VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:79
Behavior list
Behavior analysis report:         Threatbook file behavior analysis report
Basic Information
MD5:830e4442b1e85a633de75870a6d99e27
file type:EXE
Production company:www.962.net
version:2.2.0.0---2.2.0.0
Shell or compiler information:PACKER:ASPack 2.12 -> Alexey Solodovnikov [Overlay]
Subfile information:7ZAdumpFile / 42badc1d2f03a8b1e4875740d3d49336 / EXE
LYTOOLdumpFile / 3ef6ca8beb06b9563b6af1f70a3ebe56 / DLL
AQHTTPdumpFile / 3c9ec661f20ee6ca4bb17cfe7c0a5174 / DLL
GREENINGdumpFile / 82ccb4dd63833063abd1c56ea80b529a / DLL
AQ7ZdumpFile / 53014f3764238d08a48590e2e1f5f4b9 / DLL
LYHOOKdumpFile / 6da32c4b6b1b10df6a71b97afb398ff7 / DLL
INJECTdumpFile / a2325672489ddc25b310a2dcde279808 / DLL
Key behavior
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\monitor.lnk
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:按名称获取主机地址
details:www.962.net
File behavior
Behavior description:写权限映射文件
details:\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
Local\!PrivacIE!SharedMem!Counter
CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\monitor.lnk
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\load[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\load[2]---> Offset = 0
C:\Documents and Settings\Administrator\桌面\monitor.lnk---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\dnserrordiagoff_webOC[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\dnserrordiagoff_webOC[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\ErrorPageTemplate[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\errorPageStrings[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\ErrorPageTemplate[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\errorPageStrings[1]---> Offset = 0
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = www.962.net, PORT = 80
Behavior description:建立到一个指定的套接字连接
details:219.133.40.1:80
127.0.0.1:1041
Behavior description:打开HTTP请求
details:HttpOpenRequestA: www.962.net:80/exe/gl_.html, hConnect = 0x000003a4
HttpOpenRequestA: www.962.net:80/exe/path_.html, hConnect = 0x00000490
Behavior description:按名称获取主机地址
details:www.962.net
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{91F22F3C-B0D7-4777-A439-E0709A01D50B}\1.0\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{91F22F3C-B0D7-4777-A439-E0709A01D50B}\1.0\FLAGS\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{91F22F3C-B0D7-4777-A439-E0709A01D50B}\1.0\0\win32\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{91F22F3C-B0D7-4777-A439-E0709A01D50B}\1.0\HELPDIR\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9B96DE9-1158-41B6-B611-6AE96B2C44D9}\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9B96DE9-1158-41B6-B611-6AE96B2C44D9}\ProxyStubClsid\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9B96DE9-1158-41B6-B611-6AE96B2C44D9}\ProxyStubClsid32\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9B96DE9-1158-41B6-B611-6AE96B2C44D9}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9B96DE9-1158-41B6-B611-6AE96B2C44D9}\TypeLib\Version
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E61F1335-6EFE-4A33-86C1-D1505D96E624}\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E61F1335-6EFE-4A33-86C1-D1505D96E624}\ProxyStubClsid\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E61F1335-6EFE-4A33-86C1-D1505D96E624}\ProxyStubClsid32\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E61F1335-6EFE-4A33-86C1-D1505D96E624}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E61F1335-6EFE-4A33-86C1-D1505D96E624}\TypeLib\Version
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\962\monitor\firstRunTime
Behavior description:删除注册表键值_IE连接设置
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
Behavior description:窗口信息
details:Pid = 164, Hwnd=0xd01f6, Text = 是(&Y), ClassName = Button.
Pid = 164, Hwnd=0xc017a, Text = 否(&N), ClassName = Button.
Pid = 164, Hwnd=0xb015e, Text = 是否在桌面上建立快捷方式?, ClassName = Static.
Pid = 164, Hwnd=0xb0200, Text = 提示!, ClassName = #32770.
Pid = 164, Hwnd=0xb01ce, Text = ts2, ClassName = TTabSheet.
Pid = 164, Hwnd=0x60360, Text = 运行关闭, ClassName = TCheckBox.
Pid = 164, Hwnd=0x80366, Text = 定位目录, ClassName = TButton.
Pid = 164, Hwnd=0x60376, Text = 直接运行, ClassName = TCheckBox.
Pid = 164, Hwnd=0xb0164, Text = 游戏操作控制 , ClassName = TGroupBox.
Pid = 164, Hwnd=0x90338, Text = 修改器补丁, ClassName = TButton.
Pid = 164, Hwnd=0xa0352, Text = 游戏攻略, ClassName = TButton.
Pid = 164, Hwnd=0xa03ac, Text = ts3, ClassName = TTabSheet.
Pid = 164, Hwnd=0x70362, Text = ts1, ClassName = TTabSheet.
Pid = 164, Hwnd=0xa037c, Text = pnltop, ClassName = TPanel.
Pid = 164, Hwnd=0xa03d4, Text = monitor, ClassName = TEdit.
Behavior description:创建互斥体
details:Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\!PrivacIE!SharedMemory!Mutex
RasPbFile
CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号