VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:55
Behavior list
Basic Information
MD5:6558b72041b2f402f46dd163eb552da1
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:PE+(64)
Subfile information:CCleaner64.exe / 7e2417f5da5476f15da1952da67d1ed7 / EXE
CCleaner.exe / 77f6bc2aeb56ca83c308844ca885e427 / EXE
branding.dll / 1300b6b2307f6d14b794f52373c5c3bb / DLL
ccleaner.ini / ceb14536d77787a28f00b605442fae8c / Unknown
CCleaner.dat / 522be3ca69d7b7c3892441bb0f462109 / Unknown
CCleanerdumpFile / d41d8cd98f00b204e9800998ecf8427e / Unknown
Key behavior
Behavior description:获取文件属性探测虚拟机
details:GetFileAttributes: FileName = C:\Users\Administrator\.VirtualBox\
GetFileAttributes: FileName = C:\ProgramData\VMware\VMware Workstation
Behavior description:直接获取CPU时钟
details:EAX = 0xe3fe39e3, EDX = 0x00000079
EAX = 0xe6b1395f, EDX = 0x00000079
EAX = 0xe6b139ab, EDX = 0x00000079
EAX = 0xebec0864, EDX = 0x00000079
EAX = 0xf3d9d64d, EDX = 0x00000079
EAX = 0x109e00e1, EDX = 0x0000007a
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建文件
details:C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DYP39JG5PMU0GAL6385C.temp
Behavior description:重命名文件
details:C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DYP39JG5PMU0GAL6385C.temp ---> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\56c69478058e441b.customDestinations-ms
Behavior description:获取文件属性探测虚拟机
details:GetFileAttributes: FileName = C:\Users\Administrator\.VirtualBox\
GetFileAttributes: FileName = C:\ProgramData\VMware\VMware Workstation
Behavior description:修改文件内容
details:C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\CCleaner\ccleaner.ini ---> Offset = 148
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\CCleaner\ccleaner.ini ---> Offset = 150
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DYP39JG5PMU0GAL6385C.temp ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DYP39JG5PMU0GAL6385C.temp ---> Offset = 4096
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DYP39JG5PMU0GAL6385C.temp ---> Offset = 8192
Behavior description:查找文件
details:FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\*
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\*
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\*
FileName = C:\Users
FileName = C:\Users\Administrator\AppData
FileName = C:\Users\Administrator\AppData\Local
FileName = C:\Users\Administrator\AppData\Local\Temp
FileName = C:\Users\Administrator\AppData\Local\%temp%
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\CCleaner
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\CCleaner\CCleaner.exe
FileName = C:\Windows.old*
FileName = C:\Users\Administrator\AppData\Roaming\Opera\*
FileName = C:\Program Files\Opera\*
FileName = C:\Users\Administrator\AppData\Local\Opera\*
FileName = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\*
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:Piriform_CCleaner_PreventSecondInstance
Piriform_CCleaner_SystemTrayIconActive
Piriform_CCleaner_PreventSecondRegistration
_SHuassist.mtx
Behavior description:隐藏指定窗口
details:[Window,Class] = [Update available,Button]
[Window,Class] = [&Upgrade,Button]
[Window,Class] = [,Edit]
[Window,Class] = [,msctls_progress32]
Behavior description:直接获取CPU时钟
details:EAX = 0xe3fe39e3, EDX = 0x00000079
EAX = 0xe6b1395f, EDX = 0x00000079
EAX = 0xe6b139ab, EDX = 0x00000079
EAX = 0xebec0864, EDX = 0x00000079
EAX = 0xf3d9d64d, EDX = 0x00000079
EAX = 0x109e00e1, EDX = 0x0000007a
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Global\SvcctrlStartEvent_A3752DX
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
\KernelObjects\MaximumCommitCondition
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagICBJOEBAMLOAAAAA
Behavior description:窗口信息
details:Pid = 3772, Hwnd=0x40138, Text = 分析(&A), ClassName = Button.
Pid = 3772, Hwnd=0x8019c, Text = 运行清理(&R), ClassName = Button.
Pid = 3772, Hwnd=0x501d4, Text = Update available, ClassName = Button.
Pid = 3772, Hwnd=0x70204, Text = 清理(&C), ClassName = Button.
Pid = 3772, Hwnd=0x40196, Text = 注册表(&G), ClassName = Button.
Pid = 3772, Hwnd=0x40184, Text = 工具(&T), ClassName = Button.
Pid = 3772, Hwnd=0x401b6, Text = 选项(&O), ClassName = Button.
Pid = 3772, Hwnd=0x3024a, Text = 升级(&U), ClassName = Button.
Pid = 3772, Hwnd=0x801ac, Text = Piriform CCleaner - Professional Edition, ClassName = PiriformCCleaner.
Behavior description:打开互斥体
details:Local\MSCTF.Asm.MutexDefault1
Behavior description:导入密钥
details:[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x003AF7A8, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x003AD348, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x003CA9E0, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x003CB520, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x003CB5C8, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x003CBBA0, DataLen: 276, Flags: 0x00000000
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号