VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:50
Behavior list
Basic Information
MD5:6b135c49cf84221745e7607389db0eb4
file type:EXE
Production company:
version:
Shell or compiler information:COMPILER:Borland Delphi 6.0 - 7.0
Key behavior
Behavior description:设置特殊文件属性
details:C:\ginstall.exe
C:\222c25ed\IE8-Setup-Full\gIE-REDIST.EXE
C:\222c25ed\IE8-Setup-Full\ginstallservices.exe
C:\Python27\gpython.exe
C:\Python27\gpython2.7.exe
C:\Python27\gpython2.exe
C:\Python27\gpythonw.exe
C:\Python27\gpythonw2.7.exe
C:\Python27\gpythonw2.exe
C:\Python27\gw9xpopen.exe
C:\Python27\Lib\distutils\command\gwininst-6.0.exe
C:\Python27\Lib\distutils\command\gwininst-7.1.exe
C:\Python27\Lib\distutils\command\gwininst-8.0.exe
C:\Python27\Lib\distutils\command\gwininst-9.0-amd64.exe
C:\Python27\Lib\distutils\command\gwininst-9.0.exe
Behavior description:查找文件方式探测虚拟机
details:FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序\Oracle VM VirtualBox Guest Additions\*.exe*
FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序\Oracle VM VirtualBox Guest Additions\*.*
FindFirstFileEx: FileName = C:\WINDOWS\Temp\vmware-SYSTEM\*.exe*
FindFirstFileEx: FileName = C:\WINDOWS\Temp\vmware-SYSTEM\*.*
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Application Data\Ground.exe
C:\install.exe
C:\ginstall.ico
C:\RCX3.tmp
C:\222c25ed\IE8-Setup-Full\IE-REDIST.EXE
C:\222c25ed\IE8-Setup-Full\gIE-REDIST.ico
C:\222c25ed\IE8-Setup-Full\installservices.exe
C:\222c25ed\IE8-Setup-Full\ginstallservices.ico
C:\222c25ed\IE8-Setup-Full\RCX4.tmp
C:\Python27\python.exe
C:\Python27\gpython.ico
C:\Python27\RCX5.tmp
C:\Python27\python2.7.exe
C:\Python27\gpython2.7.ico
C:\Python27\RCX6.tmp
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Application Data\Ground.exe
C:\install.exe
C:\RCX3.tmp
C:\222c25ed\IE8-Setup-Full\IE-REDIST.EXE
C:\222c25ed\IE8-Setup-Full\installservices.exe
C:\222c25ed\IE8-Setup-Full\RCX4.tmp
C:\Python27\python.exe
C:\Python27\RCX5.tmp
C:\Python27\python2.7.exe
C:\Python27\RCX6.tmp
C:\Python27\python2.exe
C:\Python27\RCX7.tmp
C:\Python27\pythonw.exe
C:\Python27\RCX8.tmp
C:\Python27\pythonw2.7.exe
Behavior description:删除文件
details:C:\install.exe
C:\ginstall.ico
C:\222c25ed\IE8-Setup-Full\installservices.exe
C:\222c25ed\IE8-Setup-Full\ginstallservices.ico
C:\Python27\python.exe
C:\Python27\gpython.ico
C:\Python27\python2.7.exe
C:\Python27\gpython2.7.ico
C:\Python27\python2.exe
C:\Python27\gpython2.ico
C:\Python27\pythonw.exe
C:\Python27\gpythonw.ico
C:\Python27\pythonw2.7.exe
C:\Python27\gpythonw2.7.ico
C:\Python27\pythonw2.exe
Behavior description:覆盖已有文件
details:C:\RCX3.tmp
C:\222c25ed\IE8-Setup-Full\RCX4.tmp
C:\Python27\RCX5.tmp
C:\Python27\RCX6.tmp
C:\Python27\RCX7.tmp
C:\Python27\RCX8.tmp
C:\Python27\RCX9.tmp
C:\Python27\RCXA.tmp
C:\Python27\Lib\site-packages\pythonwin\RCXB.tmp
C:\WINDOWS\RCXC.tmp
C:\WINDOWS\RCXD.tmp
C:\WINDOWS\RCXE.tmp
C:\WINDOWS\RCXF.tmp
C:\WINDOWS\RCX10.tmp
C:\WINDOWS\RCX11.tmp
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\Program Files
FileName = C:\*.exe*
FileName = C:\*.*
FileName = C:\222c25ed\*.exe*
FileName = C:\222c25ed\*.*
FileName = C:\222c25ed\IE8-Setup-Full\*.exe*
FileName = C:\222c25ed\IE8-Setup-Full\*.*
FileName = C:\222c25ed\IE8-Setup-Full\log\*.exe*
FileName = C:\222c25ed\IE8-Setup-Full\log\*.*
FileName = C:\AnalyzeControl\*.exe*
FileName = C:\AnalyzeControl\*.*
FileName = C:\DiskD\*.exe*
Behavior description:设置特殊文件属性
details:C:\ginstall.exe
C:\222c25ed\IE8-Setup-Full\gIE-REDIST.EXE
C:\222c25ed\IE8-Setup-Full\ginstallservices.exe
C:\Python27\gpython.exe
C:\Python27\gpython2.7.exe
C:\Python27\gpython2.exe
C:\Python27\gpythonw.exe
C:\Python27\gpythonw2.7.exe
C:\Python27\gpythonw2.exe
C:\Python27\gw9xpopen.exe
C:\Python27\Lib\distutils\command\gwininst-6.0.exe
C:\Python27\Lib\distutils\command\gwininst-7.1.exe
C:\Python27\Lib\distutils\command\gwininst-8.0.exe
C:\Python27\Lib\distutils\command\gwininst-9.0-amd64.exe
