VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:84
Behavior list
Basic Information
MD5:5e2e5555b724b72ce722fe1b4b22046c
file type:zip
Production company:
version:
Shell or compiler information:PACKER:PeCompact 2.xx --> BitSum Technologies [Overlay] *
Subfile information:flashplayer27ax_ha_install.exe / 059d701fc8359efd7cfdefd40cee27ac / EXE
flashplayer27pp_ha_install.exe / aab56c4ce0addb71712b1a4a88e439c3 / EXE
flashplayer27_ha_install.exe / 54f9123f3e048e7c869e0bcae0bb84a7 / EXE
Key behavior
Behavior description:跨进程写入数据
details:TargetProcess = C:\WINDOWS\explorer.exe, WriteAddress = 0x0007fbc0, Size = 0x00000424 TargetPID = 0x00000db4
Behavior description:设置线程上下文
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\flashplayer27ax_ha_install.exe
Behavior description:获取TickCount值
details:TickCount = 284953, SleepMilliseconds = 60000.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00010342, Text = Adobe Flash Player 安装程序, ClassName = #32770.
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:自删除
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\flashplayer27ax_ha_install.exe
Process behavior
Behavior description:创建进程
details:[0x00000db4]ImagePath = C:\WINDOWS\explorer.exe, CmdLine = explorer.exe
Behavior description:创建本地线程
details:TargetProcess: flashplayer27ax_ha_install.exe, InheritedFromPID = 2000, ProcessID = 2952, ThreadID = 3004, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: flashplayer27ax_ha_install.exe, InheritedFromPID = 2000, ProcessID = 2952, ThreadID = 3036, StartAddress = 6359727B, Parameter = 00276900
TargetProcess: flashplayer27ax_ha_install.exe, InheritedFromPID = 2000, ProcessID = 2952, ThreadID = 3040, StartAddress = 77E56C7D, Parameter = 00279FF0
TargetProcess: flashplayer27ax_ha_install.exe, InheritedFromPID = 2000, ProcessID = 2952, ThreadID = 3044, StartAddress = 769AE43B, Parameter = 024934C0
TargetProcess: flashplayer27ax_ha_install.exe, InheritedFromPID = 2000, ProcessID = 2952, ThreadID = 3048, StartAddress = 35C51A30, Parameter = 0219651C
TargetProcess: flashplayer27ax_ha_install.exe, InheritedFromPID = 2000, ProcessID = 2952, ThreadID = 3052, StartAddress = 35C51A30, Parameter = 0219651C
TargetProcess: flashplayer27ax_ha_install.exe, InheritedFromPID = 2000, ProcessID = 2952, ThreadID = 3056, StartAddress = 35C51A30, Parameter = 0219651C
TargetProcess: flashplayer27ax_ha_install.exe, InheritedFromPID = 2000, ProcessID = 2952, ThreadID = 3060, StartAddress = 35C51A30, Parameter = 0219651C
TargetProcess: flashplayer27ax_ha_install.exe, InheritedFromPID = 2000, ProcessID = 2952, ThreadID = 3064, StartAddress = 0045D2C0, Parameter = 02569A50
TargetProcess: flashplayer27ax_ha_install.exe, InheritedFromPID = 2000, ProcessID = 2952, ThreadID = 3068, StartAddress = 0045D2C0, Parameter = 02569AF0
TargetProcess: flashplayer27ax_ha_install.exe, InheritedFromPID = 2000, ProcessID = 2952, ThreadID = 3072, StartAddress = 004093D0, Parameter = 001A4068
TargetProcess: flashplayer27ax_ha_install.exe, InheritedFromPID = 2000, ProcessID = 2952, ThreadID = 3076, StartAddress = 4A426B97, Parameter = 042FD000
TargetProcess: flashplayer27ax_ha_install.exe, InheritedFromPID = 2000, ProcessID = 2952, ThreadID = 3080, StartAddress = 4A426D10, Parameter = 4A410000
TargetProcess: flashplayer27ax_ha_install.exe, InheritedFromPID = 2000, ProcessID = 2952, ThreadID = 3084, StartAddress = 4A426D10, Parameter = 4A410000
TargetProcess: explorer.exe, InheritedFromPID = 2952, ProcessID = 3508, ThreadID = 3596, StartAddress = 77DC845A, Parameter = 00000000
Behavior description:设置线程上下文
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\flashplayer27ax_ha_install.exe
Behavior description:枚举进程
details:N/A
Behavior description:跨进程写入数据
details:TargetProcess = C:\WINDOWS\explorer.exe, WriteAddress = 0x0007fbc0, Size = 0x00000424 TargetPID = 0x00000db4
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\Adobe_ADMLogs\Adobe_ADM.log
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\160[1]
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\warning_icon_200.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\status_icon_caution_200.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\status_icon_caution_100.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\status_icon_caution_125.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\status_icon_caution_150.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\status_icon_x_200.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\status_icon_x_100.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\status_icon_x_125.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\status_icon_x_150.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\status_icon_check_200.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\status_icon_check_100.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\status_icon_check_125.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\status_icon_check_150.png
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\160[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\SC[1]
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\WINDOWS
FileName = C:\WINDOWS\explorer.exe
FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\*
