VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:81
Behavior list
Basic Information
MD5:692e17f76c902156052a52607b38d8cb
file type:zip
Production company:
version:
Shell or compiler information:PACKER:
Subfile information:AdM_v4.94cn.exe / cc186d608fdd6059c0447eaf457a2149 / EXE
upx30_95831a73dumpFile / big file / EXE
Key behavior
Behavior description:隐藏指定窗口
details:[Window,Class] = [< 后退,Button]
[Window,Class] = [,Button]
[Window,Class] = [,#32770]
[Window,Class] = [Ad Muncher v4.94.34121 安装程序,#32770]
[Window,Class] = [缩放级别,ToolbarWindow32]
Behavior description:设置消息钩子
details:C:\Program Files\Ad Muncher\AM32-34121.dll
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ad Muncher
Behavior description:停止系统服务
details:ServiceName = Messenger
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
AMIPC_34121_486546_FileMapping
MSCTF.MarshalInterface.FileMap.MGF..PBNGH
MSCTF.MarshalInterface.FileMap.MGF.B.PCNGH
MSCTF.MarshalInterface.FileMap.MGF.C.PCNGH
MSCTF.MarshalInterface.FileMap.MGF.D.PCNGH
MSCTF.MarshalInterface.FileMap.MGF.E.PCNGH
MSCTF.MarshalInterface.FileMap.MGF.F.PCNGH
MSCTF.MarshalInterface.FileMap.MGF.G.PCNGH
MSCTF.Shared.SFM.MGF
Local\UrlZonesSM_Administrator
AMIPC_34121_HookDLL_FileMapping
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\Feed Arbitration Shared Memory [ User : S-* ]
DfSharedHeap3E0352
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
Behavior description:按名称获取主机地址
details:216.227.221.254
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\Program Files\Ad Muncher\AdMunch.exe, CmdLine = "C:\Program Files\Ad Muncher\AdMunch.exe" /installcomplete 安装
ImagePath = C:\Program Files\Ad Muncher\AdMunch.exe, CmdLine = /r "216.227.221.254"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\All Users\「开始」菜单\程序\Ad Muncher\运行 Ad Muncher.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\Ad Muncher\卸载 Ad Muncher.lnk
Behavior description:创建可执行文件
details:C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Ad Muncher\AdMunch64.exe
C:\Program Files\Ad Muncher\AdMunch.dll
C:\Program Files\Ad Muncher\AM32-34121.dll
C:\Program Files\Ad Muncher\AM64-34121.dll
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Application Data
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Ad Muncher Fault Report*.*
FileName = C:\WINDOWS\system32\AM-Install.exe
FileName = C:\Program Files\Ad Muncher\AM-Install.exe
FileName = C:\Program Files\Ad Muncher\*.tmp
FileName = C:\Program Files\Ad Muncher\Faults\*.htm
FileName = C:\Program Files\Ad Muncher\Faults
FileName = C:\Program Files\Ad Muncher\EX*.dll
FileName = C:\Program Files\Ad Muncher\BrowserExtensions.*
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
AMIPC_34121_486546_FileMapping
MSCTF.MarshalInterface.FileMap.MGF..PBNGH
MSCTF.MarshalInterface.FileMap.MGF.B.PCNGH
MSCTF.MarshalInterface.FileMap.MGF.C.PCNGH
MSCTF.MarshalInterface.FileMap.MGF.D.PCNGH
MSCTF.MarshalInterface.FileMap.MGF.E.PCNGH
MSCTF.MarshalInterface.FileMap.MGF.F.PCNGH
MSCTF.MarshalInterface.FileMap.MGF.G.PCNGH
MSCTF.Shared.SFM.MGF
Local\UrlZonesSM_Administrator
AMIPC_34121_HookDLL_FileMapping
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\Feed Arbitration Shared Memory [ User : S-* ]
DfSharedHeap3E0352
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
Behavior description:修改文件内容
details:C:\Program Files\Ad Muncher\Install.ini---> Offset = 0
C:\Program Files\Ad Muncher\Install.ini---> Offset = 58
C:\Program Files\Ad Muncher\Install.ini---> Offset = 121
C:\Program Files\Ad Muncher\Install.ini---> Offset = 188
C:\Program Files\Ad Muncher\Install.ini---> Offset = 237
C:\Program Files\Ad Muncher\Install.ini---> Offset = 288
C:\Program Files\Ad Muncher\Install.ini---> Offset = 349
C:\Program Files\Ad Muncher\Install.ini---> Offset = 414
C:\Program Files\Ad Muncher\Install.ini---> Offset = 453
C:\Program Files\Ad Muncher\Install.ini---> Offset = 503
C:\Program Files\Ad Muncher\Install.ini---> Offset = 546
C:\Program Files\Ad Muncher\Install.ini---> Offset = 568
C:\Program Files\Ad Muncher\Install.ini---> Offset = 587
C:\Program Files\Ad Muncher\Install.ini---> Offset = 609
C:\Program Files\Ad Muncher\Install.ini---> Offset = 636
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = go.microsoft.com, PORT = 443
