VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:627a62014174874b07598e328b11c94a
file type:Rar5
Production company:
version:
Shell or compiler information:
Subfile information:Config.ini / a68873787cdce551587b0119c1cda5bb / Unknown
LBrowser.HouDao.exe / 7080f399035e3febf338edd0d970f7f6 / EXE
Key behavior
Behavior description:直接调用系统关键API
details:Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x007C2A2B
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x007C2A2B
Index = 0x000000B2, Name: NtQueryVirtualMemory, Instruction Address = 0x007C2A2B
Behavior description:直接获取CPU时钟
details:EAX = 0x830ec57d, EDX = 0x000000b6
EAX = 0x830ec5c9, EDX = 0x000000b6
EAX = 0x830ec615, EDX = 0x000000b6
EAX = 0x830ec661, EDX = 0x000000b6
EAX = 0x830ec6ad, EDX = 0x000000b6
EAX = 0x85969636, EDX = 0x000000b6
EAX = 0x85969682, EDX = 0x000000b6
EAX = 0x859696ce, EDX = 0x000000b6
EAX = 0x8596971a, EDX = 0x000000b6
EAX = 0x85969766, EDX = 0x000000b6
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00010354, DC = 0x01010057.
Foreground window Info: HWND = 0x0001034e, DC = 0x01010057.
Foreground window Info: HWND = 0x0001034a, DC = 0x01010057.
Foreground window Info: HWND = 0x0001035c, DC = 0x01010057.
Foreground window Info: HWND = 0x0001035c, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010356, DC = 0x01010057.
Foreground window Info: HWND = 0x00010354, DC = 0x1701068b.
Behavior description:获取TickCount值
details:TickCount = 280625, SleepMilliseconds = 60000.
TickCount = 280640, SleepMilliseconds = 60000.
TickCount = 280656, SleepMilliseconds = 60000.
TickCount = 282078, SleepMilliseconds = 60000.
TickCount = 282140, SleepMilliseconds = 60000.
TickCount = 282312, SleepMilliseconds = 60000.
TickCount = 282328, SleepMilliseconds = 60000.
TickCount = 282390, SleepMilliseconds = 60000.
TickCount = 282578, SleepMilliseconds = 60000.
TickCount = 290281, SleepMilliseconds = 60000.
TickCount = 290296, SleepMilliseconds = 60000.
TickCount = 294187, SleepMilliseconds = 60000.
TickCount = 294203, SleepMilliseconds = 60000.
TickCount = 294468, SleepMilliseconds = 60000.
TickCount = 307218, SleepMilliseconds = 60000.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: LBrowser.HouDao.exe, InheritedFromPID = 2000, ProcessID = 2728, ThreadID = 2740, StartAddress = 77C0A341, Parameter = 00F76CF0
TargetProcess: LBrowser.HouDao.exe, InheritedFromPID = 2000, ProcessID = 2728, ThreadID = 2760, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: LBrowser.HouDao.exe, InheritedFromPID = 2000, ProcessID = 2728, ThreadID = 2768, StartAddress = 77E56C7D, Parameter = 001BDE80
TargetProcess: LBrowser.HouDao.exe, InheritedFromPID = 2000, ProcessID = 2728, ThreadID = 2772, StartAddress = 769AE43B, Parameter = 001BCC38
TargetProcess: LBrowser.HouDao.exe, InheritedFromPID = 2000, ProcessID = 2728, ThreadID = 2888, StartAddress = 4AEA7456, Parameter = 00000000
Behavior description:枚举进程
details:N/A
Network behavior
Behavior description:连接指定站点
details:WinHttpConnect: ServerName = up****om, PORT = 80, UserName = , Password = , hSession = 0x01414100, hConnect = 0x01414200, Flags = 0x00000000
Behavior description:打开HTTP连接
details:WinHttpOpen: UserAgent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2), hSession = 0x01414000
WinHttpOpen: UserAgent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2), hSession = 0x01414100
Behavior description:建立到一个指定的套接字连接
details:URL: up****om, IP: **.133.40.**:80, SOCKET = 0x000001e0
Behavior description:发送HTTP包
details:GET /gapi?key=7c90941cf4ba4e11c94dc12afb069d15&type=sn,sv,su,sp,st HTTP/1.1 Accept: */* Accept-Language: zh-cn Cache-Control: no-cache User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2) Host: up****om Connection: Keep-Alive
Behavior description:打开HTTP请求
details:WinHttpOpenRequest: up****om:80/gapi?key=7c90941cf4ba4e11c94dc12afb069d15&type=sn,sv,su,sp,st, hConnect = 0x01414200, hRequest = 0x017c0000, Verb: GET, Referer: , Flags = 0x00000000
Behavior description:按名称获取主机地址
details:GetAddrInfoW: up****om
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x32(BGR 0)
Other behavior
Behavior description:直接调用系统关键API
details:Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x007C2A2B
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x007C2A2B
Index = 0x000000B2, Name: NtQueryVirtualMemory, Instruction Address = 0x007C2A2B
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.MKK
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.MKK.IC
EventName = MSCTF.SendReceiveConection.Event.MKK.IC
Behavior description:打开互斥体
details:ShimCacheMutex
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 2728, Hwnd=0x10366, Text = 开始运行, ClassName = _EL_HyperLinker.
