1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.
Language
Server load
1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.
| Safety rating:77 |
| Behavior list |
| Basic Information | |
|---|---|
| MD5: | 78c00c56630a0211682b4001b08e52c8 |
| file type: | EXE |
| Production company: | |
| version: | 7.10.7600.16---7.10.7600.16 |
| Shell or compiler information: | COMPILER:Microsoft Visual C++ 6.0 [Overlay] |
| Key behavior | |
|---|---|
| Behavior description: | 直接调用系统关键API |
| details: | Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x0044815A |
| Process behavior | |
|---|---|
| Behavior description: | 创建本地线程 |
| details: | TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2640, ThreadID = 2652, StartAddress = 77DC845A, Parameter = 00000000 |
| File behavior | |
|---|---|
| Behavior description: | 查找文件 |
| details: | FileName = C:\WINDOWS |
| FileName = C:\WINDOWS\Prefetch\CHXSMARTSCREEN.* | |
| Other behavior | |
|---|---|
| Behavior description: | 直接调用系统关键API |
| details: | Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x0044815A |
| Behavior description: | 创建互斥体 |
| details: | oleacc-msaa-loaded |
| CTF.LBES.MutexDefaultS-* | |
| CTF.Compart.MutexDefaultS-* | |
| CTF.Asm.MutexDefaultS-* | |
| CTF.Layouts.MutexDefaultS-* | |
| CTF.TMD.MutexDefaultS-* | |
| CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-* | |
| Behavior description: | 打开互斥体 |
| details: | ShimCacheMutex |
| Behavior description: | 打开事件 |
| details: | HookSwitchHookEnabledEvent |
| \SECURITY\LSA_AUTHENTICATION_INITIALIZED | |
| Behavior description: | 直接操作物理设备 |
| details: | \??\PhysicalDrive0 |
| Run screenshot |
|---|
 |
HOME