C:\Python27\Lib\distutils\command\gwininst-9.0.exe
Behavior description:重命名文件
details:C:\install.exe ---> C:\ginstall.exe
C:\RCX3.tmp ---> C:\install.exe
C:\222c25ed\IE8-Setup-Full\IE-REDIST.EXE ---> C:\222c25ed\IE8-Setup-Full\gIE-REDIST.EXE
C:\222c25ed\IE8-Setup-Full\installservices.exe ---> C:\222c25ed\IE8-Setup-Full\ginstallservices.exe
C:\222c25ed\IE8-Setup-Full\RCX4.tmp ---> C:\222c25ed\IE8-Setup-Full\installservices.exe
C:\Python27\python.exe ---> C:\Python27\gpython.exe
C:\Python27\RCX5.tmp ---> C:\Python27\python.exe
C:\Python27\python2.7.exe ---> C:\Python27\gpython2.7.exe
C:\Python27\RCX6.tmp ---> C:\Python27\python2.7.exe
C:\Python27\python2.exe ---> C:\Python27\gpython2.exe
C:\Python27\RCX7.tmp ---> C:\Python27\python2.exe
C:\Python27\pythonw.exe ---> C:\Python27\gpythonw.exe
C:\Python27\RCX8.tmp ---> C:\Python27\pythonw.exe
C:\Python27\pythonw2.7.exe ---> C:\Python27\gpythonw2.7.exe
C:\Python27\RCX9.tmp ---> C:\Python27\pythonw2.7.exe
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Application Data\Ground.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Ground.exe ---> Offset = 1024
C:\Documents and Settings\Administrator\Application Data\Ground.exe ---> Offset = 2048
C:\Documents and Settings\Administrator\Application Data\Ground.exe ---> Offset = 3072
C:\Documents and Settings\Administrator\Application Data\Ground.exe ---> Offset = 4096
C:\install.exe ---> Offset = 0
C:\install.exe ---> Offset = 1024
C:\install.exe ---> Offset = 2048
C:\install.exe ---> Offset = 3072
C:\install.exe ---> Offset = 4096
C:\ginstall.ico ---> Offset = 0
C:\RCX3.tmp ---> Offset = 0
C:\RCX3.tmp ---> Offset = 864
C:\RCX3.tmp ---> Offset = 1024
C:\RCX3.tmp ---> Offset = 5120
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Ground\Ground
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Paint
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Application Data\Ground.exe(签名验证: 未通过)
C:\install.exe(签名验证: 未通过)
C:\RCX3.tmp(签名验证: 未通过)
C:\222c25ed\IE8-Setup-Full\IE-REDIST.EXE(签名验证: 未通过)
C:\222c25ed\IE8-Setup-Full\installservices.exe(签名验证: 未通过)
C:\222c25ed\IE8-Setup-Full\RCX4.tmp(签名验证: 未通过)
C:\Python27\python.exe(签名验证: 未通过)
C:\Python27\RCX5.tmp(签名验证: 未通过)
C:\Python27\python2.7.exe(签名验证: 未通过)
C:\Python27\RCX6.tmp(签名验证: 未通过)
C:\Python27\python2.exe(签名验证: 未通过)
C:\Python27\RCX7.tmp(签名验证: 未通过)
C:\Python27\pythonw.exe(签名验证: 未通过)
C:\Python27\RCX8.tmp(签名验证: 未通过)
C:\Python27\pythonw2.7.exe(签名验证: 未通过)
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Application Data\Ground.exe ---> 6b135c49cf84221745e7607389db0eb4
C:\install.exe ---> 6b135c49cf84221745e7607389db0eb4
C:\RCX3.tmp ---> 9fc40740717d5d874777f5fdfd686705
C:\222c25ed\IE8-Setup-Full\IE-REDIST.EXE ---> 6b135c49cf84221745e7607389db0eb4
C:\222c25ed\IE8-Setup-Full\installservices.exe ---> 6b135c49cf84221745e7607389db0eb4
C:\222c25ed\IE8-Setup-Full\RCX4.tmp ---> d63264f8c7ae0c764e7c5e87a292f589
C:\Python27\python.exe ---> 6b135c49cf84221745e7607389db0eb4
C:\Python27\RCX5.tmp ---> 06be40f2ac0c85b6ff527f5bdf1b6872
C:\Python27\python2.7.exe ---> 6b135c49cf84221745e7607389db0eb4
C:\Python27\RCX6.tmp ---> 06be40f2ac0c85b6ff527f5bdf1b6872
C:\Python27\python2.exe ---> 6b135c49cf84221745e7607389db0eb4
C:\Python27\RCX7.tmp ---> 06be40f2ac0c85b6ff527f5bdf1b6872
C:\Python27\pythonw.exe ---> 6b135c49cf84221745e7607389db0eb4
C:\Python27\RCX8.tmp ---> 06be40f2ac0c85b6ff527f5bdf1b6872
C:\Python27\pythonw2.7.exe ---> 6b135c49cf84221745e7607389db0eb4
Behavior description:打开互斥体
details:ShimCacheMutex
Paint
Behavior description:查找文件方式探测虚拟机
details:FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序\Oracle VM VirtualBox Guest Additions\*.exe*
FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序\Oracle VM VirtualBox Guest Additions\*.*
FindFirstFileEx: FileName = C:\WINDOWS\Temp\vmware-SYSTEM\*.exe*
FindFirstFileEx: FileName = C:\WINDOWS\Temp\vmware-SYSTEM\*.*
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号