VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:71
Behavior list
Basic Information
MD5:627b31e7857db01a9d12f226a3c52822
file type:Rar
Production company:
version:
Shell or compiler information:
Subfile information:TeamViewer.exe / d05adf2cd408f2bcc40edd15347da929 / EXE
TeamViewer_Desktop.exe / 1f5ed1a053406c855a71aa5ca2324437 / EXE
TeamViewer_StaticRes.dll / c777b85e62c8fbda2cefabb6a5f59439 / DLL
TeamViewer_Resource_el.dll / 3bf13074675b3bd90ce8153e08bb6fad / DLL
TeamViewer_Resource_fr.dll / 9af2e0b26fb303daa59bf0ffc7778d58 / DLL
TeamViewer_Resource_ro.dll / a438e6e62f93255fbf06d4f497835177 / DLL
TeamViewer_Resource_vi.dll / 73ac2ff798fe7d4380e0c5d79e172903 / DLL
TeamViewer_Resource_de.dll / a39f9e5187a71a4b41888688e5487377 / DLL
TeamViewer_Resource_es.dll / db253b32a34435f73f143e183ea70fbb / DLL
TeamViewer_Resource_it.dll / 649ab35d29e403266ad237c94af67bdd / DLL
TeamViewer_Resource_lt.dll / b8319dc95f62c8ec5ed619f913daccf8 / DLL
TeamViewer_Resource_hu.dll / 03148df6a3749eb32ae03b4d1bce79fe / DLL
TeamViewer_Resource_bg.dll / 9c6fe86df41a83de8c2c3686a533c08a / DLL
TeamViewer_Resource_pl.dll / 1a4eb14975afc25c501219ab07d8364f / DLL
TeamViewer_Resource_nl.dll / b542e75625ab1f7382f7ceb077bace95 / DLL
TeamViewer_Resource_uk.dll / bf5c388c900e91d659fd11342c5d7974 / DLL
TeamViewer_Resource_ru.dll / db5b279d9c63aa76f69b13aa7a6c5d44 / DLL
TeamViewer_Resource_hr.dll / ab09a38061589ff33e13c8c26addca3c / DLL
TeamViewer_Resource_pt.dll / e4bf2ca1089a61c83b7e6510b8026c51 / DLL
Key behavior
Behavior description:直接调用系统关键API
details:Index = 0x000000FE, Name: NtQuerySection, Instruction Address = 0x01CBC246
Behavior description:获取TickCount值
details:TickCount = 218812, SleepMilliseconds = 60000.
TickCount = 218828, SleepMilliseconds = 60000.
TickCount = 218843, SleepMilliseconds = 60000.
TickCount = 219109, SleepMilliseconds = 60000.
TickCount = 219234, SleepMilliseconds = 60000.
TickCount = 219265, SleepMilliseconds = 60000.
TickCount = 219296, SleepMilliseconds = 60000.
TickCount = 219328, SleepMilliseconds = 60000.
TickCount = 219437, SleepMilliseconds = 60000.
TickCount = 219453, SleepMilliseconds = 60000.
TickCount = 219468, SleepMilliseconds = 60000.
TickCount = 219484, SleepMilliseconds = 60000.
TickCount = 220812, SleepMilliseconds = 60000.
TickCount = 220828, SleepMilliseconds = 60000.
TickCount = 220921, SleepMilliseconds = 60000.
Behavior description:直接获取CPU时钟
details:EAX = 0x7239c643, EDX = 0x00000083
EAX = 0x821561c9, EDX = 0x00000083
EAX = 0x9f199959, EDX = 0x00000083
EAX = 0xa9ba6672, EDX = 0x00000083
EAX = 0xa9ba66be, EDX = 0x00000083
EAX = 0xa9ba670a, EDX = 0x00000083
EAX = 0xa9ba6756, EDX = 0x00000083
EAX = 0xa9ba67a2, EDX = 0x00000083
EAX = 0xa9ba67ee, EDX = 0x00000083
EAX = 0xa9ba683a, EDX = 0x00000083
Behavior description:获取User基本信息
details:Level = 10.
