VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:83
Behavior list
Basic Information
MD5:90372796edc76dcb0d3f893f3ff98851
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:Borland Delphi 2.0 [Overlay]
Subfile information:KMSpico_setup.exe / a89c072c83a54cb5aa2c570f3d910a56 / EXE
Setup_oemtongyi3.exe / ed6ff687fee915e03b263e47b72de974 / EXE
ReadMe KMSpico Install.txt / 7cd3b648933e345e5945e74c0a15a877 / Unknown
XP510下载须知.txt / 996fcedd03f33601691e182fe1bc16d3 / Unknown
636网址导航.url / 3688d42285b5e6a8a3c9f5658483ddba / Unknown
软件使用说明.html / d9ca7d1f89782cd376a0eef1e487335f / Unknown
UnInstall_Service.cmd / d228137b7b77d7ef3fcdc06ddabebeef / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.ADH..GNDHH
MSCTF.MarshalInterface.FileMap.ADH.B.FODHH
MSCTF.MarshalInterface.FileMap.ADH.C.FODHH
MSCTF.MarshalInterface.FileMap.ADH.D.FODHH
MSCTF.MarshalInterface.FileMap.ADH.E.FODHH
MSCTF.MarshalInterface.FileMap.ADH.F.FODHH
MSCTF.MarshalInterface.FileMap.ADH.G.FODHH
MSCTF.Shared.SFM.ADH
MSCTF.MarshalInterface.FileMap.ADH.H.EJCLH
MSCTF.MarshalInterface.FileMap.ADH.I.EJCLH
MSCTF.MarshalInterface.FileMap.ADH.J.EJCLH
MSCTF.MarshalInterface.FileMap.ADH.K.EJCLH
MSCTF.MarshalInterface.FileMap.ADH.L.EJCLH
MSCTF.MarshalInterface.FileMap.ADH.M.EJCLH
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202cc, Text = 360安全中心, ClassName = #32770.
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:按名称获取主机地址
details:st.p.360.cn
stun01.sipphone.com
agt.p.360.cn
tr.p.360.cn
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.ADH..GNDHH
MSCTF.MarshalInterface.FileMap.ADH.B.FODHH
MSCTF.MarshalInterface.FileMap.ADH.C.FODHH
MSCTF.MarshalInterface.FileMap.ADH.D.FODHH
MSCTF.MarshalInterface.FileMap.ADH.E.FODHH
MSCTF.MarshalInterface.FileMap.ADH.F.FODHH
MSCTF.MarshalInterface.FileMap.ADH.G.FODHH
MSCTF.Shared.SFM.ADH
MSCTF.MarshalInterface.FileMap.ADH.H.EJCLH
MSCTF.MarshalInterface.FileMap.ADH.I.EJCLH
MSCTF.MarshalInterface.FileMap.ADH.J.EJCLH
MSCTF.MarshalInterface.FileMap.ADH.K.EJCLH
MSCTF.MarshalInterface.FileMap.ADH.L.EJCLH
MSCTF.MarshalInterface.FileMap.ADH.M.EJCLH
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3605.tmpsafe505.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3604.tmp360net.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\!@t234.tmp---> Offset = 0
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Application Data\Tencent
FileName = C:\Documents and Settings\Administrator\Application Data\Tencent\QQ
FileName = C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\STemp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1443555733.023508.exe_7zdump\LiveUpdateLog\P2SP_setup_oemtongyi3.log
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = s.360.cn, PORT = 80
InternetConnectA: ServerName = pinst.360.cn, PORT = 80
Behavior description:建立到一个指定的套接字连接
details:127.0.0.1:1034
Behavior description:打开HTTP请求
details:HttpOpenRequestA: s.360.cn:80/safe/instcomp.htm?soft=80&status=1&mid=5dbfe99d33d8e56e1169c3ae5d7c9c97&pid=oemtongyi3&ver=2.2.1.1001, hConnect = 0x00000638
HttpOpenRequestA: pinst.360.cn:80/360safe/bd_oemtongyi3.cab?value=17227, hConnect = 0x000004b4
Behavior description:按名称获取主机地址
details:st.p.360.cn
stun01.sipphone.com
agt.p.360.cn
tr.p.360.cn
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\360Safe\Liveup\mid
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and Settings\Administrator\Local Settings\%temp%\1443555732.757056.exe_7zdump\Setup_oemtongyi3.exe
Other behavior
Behavior description:创建互斥体
details:1830B7BD-F7A3-4c4d-989B-C004DE465EDE 564
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.ADH
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取系统权限
details:SE_MANAGE_VOLUME_PRIVILEGE
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202cc, Text = 360安全中心, ClassName = #32770.
Behavior description:窗口信息
details:Pid = 564, Hwnd=0x202b2, Text = 安装程序正在加载配置文件,请稍候..., ClassName = Static.
Pid = 564, Hwnd=0x302ba, Text = Progress1, ClassName = msctls_progress32.
Pid = 564, Hwnd=0x202cc, Text = 360安全中心, ClassName = #32770.
Pid = 564, Hwnd=0x302b2, Text = 确定, ClassName = Button.
Pid = 564, Hwnd=0x402bc, Text = 配置文件加载超时,请检查您的网络连接!, ClassName = Static.
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Behavior description:样本控制台输出内容
details:N/A
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号