VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:83
Behavior list
Basic Information
MD5:6c19def0c99f8999c4ff50f2888d05ae
file type:EXE
Production company:
version:1.0.0.0---1.0.0.0
Shell or compiler information:PACKER:UPolyX v0.5
Key behavior
Behavior description:直接调用系统关键API
details:Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x0132C46B
Behavior description:直接获取CPU时钟
details:EAX = 0x22f7fad0, EDX = 0x000000bf
Behavior description:获取TickCount值
details:TickCount = 230687, SleepMilliseconds = 1000.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2712, ThreadID = 2724, StartAddress = 012D2070, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2712, ThreadID = 2728, StartAddress = 012D2080, Parameter = 00000048
Registry behavior
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\DWFileTreeRoot
Other behavior
Behavior description:直接调用系统关键API
details:Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x0132C46B
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:3D21E658-B095-441a-8FE9-6C10952714C7
Behavior description:创建事件对象
details:EventName = Global\userenv: User Profile setup event
Behavior description:打开互斥体
details:DBWinMutex
Behavior description:获取TickCount值
details:TickCount = 230687, SleepMilliseconds = 1000.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 1000.
[2]: MilliSeconds = 1000.
[3]: MilliSeconds = 1000.
[4]: MilliSeconds = 1000.
[5]: MilliSeconds = 1000.
[6]: MilliSeconds = 1000.
[7]: MilliSeconds = 1000.
[8]: MilliSeconds = 1000.
[9]: MilliSeconds = 1000.
[10]: MilliSeconds = 1000.
Behavior description:直接获取CPU时钟
details:EAX = 0x22f7fad0, EDX = 0x000000bf
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号