VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:76
Behavior list
Basic Information
MD5:9219fd065f3c8656bb729e159b30358f
file type:zip
Production company:
version:
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo
Subfile information:PanDownload.exedumpFile / 998547ca9f737daa7aac927fd46a3b56 / EXE
PanDownload.exe / 998547ca9f737daa7aac927fd46a3b56 / EXE
Key behavior
Behavior description:查找PE资源信息
details:(FindResourceExExW) hModule = 0x00400000, ResName: 84(ID), ResType: EXE
Behavior description:获取TickCount值
details:TickCount = 768813, SleepMilliseconds = 1.
TickCount = 768829, SleepMilliseconds = 1.
TickCount = 768922, SleepMilliseconds = 1.
TickCount = 768969, SleepMilliseconds = 1.
TickCount = 768985, SleepMilliseconds = 1.
TickCount = 785407, SleepMilliseconds = 1.
TickCount = 785422, SleepMilliseconds = 1.
File behavior
Behavior description:创建文件
details:C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData\log\20170627121701.log
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData\aria2c.exe
Behavior description:创建可执行文件
details:C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData\aria2c.exe
Behavior description:修改文件内容
details:C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData\log\20170627121701.log ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData\aria2c.exe ---> Offset = 0
Behavior description:查找文件
details:FileName = PanData
FileName = PanData\log
FileName = PanData\log\20170627121701.log
FileName = PanData\temp
FileName = PanData\aria2c.exe
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:PanDownload
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
Behavior description:获取TickCount值
details:TickCount = 768813, SleepMilliseconds = 1.
TickCount = 768829, SleepMilliseconds = 1.
TickCount = 768922, SleepMilliseconds = 1.
TickCount = 768969, SleepMilliseconds = 1.
TickCount = 768985, SleepMilliseconds = 1.
TickCount = 785407, SleepMilliseconds = 1.
TickCount = 785422, SleepMilliseconds = 1.
Behavior description:窗口信息
details:Pid = 712, Hwnd=0x1b01dc, Text = 本软件仅供学习交流使用,不得用于商业用途!, ClassName = MsgBoxUI.
Behavior description:查找PE资源信息
details:(FindResourceExExW) hModule = 0x00400000, ResName: 84(ID), ResType: EXE
Behavior description:可执行文件签名信息
details:C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData\aria2c.exe(签名验证: 未通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 1.
[2]: MilliSeconds = 1.
[3]: MilliSeconds = 1.
[4]: MilliSeconds = 1.
[5]: MilliSeconds = 1.
[6]: MilliSeconds = 1.
[7]: MilliSeconds = 1.
[8]: MilliSeconds = 1.
[9]: MilliSeconds = 1.
[10]: MilliSeconds = 1.
Behavior description:可执行文件MD5
details:C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData\aria2c.exe ---> 4943ba11f55a2140a95847f09ead2fe6
Behavior description:打开互斥体
details:Local\MSCTF.Asm.MutexDefault1
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号