VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:78
Behavior list
Basic Information
MD5:840962c659715b174c0824f3a9bb06d5
file type:EXE
Production company:Kiryuu
version:1.4.3.0---1.4.3.0
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo
Subfile information:upx_c_2e4d2a13dumpFile / 8cb2ce584b45aeb2e1c1f765d1772281 / EXE
Key behavior
Behavior description:查找PE资源信息
details:(FindResourceExExW) hModule = 0x00400000, ResName: 84(ID), ResType: EXE
Behavior description:直接获取CPU时钟
details:EAX = 0x9209f365, EDX = 0x00000077
EAX = 0x9f328fbb, EDX = 0x00000077
EAX = 0xcc126285, EDX = 0x00000077
EAX = 0xcc3d92c4, EDX = 0x00000077
Behavior description:获取TickCount值
details:TickCount = 143063, SleepMilliseconds = 1.
TickCount = 143079, SleepMilliseconds = 1.
TickCount = 143110, SleepMilliseconds = 1.
TickCount = 143141, SleepMilliseconds = 1.
TickCount = 153876, SleepMilliseconds = 1.
File behavior
Behavior description:创建文件
details:C:\Users\Administrator\AppData\Local\%temp%\PanData\log\20170916175901.log
C:\Users\Administrator\AppData\Local\%temp%\PanData\directui license.txt
C:\Users\Administrator\AppData\Local\%temp%\PanData\duilib license.txt
C:\Users\Administrator\AppData\Local\%temp%\PanData\aria2c.exe
Behavior description:创建可执行文件
details:C:\Users\Administrator\AppData\Local\%temp%\PanData\aria2c.exe
Behavior description:修改文件内容
details:C:\Users\Administrator\AppData\Local\%temp%\PanData\directui license.txt ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\PanData\duilib license.txt ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\PanData\log\20170916175901.log ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\PanData\log\20170916175901.log ---> Offset = 43
C:\Users\Administrator\AppData\Local\%temp%\PanData\aria2c.exe ---> Offset = 0
Behavior description:查找文件
details:FileName = C:\Users\Administrator\AppData\Local\%temp%\PanData
FileName = C:\Users\Administrator\AppData\Local\%temp%\PanData\log
FileName = C:\Users\Administrator\AppData\Local\%temp%\PanData\log\20170916175901.log
FileName = C:\Users\Administrator\AppData\Local\%temp%\PanData\temp
FileName = C:\Users\Administrator\AppData\Local\%temp%\PanData\directui license.txt
FileName = C:\Users\Administrator\AppData\Local\%temp%\PanData\duilib license.txt
FileName = C:\Users\Administrator\AppData\Local\%temp%\PanData\aria2c.exe
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:PanDownload
Behavior description:打开互斥体
details:Local\MSCTF.Asm.MutexDefault1
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
Behavior description:获取TickCount值
details:TickCount = 143063, SleepMilliseconds = 1.
TickCount = 143079, SleepMilliseconds = 1.
TickCount = 143110, SleepMilliseconds = 1.
TickCount = 143141, SleepMilliseconds = 1.
TickCount = 153876, SleepMilliseconds = 1.
Behavior description:窗口信息
details:Pid = 3156, Hwnd=0x80152, Text = 本软件仅供学习交流使用,不得用于商业用途!, ClassName = MsgBoxUI.
Behavior description:查找PE资源信息
details:(FindResourceExExW) hModule = 0x00400000, ResName: 84(ID), ResType: EXE
Behavior description:可执行文件签名信息
details:C:\Users\Administrator\AppData\Local\%temp%\PanData\aria2c.exe(签名验证: 未通过)
Behavior description:调用Sleep函数
details:[2]: MilliSeconds = 1.
[3]: MilliSeconds = 1.
[4]: MilliSeconds = 1.
[5]: MilliSeconds = 1.
[6]: MilliSeconds = 1.
[7]: MilliSeconds = 1.
[8]: MilliSeconds = 1.
[9]: MilliSeconds = 1.
[1]: MilliSeconds = 1.
[10]: MilliSeconds = 1.
Behavior description:可执行文件MD5
details:C:\Users\Administrator\AppData\Local\%temp%\PanData\aria2c.exe ---> 4943ba11f55a2140a95847f09ead2fe6
Behavior description:直接获取CPU时钟
details:EAX = 0x9209f365, EDX = 0x00000077
EAX = 0x9f328fbb, EDX = 0x00000077
EAX = 0xcc126285, EDX = 0x00000077
EAX = 0xcc3d92c4, EDX = 0x00000077
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号