:\Users\Administrator\AppData\Local\Temp
FileName = C:\Users\Administrator\AppData\Local\%temp%
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\VukHemuaAKCcf5Zi2PVsNMzzAQUAGYgc
Other behavior
Behavior description:直接获取CPU时钟
details:EAX = 0x1e462268, EDX = 0x0000039e
EAX = 0x30d4bd1e, EDX = 0x0000039e
EAX = 0x559b9258, EDX = 0x0000039e
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Behavior description:隐藏指定窗口
details:[Window,Class] = [AutoIt v3,AutoIt v3]
Run screenshot
VirSCAN