Behavior description:篡改父进程
details:Child: svchost.exe, Parent: svchost.exe(True) ---> TeamViewer_peid.exe(Fake)
Process behavior
Behavior description:枚举进程
details:N/A
Behavior description:篡改父进程
details:Child: svchost.exe, Parent: svchost.exe(True) ---> TeamViewer_peid.exe(Fake)
File behavior
Behavior description:创建文件
details:C:\Users\Administrator\AppData\Roaming\TeamViewer\TeamViewer12_Logfile.log
Behavior description:查找文件
details:FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\*
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\*
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\*
FileName = C:\Program Files
FileName = C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\*
FileName = C:\Users\Administrator\AppData\Roaming\Mozilla\Profiles\default\*
FileName = C:\Users
FileName = C:\Users\Administrator\AppData
FileName = C:\Users\Administrator\AppData\Local
FileName = C:\Users\Administrator\AppData\Local\Temp
FileName = C:\Users\Administrator\AppData\Local\%temp%
Network behavior
Behavior description:打开HTTP连接
details:WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate), hSession = 0x04530a18
Behavior description:建立到一个指定的套接字连接
details:URL: pi****om, IP: **.133.40.**:128, SOCKET = 0x00000684
IP: **.0.0.**:49161, SOCKET = 0x0000068c
Behavior description:按名称获取主机地址
details:GetAddrInfoW: pi****om
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Direct3D\MostRecentApplication\Name
\REGISTRY\MACHINE\SOFTWARE\TeamViewer\DefaultSettings\Autostart_GUI
\REGISTRY\USER\S-*\Software\Microsoft\ActiveMovie\devenum\Version
Other behavior
Behavior description:直接调用系统关键API
details:Index = 0x000000FE, Name: NtQuerySection, Instruction Address = 0x01CBC246
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:AMResourceMutex3
C__Users_Administrator_AppData_Local_Temp_EB93A6_b70c.exe_7zdump_TeamViewer_peid.exe
TeamViewer_Win32_Instance_Mutex
TeamViewer3_Win32_Instance_Mutex
TeamViewer_DynGateInstanceMutex
Local\!PrivacIE!SharedMemory!Mutex
Local\TeamViewer_LogMutex
Local\TeamViewerHooks_LogBuffer
Local\TeamViewerHooks_Mutex4
Local\TeamViewerHooks_Mutex1
Local\TeamViewerHooks_Mutex5
Local\TeamViewerHooks_DynamicMemMutex
Local\TeamViewerHooks_DirectXBufferMutex
TeamViewerHooks_Loader_w32
eed3bd3a-a1ad-4e99-987b-d7cb3fcfa7f0 - S-*
Behavior description:创建事件对象
details:EventName = Local\TeamViewer_12_0_82216_1_G_Evt_Signal
EventName = Local\TeamViewer_12_0_82216_1_G_Evt_Cancel
EventName = Local\TeamViewerHooks_Command_w32
EventName = Local\TeamViewerHooks_RetCommandDesktop
EventName = Local\TeamViewerHooks_RetCommandAck
EventName = Local\TeamViewerHooks_RetCommandGUI
EventName = TeamViewerHooks_Command_w32
Behavior description:打开互斥体
details:Global\TeamViewer_LogMutex
TeamViewerHooks_Loader_x64
TeamViewerHooks_Loader_w32
Local\MSCTF.Asm.MutexDefault1
TeamViewer_Win32_Instance_Mutex
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [,TeamViewer Manager]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:启动系统服务
details:[服务启动成功]: NT AUTHORITY\LocalService, WinHTTP Web Proxy Auto-Discovery Service, C:\Windows\system32\svchost.exe -k LocalService
[服务启动成功]: LocalSystem, Secondary Logon, C:\Windows\system32\svchost.exe -k netsvcs
Behavior description:窗口信息
details:Pid = 3584, Hwnd=0x20232, Text = 电子邮件, ClassName = Static.
Pid = 3584, Hwnd=0x2022e, Text = 密码, ClassName = Static.
Pid = 3584, Hwnd=0x2022a, Text = 登录, ClassName = Button.
Pid = 3584, Hwnd=0x20228, Text = 使我保持登录状态, ClassName = Button(CheckBox).
Pid = 3584, Hwnd=0x20226, Text = 忘记密码, ClassName = Button.
Pid = 3584, Hwnd=0x20224, Text = 注册, ClassName = Button.
Pid = 3584, Hwnd=0x20238, Text = 计算机和联系人, ClassName = BuddyWindow.
Pid = 3584, Hwnd=0x401b4, Text = 未就绪。请检查您的连接, ClassName = Static.
Pid = 3584, Hwnd=0x30252, Text = 会议, ClassName = Button(RadioButton).
Pid = 3584, Hwnd=0x30248, Text = 远程控制, ClassName = Button(RadioButton).
Pid = 3584, Hwnd=0x70204, Text = 允许远程控制, ClassName = Static.
Pid = 3584, Hwnd=0x40196, Text = 无人值守访问, ClassName = Static.
Pid = 3584, Hwnd=0x40184, Text = 控制远程计算机, ClassName = Static.