Pid = 2728, Hwnd=0x10364, Text = 相关设置, ClassName = _EL_HyperLinker.
Pid = 2728, Hwnd=0x1035c, Text = 信息输出, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2728, Hwnd=0x10354, Text = Login:-1, ClassName = msctls_statusbar32.
Pid = 2728, Hwnd=0x10356, Text = , ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2728, Hwnd=0x1034e, Text = —, ClassName = Button.
Pid = 2728, Hwnd=0x1034a, Text = ×, ClassName = Button.
Pid = 2728, Hwnd=0x10348, Text = 登录账号, ClassName = _EL_HyperLinker.
Behavior description:搜索kernel32.dll基地址
details:Instruction Address = 0x00a8741f
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
MSFT.VSA.COM.DISABLE.2728
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceive.Event.IOH.IC
MSCTF.SendReceiveConection.Event.IOH.IC
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00010354, DC = 0x01010057.
Foreground window Info: HWND = 0x0001034e, DC = 0x01010057.
Foreground window Info: HWND = 0x0001034a, DC = 0x01010057.
Foreground window Info: HWND = 0x0001035c, DC = 0x01010057.
Foreground window Info: HWND = 0x0001035c, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010356, DC = 0x01010057.
Foreground window Info: HWND = 0x00010354, DC = 0x1701068b.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 0.
[2]: MilliSeconds = 0.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 0.
[5]: MilliSeconds = 250.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,tooltips_class32]
[Window,Class] = [登录账号,_EL_HyperLinker]
[Window,Class] = [相关设置,_EL_HyperLinker]
[Window,Class] = [开始运行,_EL_HyperLinker]
[Window,Class] = [,Comet.Shadow]
Behavior description:获取TickCount值
details:TickCount = 280625, SleepMilliseconds = 60000.
TickCount = 280640, SleepMilliseconds = 60000.
TickCount = 280656, SleepMilliseconds = 60000.
TickCount = 282078, SleepMilliseconds = 60000.
TickCount = 282140, SleepMilliseconds = 60000.
TickCount = 282312, SleepMilliseconds = 60000.
TickCount = 282328, SleepMilliseconds = 60000.
TickCount = 282390, SleepMilliseconds = 60000.
TickCount = 282578, SleepMilliseconds = 60000.
TickCount = 290281, SleepMilliseconds = 60000.
TickCount = 290296, SleepMilliseconds = 60000.
TickCount = 294187, SleepMilliseconds = 60000.
TickCount = 294203, SleepMilliseconds = 60000.
TickCount = 294468, SleepMilliseconds = 60000.
TickCount = 307218, SleepMilliseconds = 60000.
Behavior description:直接获取CPU时钟
details:EAX = 0x830ec57d, EDX = 0x000000b6
EAX = 0x830ec5c9, EDX = 0x000000b6
EAX = 0x830ec615, EDX = 0x000000b6
EAX = 0x830ec661, EDX = 0x000000b6
EAX = 0x830ec6ad, EDX = 0x000000b6
EAX = 0x85969636, EDX = 0x000000b6
EAX = 0x85969682, EDX = 0x000000b6
EAX = 0x859696ce, EDX = 0x000000b6
EAX = 0x8596971a, EDX = 0x000000b6
EAX = 0x85969766, EDX = 0x000000b6
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号