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\close_200.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\gray_button_200.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\info_icon_100.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\progressbar_blue_active_100.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\progressbar_blue_active_125.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\progressbar_blue_active_150.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\progressbar_blue_active_200.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\progressbar_darkgray_base_100.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\progressbar_darkgray_base_200.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\progressbar_pole_null_100.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\progressbar_pole_null_125.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\progressbar_pole_null_150.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\progressbar_pole_null_200.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\status_icon_caution_100.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\status_icon_caution_125.png
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\Adobe_ADMLogs\Adobe_ADM.log ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Adobe_ADMLogs\Adobe_ADM.log ---> Offset = 2
C:\Documents and Settings\Administrator\Local Settings\Temp\Adobe_ADMLogs\Adobe_ADM.log ---> Offset = 340
C:\Documents and Settings\Administrator\Local Settings\Temp\Adobe_ADMLogs\Adobe_ADM.log ---> Offset = 344
C:\Documents and Settings\Administrator\Local Settings\Temp\Adobe_ADMLogs\Adobe_ADM.log ---> Offset = 590
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\160[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Adobe_ADMLogs\Adobe_ADM.log ---> Offset = 594
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\warning_icon_200.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\status_icon_caution_200.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\status_icon_caution_100.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\status_icon_caution_125.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\status_icon_caution_150.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\status_icon_x_200.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\status_icon_x_100.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\3D95FB0B-9228-44D3-89D9-FF925545AF20\status_icon_x_125.png ---> Offset = 0
Behavior description:自删除
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\flashplayer27ax_ha_install.exe
Network behavior
Behavior description:打开指定IE网页
details:https://ge****om/flashplayer/
Behavior description:连接指定站点
details:WinHttpConnect: ServerName = ge****om, PORT = 443, UserName = , Password = , hSession = 0x042f3000, hConnect = 0x042f3100, Flags = 0x00000000
Behavior description:打开HTTP连接
details:WinHttpOpen: UserAgent: WinHTTP AutoProxy, hSession = 0x042f3000
WinHttpOpen: UserAgent: AAM, hSession = 0x042f3000
Behavior description:建立到一个指定的套接字连接
details:IP: **.0.0.**:1031, SOCKET = 0x00000510
IP: **.0.0.**:1032, SOCKET = 0x00000510
IP: **.0.0.**:1033, SOCKET = 0x00000510
URL: ge****om, IP: **.133.40.**:443, SOCKET = 0x0000053c
IP: **.0.0.**:1034, SOCKET = 0x00000518
IP: **.0.0.**:1036, SOCKET = 0x00000518
IP: **.0.0.**:1037, SOCKET = 0x00000518
IP: **.0.0.**:1038, SOCKET = 0x00000518
IP: **.0.0.**:1039, SOCKET = 0x00000518
IP: **.0.0.**:1040, SOCKET = 0x00000518
IP: **.0.0.**:1041, SOCKET = 0x00000518
IP: **.0.0.**:1042, SOCKET = 0x00000518
IP: **.0.0.**:1043, SOCKET = 0x00000518
IP: **.0.0.**:1044, SOCKET = 0x00000518
IP: **.0.0.**:1045, SOCKET = 0x00000518
Behavior description:打开HTTP请求
details:WinHttpOpenRequest: ge****om:443/flashplayer/webservices/adm/?cname=flashplayer27ax_ha_install.exe&bname=flashplayerax&site=live&type=install&language=cn, hConnect = 0x042f3100, hRequest = 0x04312000, Verb: GET, Referer: , Flags = 0x00800000
Behavior description:按名称获取主机地址
details:GetAddrInfoW: ge****om
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ID
Other behavior
Behavior description:创建互斥体
details:oleacc-msaa-loaded
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Adobe_ADM.log
Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
DDrawWindowListMutex
DDrawDriverObjectListMutex
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Global\crypt32LogoffEvent
EventName = CancelPort{0132A8FC-0683-4694-B681-B0036FAACFDA}
EventName = MSCTF.SendReceive.Event.MIL.IC
EventName = MSCTF.SendReceiveConection.Event.MIL.IC
EventName = Global\userenv: User Profile setup event
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 2952, Hwnd=0x10342, Text = Adobe Flash Player 安装程序, ClassName = #32770.
Behavior description:获取TickCount值
details:TickCount = 284953, SleepMilliseconds = 60000.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00010342, Text = Adobe Flash Player 安装程序, ClassName = #32770.
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Global\crypt32LogoffEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
MSFT.VSA.COM.DISABLE.2952
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Global\SvcctrlStartEvent_A3752DX
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 0.
[2]: MilliSeconds = 60000.
[3]: MilliSeconds = 0.
[4]: MilliSeconds = 0.
Behavior description:隐藏指定窗口
details:[Window,Class] = [Adobe Download Manager,#32770]
[Window,Class] = [Adobe Flash Player 安装程序,#32770]
[Window,Class] = [,Shell Embedding]
[Window,Class] = [,Internet Explorer_Server]
Behavior description:打开互斥体
details:ShimCacheMutex
Local\WininetStartupMutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!IETld!Mutex
CtfmonInstMutexDefaultS-*
RasPbFile
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号