VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:17
Behavior list
Basic Information
MD5:93911ac3d52e3638055d4d8bb195f0a6
file type:EXE
Production company:
version:
Shell or compiler information:
Key behavior
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\sample.lnk
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ATL:0X015B3068]
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\!PrivacIE!SharedMem!Counter
Local\UrlZonesSM_Administrator
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\sample.lnk
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1094\temp\sample.exe
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1094\images\progressbar.gif---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1094\images\loader.gif---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\navcancl[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\errorPageStrings[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[3]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[2]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\info_48[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2]---> Offset = 0
C:\Documents and Settings\Administrator\桌面\sample.lnk---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1094\temp\sample.exe---> Offset = 49152
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = r1.fasties.org, PORT = 80
InternetConnectA: ServerName = c1.diriginal.org, PORT = 80
InternetConnectA: ServerName = c2.weberty.link, PORT = 80
Behavior description:建立到一个指定的套接字连接
details:127.0.0.1:1032
Behavior description:打开HTTP请求
details:HttpOpenRequestA: c1.diriginal.org:80/?step_id=1&sf=1&installer_id=8692018014446785117&publisher_id=20494&source_id=0&page_id=0&affiliate_id=master&country_code=cn&locale=en&browser_id=4&download_id=5293542119291780787&external_id=1425183518169530383&installe
HttpOpenRequestA: c2.weberty.link:80/?step_id=1&sf=1&installer_id=8692018014446785117&publisher_id=20494&source_id=0&page_id=0&affiliate_id=master&country_code=cn&locale=en&browser_id=4&download_id=5293542119291780787&external_id=1425183518169530383&installer
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\GlobalMaxTcpWindowSize
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500_CLASSES\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500_CLASSES\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\LocalServer32\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500_CLASSES\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\LocalServer32\ServerExecutable
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500_CLASSES\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\TypeLib\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500_CLASSES\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\Version\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500_CLASSES\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500_CLASSES\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\FLAGS\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500_CLASSES\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\0\win32\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500_CLASSES\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\HELPDIR\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500_CLASSES\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500_CLASSES\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ProxyStubClsid\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500_CLASSES\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ProxyStubClsid32\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500_CLASSES\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\TypeLib\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500_CLASSES\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\TypeLib\Version
Other behavior
Behavior description:内联HOOK
details:C:\WINDOWS\system32\kernel32.dll--->OpenFileMappingA Offset = 0x53
C:\WINDOWS\system32\kernel32.dll--->SetErrorMode Offset = 0x74
C:\WINDOWS\system32\kernel32.dll--->GetUserDefaultLCID Offset = 0xa0
C:\WINDOWS\system32\kernel32.dll--->FreeLibraryAndExitThread Offset = 0xb22
C:\WINDOWS\system32\kernel32.dll--->FindResourceW Offset = 0x96
C:\WINDOWS\system32\kernel32.dll--->GetCommTimeouts Offset = 0x3f95
C:\WINDOWS\system32\kernel32.dll--->SwitchToFiber Offset = 0xe9
C:\WINDOWS\system32\kernel32.dll--->GetSystemTimeAsFileTime Offset = 0x24
C:\WINDOWS\system32\kernel32.dll--->SystemTimeToFileTime Offset = 0x6d
C:\WINDOWS\system32\kernel32.dll--->GetFileSizeEx Offset = 0x69
C:\WINDOWS\system32\kernel32.dll--->GetTickCount Offset = 0xed
C:\WINDOWS\system32\kernel32.dll--->MapViewOfFileEx Offset = 0x6a
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ATL:0X015B3068]
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_DEBUG_PRIVILEGE
Abnormal crash
Behavior description:内联HOOK
details:C:\WINDOWS\system32\kernel32.dll--->OpenFileMappingA Offset = 0x53
C:\WINDOWS\system32\kernel32.dll--->SetErrorMode Offset = 0x74
C:\WINDOWS\system32\kernel32.dll--->GetUserDefaultLCID Offset = 0xa0
C:\WINDOWS\system32\kernel32.dll--->FreeLibraryAndExitThread Offset = 0xb22
C:\WINDOWS\system32\kernel32.dll--->FindResourceW Offset = 0x96
C:\WINDOWS\system32\kernel32.dll--->GetCommTimeouts Offset = 0x3f95
C:\WINDOWS\system32\kernel32.dll--->SwitchToFiber Offset = 0xe9
C:\WINDOWS\system32\kernel32.dll--->GetSystemTimeAsFileTime Offset = 0x24
C:\WINDOWS\system32\kernel32.dll--->SystemTimeToFileTime Offset = 0x6d
C:\WINDOWS\system32\kernel32.dll--->GetFileSizeEx Offset = 0x69
C:\WINDOWS\system32\kernel32.dll--->GetTickCount Offset = 0xed
C:\WINDOWS\system32\kernel32.dll--->MapViewOfFileEx Offset = 0x6a
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ATL:0X015B3068]
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_DEBUG_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号