VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:20
Behavior list
Basic Information
MD5:87873846c9deb99dc9019c768c4e6a25
file type:EXE
Production company:文件夹
version:1.0.0.0---1.0.0.0
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Key behavior
Behavior description:删除QQ登录信息的数据库文件
details:C:\Program Files\Tencent\QQ\Users\All Users\QQ\Registry.db
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Afx:10000000:8:10011:1900015:0]
Behavior description:杀掉进程
details:TargetProcess = QQ.EXE /F
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.MGN..ALDHF
MSCTF.MarshalInterface.FileMap.MGN.B.AMDHF
MSCTF.MarshalInterface.FileMap.MGN.C.AMDHF
MSCTF.MarshalInterface.FileMap.MGN.D.AMDHF
MSCTF.MarshalInterface.FileMap.MGN.E.ANDHF
MSCTF.MarshalInterface.FileMap.MGN.F.ANDHF
MSCTF.MarshalInterface.FileMap.MGN.G.PNDHF
MSCTF.Shared.SFM.MGN
Behavior description:杀掉QQ进程
details:C:\Program Files\Tencent\QQ\Bin\QQ.exe
Behavior description:设置特殊文件夹属性
details:C:\autorun.inf
C:\autorun.inf\文件免疫
C:\Program Files\autorun.inf
C:\Program Files\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\autorun.inf
C:\Program Files\Windows Media Player\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\autorun.inf
C:\Program Files\Windows Media Player\9\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\c\autorun.inf
C:\Program Files\Windows Media Player\9\c\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\c\b\autorun.inf
C:\Program Files\Windows Media Player\9\c\b\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\c\b\c\autorun.inf
C:\Program Files\Windows Media Player\9\c\b\c\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\c\b\c\c\autorun.inf
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = c:\monitor\cq.bat
ImagePath = , CmdLine = c:\monitor\temp.bat
ImagePath = , CmdLine = "c:\program files\windows media player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe " folder
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c c:\monitor\CQ.bat
ImagePath = C:\WINDOWS\system32\taskkill.exe, CmdLine = taskkill /im qq.exe /f
ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c c:\monitor\temp.bat
ImagePath = C:\WINDOWS\system32\cacls.exe, CmdLine = cacls "C:\Program Files\Windows Media Player\9" /d everyone /e
ImagePath = C:\WINDOWS\explorer.exe, CmdLine = explorer "c:\monitor\sample"
Behavior description:杀掉进程
details:TargetProcess = QQ.EXE /F
Behavior description:创建新文件进程
details:ImagePath = C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe , CmdLine = "C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autor
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\570a3.tmp.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\570a3.tmp.exe" qjb 131378
Behavior description:杀掉QQ进程
details:C:\Program Files\Tencent\QQ\Bin\QQ.exe
File behavior
Behavior description:删除QQ登录信息的数据库文件
details:C:\Program Files\Tencent\QQ\Users\All Users\QQ\Registry.db
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\krnln.fnr
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\eAPI.fne
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\Md5.fne
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\internet.fne
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\570a3.tmp.exe
C:\222c25ed.exe
C:\AnalyzeControl.exe
C:\autorun.inf.exe
C:\DiskD.exe
C:\DiskX.exe
C:\Documents and Settings.exe
C:\EasyWebSvr.exe
C:\monitor.exe
C:\Program Files.exe
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.MGN..ALDHF
MSCTF.MarshalInterface.FileMap.MGN.B.AMDHF
MSCTF.MarshalInterface.FileMap.MGN.C.AMDHF
MSCTF.MarshalInterface.FileMap.MGN.D.AMDHF
MSCTF.MarshalInterface.FileMap.MGN.E.ANDHF
MSCTF.MarshalInterface.FileMap.MGN.F.ANDHF
MSCTF.MarshalInterface.FileMap.MGN.G.PNDHF
MSCTF.Shared.SFM.MGN
Behavior description:重命名文件
details:C:\autorun.inf\文件免疫 ---> C:\autorun.inf\文件免疫.