Pid = 3584, Hwnd=0x3024a, Text = -, ClassName = Edit.
Pid = 3584, Hwnd=0x801d2, Text = IDC_MAIN_START_WITH_WINDOWS, ClassName = Button(CheckBox).
Behavior description:获取User基本信息
details:Level = 10.
Behavior description:获取TickCount值
details:TickCount = 218812, SleepMilliseconds = 60000.
TickCount = 218828, SleepMilliseconds = 60000.
TickCount = 218843, SleepMilliseconds = 60000.
TickCount = 219109, SleepMilliseconds = 60000.
TickCount = 219234, SleepMilliseconds = 60000.
TickCount = 219265, SleepMilliseconds = 60000.
TickCount = 219296, SleepMilliseconds = 60000.
TickCount = 219328, SleepMilliseconds = 60000.
TickCount = 219437, SleepMilliseconds = 60000.
TickCount = 219453, SleepMilliseconds = 60000.
TickCount = 219468, SleepMilliseconds = 60000.
TickCount = 219484, SleepMilliseconds = 60000.
TickCount = 220812, SleepMilliseconds = 60000.
TickCount = 220828, SleepMilliseconds = 60000.
TickCount = 220921, SleepMilliseconds = 60000.
Behavior description:调整进程token权限
details:SE_DEBUG_PRIVILEGE
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
\KernelObjects\MaximumCommitCondition
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagMICNLIDAAAOAAAAA
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagMKFNLIDAAAOAAAAA
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagIDDNLIDAAAOAAAAA
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagABCNLIDAAAOAAAAA
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagMBDNLIDAAAOAAAAA
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagIGDNLIDAAAOAAAAA
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagAHDNLIDAAAOAAAAA
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagAKCNLIDAAAOAAAAA
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagINBNLIDAAAOAAAAA
Global\SvcctrlStartEvent_A3752DX
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagMMMMLIDAAAOAAAAA
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagIFDNLIDAAAOAAAAA
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagMJNFLIDAAAOAAAAA
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 60000.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 60000.
[5]: MilliSeconds = 60000.
[6]: MilliSeconds = 60000.
[7]: MilliSeconds = 100.
[8]: MilliSeconds = 60000.
[9]: MilliSeconds = 60000.
[10]: MilliSeconds = 60000.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,tooltips_class32]
[Window,Class] = [VPN,Button]
[Window,Class] = [,Button]
[Window,Class] = [,#32770]
[Window,Class] = [中止连接,Button]
Behavior description:获取光标位置
details:CursorPos = (806,18728), SleepMilliseconds = 100.
CursorPos = (7099,26761), SleepMilliseconds = 60000.
CursorPos = (19934,15985), SleepMilliseconds = 60000.
CursorPos = (12243,29619), SleepMilliseconds = 60000.
CursorPos = (27727,24725), SleepMilliseconds = 60000.
CursorPos = (6470,28406), SleepMilliseconds = 60000.
CursorPos = (24046,17088), SleepMilliseconds = 60000.
CursorPos = (10726,752), SleepMilliseconds = 60000.
CursorPos = (3760,12203), SleepMilliseconds = 60000.
CursorPos = (5592,5697), SleepMilliseconds = 60000.
CursorPos = (33156,14865), SleepMilliseconds = 60000.
CursorPos = (4667,414), SleepMilliseconds = 60000.
CursorPos = (1057,12643), SleepMilliseconds = 60000.
CursorPos = (18186,18977), SleepMilliseconds = 60000.
CursorPos = (20483,20156), SleepMilliseconds = 60000.
Behavior description:直接获取CPU时钟
details:EAX = 0x7239c643, EDX = 0x00000083
EAX = 0x821561c9, EDX = 0x00000083
EAX = 0x9f199959, EDX = 0x00000083
EAX = 0xa9ba6672, EDX = 0x00000083
EAX = 0xa9ba66be, EDX = 0x00000083
EAX = 0xa9ba670a, EDX = 0x00000083
EAX = 0xa9ba6756, EDX = 0x00000083
EAX = 0xa9ba67a2, EDX = 0x00000083
EAX = 0xa9ba67ee, EDX = 0x00000083
EAX = 0xa9ba683a, EDX = 0x00000083
Behavior description:导入密钥
details:[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x00441850, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x0043F218, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x0045B130, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x0045B258, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x0045B490, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x004340F8, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x00436250, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x004358D0, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x0045DCF8, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x0045D830, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x0043C370, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x00433310, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x00433250, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x00433140, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x0448E480, DataLen: 276, Flags: 0x00000000
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号