Behavior description:打开HTTP请求
details:HttpOpenRequestA: go.microsoft.com:443/fwlink/?linkid=141260, hConnect = 0x0000063c
Behavior description:按名称获取主机地址
details:216.227.221.254
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\AdMuncher\AppPath
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad Muncher\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad Muncher\UninstallString
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Ad Muncher\AdMunch.exe
\REGISTRY\MACHINE\SOFTWARE\AdMuncher\MigrateDone
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\禁止脚本测试
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\每次出错时均显示错误对话框
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\SearchScopes\Version
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\SearchScopes\UpgradeTime
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\DisplayName
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\ErrorState
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\DisplayMask
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1\DisplayName
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1\ErrorState
Behavior description:删除注册表键值_删除启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ad Muncher
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Run\Ad Muncher
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Expiration
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1\Expiration
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ad Muncher
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
AMIPC_34121_486546_Mutex_Client
AMIPC_34121_486546_Mutex_Server
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MGF
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
AMStartupMutex
Behavior description:内联HOOK
details:C:\WINDOWS\system32\WS2_32.dll--->connect Offset = 0x0
C:\WINDOWS\system32\WS2_32.dll--->WSAConnect Offset = 0x0
C:\WINDOWS\system32\WS2_32.dll--->getsockname Offset = 0x0
C:\WINDOWS\system32\WS2_32.dll--->getpeername Offset = 0x0
C:\Windows\System32\WS2_32.dll--->connect Offset = 0x0
C:\Windows\System32\WS2_32.dll--->WSAConnect Offset = 0x0
C:\Windows\System32\WS2_32.dll--->getsockname Offset = 0x0
C:\Windows\System32\WS2_32.dll--->getpeername Offset = 0x0
Behavior description:设置消息钩子
details:C:\Program Files\Ad Muncher\AM32-34121.dll
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
NtUserFindWindowEx: [Class,Window] = [AdMuncherMain,]
NtUserFindWindowEx: [Class,Window] = [Static,]
Behavior description:枚举窗口
details:N/A
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:搜索kernel32.dll基地址
details:Instruction Address = 0x0040225a
Behavior description:窗口信息
details:Pid = 1856, Hwnd=0x202cc, Text = 安装位置, ClassName = Static.
Pid = 1856, Hwnd=0x10312, Text = 想要保持版本与时俱进,请键入你的邮箱地址:, ClassName = Static.
Pid = 1856, Hwnd=0x102f2, Text = 注意:你可以使用环境参数来代替真实路径,如:   %ADMUNCHERDIR% = Ad Muncher 程序所在文件夹   %LOCALAPPDATA% = 当前用户的 "appd, ClassName = Static.
Pid = 1856, Hwnd=0x102f4, Text = 选择用于保存 Ad Muncher 设置的文件夹。 它必须可被你所允许修改配置的其它用户写入。, ClassName = Static.
Pid = 1856, Hwnd=0x102f8, Text = 浏览..., ClassName = Button.
Pid = 1856, Hwnd=0x102fa, Text = 选择用于保存 Ad Muncher 规则清单和授权信息的文件夹。 它必须是本机中的一个公共文件夹,并可被任何用户写入。, ClassName = Static.
Pid = 1856, Hwnd=0x102fe, Text = 浏览..., ClassName = Button.
Pid = 1856, Hwnd=0x202aa, Text = 使用右侧的滚动条来阅读许可协议的其余部分。, ClassName = Static.
Pid = 1856, Hwnd=0x402be, Text = 若你同意此许可协议的全部条款,点击【我同意】继续安装。, ClassName = Static.
Pid = 1856, Hwnd=0x202c6, Text = 安装程序将安装 Ad Muncher v4.94.34121 到下面的文件夹中。要安装到其它的文件夹,请点击【浏览】另选一个文件夹。点击【继续】则继续安装, ClassName = Static.
Pid = 1856, Hwnd=0x302da, Text = 目录文件夹, ClassName = Button(GroupBox).
Pid = 1856, Hwnd=0x302b8, Text = C:\Program Files\Ad Muncher, ClassName = Edit.
Pid = 1856, Hwnd=0x202b0, Text = 浏览(&R)..., ClassName = Button.
Pid = 1856, Hwnd=0x202b4, Text = 选择 Ad Muncher v4.94.34121 的安装位置, ClassName = Static.
Pid = 1856, Hwnd=0x302bc, Text = 汉化后花园作品, ClassName = Static.
Behavior description:停止系统服务
details:ServiceName = Messenger
Behavior description:隐藏指定窗口
details:[Window,Class] = [< 后退,Button]
[Window,Class] = [,Button]
[Window,Class] = [,#32770]
[Window,Class] = [Ad Muncher v4.94.34121 安装程序,#32770]
[Window,Class] = [缩放级别,ToolbarWindow32]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号