VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:80
Behavior list
Basic Information
MD5:92b822799bc17aafa524e636523e6d3a
file type:7z
Production company:
version:
Shell or compiler information:
Subfile information:Krypto500-User_Manual _Vol.2-Decoder_Operations-29Jan10 (1).pdf / 5b07c194c049bd35c058a0ab8207c313 / Unknown
kryto 500.pdf / 7bba721f5bc664c09a1d7b2967a3339a / Unknown
signal classification krypto 5000.pdf / f2423b13c5ce041614239c700b69bab1 / Unknown
k500.exe / cbb46ca8693769c0bf49d61a0fb58a20 / EXE
GdiPlus.dll / 4d328694bb516e46d2d184950d94433f / DLL
ffthost.exe / edde64e07c70a7093f260b0ba0575acf / EXE
unins000.exe / 62be3289230cc869a0b5bac07f1db121 / EXE
msvcr90.dll / 4d03ca609e68f4c90cf66515218017f8 / DLL
msvcp90.dll / 871f979d70414c900b35e56222932daf / DLL
msvcm90.dll / 7b37f8ec25c9ad853e8126c1d0992201 / DLL
sdr14iq.mod / c15ed06fea3e4ed7a9923d0ce1570f65 / EXE
perseus.mod / db9b29e88c98c608f94164f5890fa36e / EXE
hfdl.dat / 05f9b4465680a2e9a16449b4a74e6389 / Unknown
default.pal / 2d238e321543bd64f9b28be6bffe47d1 / Unknown
default-color.pal / ab79844a1914ee11dde00cddfe1532d9 / Unknown
burntPaper.pal / 794a0b74ca264d88641edefb82c095c6 / Unknown
coldRainbow.pal / 75b1203a9f8a23819b64c2ea29f5bb64 / Unknown
unins000.dat / 3dc0078c7d03d4f548557259794b7f92 / Unknown
Microsoft.VC90.CRT.manifest / c1eda860810e6299f690459006e4c655 / Unknown
Key behavior
Behavior description:修改原系统的EXE文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\msvcr90.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\msvcp90.dll
Process behavior
Behavior description:创建本地线程
details:TargetProcess: k500.exe, InheritedFromPID = 2000, ProcessID = 3552, ThreadID = 3592, StartAddress = 4AEA7456, Parameter = 00000000
File behavior
Behavior description:修改原系统的EXE文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\msvcr90.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\msvcp90.dll
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\msvcr90.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\msvcr90.dll ---> Offset = 577536
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\msvcr90.dll ---> Offset = 585728
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\msvcr90.dll ---> Offset = 630784
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\msvcp90.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\msvcp90.dll ---> Offset = 274432
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\msvcp90.dll ---> Offset = 290816
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\msvcp90.dll ---> Offset = 311296
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\msvcp90.dll ---> Offset = 376832
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\msvcr90.dll
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\Microsoft.VC90.CRT.manifest
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\MSVCR90.dll
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Krypto500\RecX
\REGISTRY\USER\S-*\Software\Krypto500\RecY
\REGISTRY\USER\S-*\Software\Krypto500\RecTimeout
\REGISTRY\USER\S-*\Software\Krypto500\RecRate
\REGISTRY\USER\S-*\Software\Krypto500\RecLogging
\REGISTRY\USER\S-*\Software\Krypto500\RecDef2
\REGISTRY\USER\S-*\Software\Krypto500\RecDef3
\REGISTRY\USER\S-*\Software\Krypto500\RecDef4
\REGISTRY\USER\S-*\Software\Krypto500\RecVad2
\REGISTRY\USER\S-*\Software\Krypto500\RecVad3
\REGISTRY\USER\S-*\Software\Krypto500\RecVad4
\REGISTRY\USER\S-*\Software\Krypto500\MainX
\REGISTRY\USER\S-*\Software\Krypto500\MainY
\REGISTRY\USER\S-*\Software\Krypto500\MainW
\REGISTRY\USER\S-*\Software\Krypto500\MainH
Other behavior
Behavior description:创建互斥体
details:DirectSound DllMain mutex (0x00000DE0)
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.EON
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Global\crypt32LogoffEvent
EventName = MSCTF.SendReceive.Event.EON.IC
EventName = MSCTF.SendReceiveConection.Event.EON.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Global\crypt32LogoffEvent
Global\SvcctrlStartEvent_A3752DX
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 3552, Hwnd=0x10386, Text = 确定, ClassName = Button.
Pid = 3552, Hwnd=0x1038a, Text = DSound: Can"t open soundcard. Check if correct soundcard is selected in options., ClassName = Static.
Pid = 3552, Hwnd=0x10384, Text = Error, ClassName = #32770.
Pid = 3552, Hwnd=0x10346, Text = Krγρτο500 v1.145, ClassName = CHostWnd.
Behavior description:修改后的可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\msvcr90.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\msvcp90.dll(签名验证: 通过)
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [Recording,#32770]
[Window,Class] = [,CAboutFrame]
Behavior description:打开互斥体
details:ShimCacheMutex
Behavior description:修改后的可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\msvcr90.dll ---> 4d03ca609e68f4c90cf66515218017f8
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\msvcp90.dll ---> 871f979d70414c900b35e56222932daf
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号