C:\Program Files\autorun.inf\文件免疫 ---> C:\Program Files\autorun.inf\文件免疫.
C:\Program Files\Windows Media Player\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\autorun.inf\文件免疫.
C:\Program Files\Windows Media Player\9\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\autorun.inf\文件免疫.
C:\Program Files\Windows Media Player\9\c\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\autorun.inf\文件免疫.
C:\Program Files\Windows Media Player\9\c\b\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\autorun.inf\文件免疫.
C:\Program Files\Windows Media Player\9\c\b\c\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\autorun.inf\文件免疫.
C:\Program Files\Windows Media Player\9\c\b\c\c\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\c\autorun.inf\文件免疫.
C:\Program Files\Windows Media Player\9\c\b\c\c\0\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\c\0\autorun.inf\文件免疫.
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\autorun.inf\文件免疫.
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\autorun.inf\文件免疫.
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\autorun.inf\文件免疫.
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\autorun.inf\文件免疫.
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\autorun.inf\文件免疫.
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\autorun.inf\文件免疫.
Behavior description:设置特殊文件夹属性
details:C:\autorun.inf
C:\autorun.inf\文件免疫
C:\Program Files\autorun.inf
C:\Program Files\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\autorun.inf
C:\Program Files\Windows Media Player\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\autorun.inf
C:\Program Files\Windows Media Player\9\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\c\autorun.inf
C:\Program Files\Windows Media Player\9\c\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\c\b\autorun.inf
C:\Program Files\Windows Media Player\9\c\b\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\c\b\c\autorun.inf
C:\Program Files\Windows Media Player\9\c\b\c\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\c\b\c\c\autorun.inf
Behavior description:修改文件内容
details:C:\monitor\CQ.bat---> Offset = 0
C:\autorun.inf\desktop.ini---> Offset = 0
C:\Program Files\autorun.inf\desktop.ini---> Offset = 0
C:\Program Files\Windows Media Player\autorun.inf\desktop.ini---> Offset = 0
C:\Program Files\Windows Media Player\9\autorun.inf\desktop.ini---> Offset = 0
C:\Program Files\Windows Media Player\9\c\autorun.inf\desktop.ini---> Offset = 0
C:\Program Files\Windows Media Player\9\c\b\autorun.inf\desktop.ini---> Offset = 0
C:\Program Files\Windows Media Player\9\c\b\c\autorun.inf\desktop.ini---> Offset = 0
C:\Program Files\Windows Media Player\9\c\b\c\c\autorun.inf\desktop.ini---> Offset = 0
C:\Program Files\Windows Media Player\9\c\b\c\c\0\autorun.inf\desktop.ini---> Offset = 0
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\autorun.inf\desktop.ini---> Offset = 0
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\autorun.inf\desktop.ini---> Offset = 0
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\autorun.inf\desktop.ini---> Offset = 0
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\autorun.inf\desktop.ini---> Offset = 0
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\autorun.inf\desktop.ini---> Offset = 0
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\LoveQ\first
\REGISTRY\MACHINE\SOFTWARE\Classes\.exe \
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
SHIMLIB_LOG_MUTEX
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.MGN
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Afx:10000000:8:10011:1900015:0]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:枚举窗口
details:N/A
Behavior description:获取系统权限
details:SE_DEBUG_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 3444, Hwnd=0x103cc, Text = 取回密码, ClassName = Afx:10000000:b:10011:1900015:0.
Pid = 3444, Hwnd=0x103ca, Text = 注册新账号, ClassName = Afx:10000000:b:10011:1900015:0.
Pid = 3444, Hwnd=0x103c4, Text = <请输入账号>, ClassName = Edit.
Pid = 3444, Hwnd=0x103c0, Text = QQ2009 , ClassName = WTWindow.
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号