VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:76
Behavior list
Basic Information
MD5:875f81d20cee583800e4bb1cbc2ed10e
file type:Rar
Production company:
version:
Shell or compiler information:
Subfile information:绑定手机V8.2.exe / 03f7b24aae7292da7c1e0e4c43b183ec / EXE
classes.dex / d2045bb4d50475b4f6bbf16e641fa551 / Unknown
手机APP短信猫.apk / a02743205445ecd050ced44c1f0da055 / zip
Good.dll / 701339ad0326dc4fc510ee239d0b71b2 / DLL
webdefault.xml / 6121a4101f83c5fb5992024f6e39c4f5 / Unknown
icon.png / b7b264b714d2d12a7582f36cb90c9146 / Unknown
configure_6_0.dtd / ae1a0ac847446cf33ffb6c05a833b972 / Unknown
B4A.SF / 5d8a1269f1c58095ef9429ad13e4e13f / Unknown
MANIFEST.MF / 3a9aafe4b4be85536a31077a0d19d20f / Unknown
mime.properties / b76f4b11b4b2bd8058046f7093053bdd / Unknown
useragents / 113cb82328104f9f509b98a06e854192 / Unknown
1.bal / f56970ad6d64fce90e7c6152d5854d9e / Unknown
AndroidManifest.xml / 1e19a77781da6de2e0962f78384d0b01 / Unknown
about.bal / 446745c66f0a35c4cd1ca53138959882 / Unknown
Connector-mbean.properties / 17e2cbff1c58082bd6a4f962c94eb021 / Unknown
StatisticsHandler-mbean.properties / 2e35ead7e553c5d70930d95c8b993106 / Unknown
ContextHandler-mbean.properties / 784a4dc21299ab0377c82c4cc8b1d22a / Unknown
AbstractConnector-mbean.properties / c12cfc237bbdd2f53827dc13d0ad6642 / Unknown
LocalStrings_ja.properties / f3cd64acacbcd38e44baa069c55a3979 / Unknown
Key behavior
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00010342, Text = , ClassName = TEnigmaProtectorLoaderFormSplashScreen.UnicodeClass.
Behavior description:直接调用系统关键API
details:Index = 0x00000025, Name: NtCreateFile, Instruction Address = 0x009B69A4
Index = 0x000000E0, Name: NtSetInformationFile, Instruction Address = 0x009B91F6
Index = 0x000000B7, Name: NtReadFile, Instruction Address = 0x009B24E2
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\NTICE
\??\SICE
Behavior description:查找反病毒常用工具窗口
details:NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
Process behavior
Behavior description:创建本地线程
details:TargetProcess: 绑定手机V8.2.exe, InheritedFromPID = 2000, ProcessID = 3092, ThreadID = 3104, StartAddress = 77DC845A, Parameter = 00000000
File behavior
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\
FileName = C:\DOCUME~1\ADMINI~1\
FileName = C:\DOCUME~1\
FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\绑定手机V8.2\绑定手机V8.2.exe
Other behavior
Behavior description:创建互斥体
details:RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.IBM
Mutex object: Unique: 924338579-2114010080. Number: 0
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.IBM.IC
EventName = MSCTF.SendReceiveConection.Event.IBM.IC
Behavior description:直接调用系统关键API
details:Index = 0x00000025, Name: NtCreateFile, Instruction Address = 0x009B69A4
Index = 0x000000E0, Name: NtSetInformationFile, Instruction Address = 0x009B91F6
Index = 0x000000B7, Name: NtReadFile, Instruction Address = 0x009B24E2
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 3092, Hwnd=0x10422, Text = 关闭窗口, ClassName = TEnigmaProtectorLoaderButton.UnicodeClass.
Pid = 3092, Hwnd=0x10420, Text = 注册软件, ClassName = TEnigmaProtectorLoaderButton.UnicodeClass.
Pid = 3092, Hwnd=0x1041e, Text = 免费试用, ClassName = TEnigmaProtectorLoaderButton.UnicodeClass.
Pid = 3092, Hwnd=0x10418, Text = 下方输入授权信息, ClassName = TEnigmaProtectorLoaderGroupBox.UnicodeClass.
Pid = 3092, Hwnd=0x20414, Text = 机器码, ClassName = TEnigmaProtectorLoaderGroupBox.UnicodeClass.
Pid = 3092, Hwnd=0x10416, Text = 16F0-3C9C-6514-19AA, ClassName = TEnigmaProtectorLoaderEdit.UnicodeClass.
Pid = 3092, Hwnd=0x40412, Text = 笨驴营销软件 官网:www.6666a.cn QQ:2873574923 3335423299 , ClassName = TEnigmaProtectorLoaderRegistrationForm.UnicodeClass.
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\NTICE
\??\SICE
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00010342, Text = , ClassName = TEnigmaProtectorLoaderFormSplashScreen.UnicodeClass.
Behavior description:枚举窗口
details:N/A
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 0.
[2]: MilliSeconds = 0.
[3]: MilliSeconds = 0.
[4]: MilliSeconds = 0.
Behavior description:打开互斥体
details:RasPbFile
ShimCacheMutex
Behavior description:查找反病毒常用工具窗口
details:NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号