VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:80
Behavior list
Basic Information
MD5:964751973a7f87fae1f574541bcde9ee
file type:Nsis
Production company:
version:
Shell or compiler information:
Subfile information:$[34] / big file / Nsis
libgpac.dlldumpFile / b270313a87ef3ced1883edb3b4e1aceb / DLL
dl.dll / ebe2006294dddc16761ad3f206ebca92 / DLL
lmod.dll / da1cdf3926ae9fa1ab64daef13092268 / DLL
BDMSkin.dll / 1fdae115515799f41a07f2534045f506 / DLL
VdMini.exedumpFile / 68e495d2f4741e73b9a845b3db31a1c6 / EXE
libeay32.dlldumpFile / 5ef0ecec2339f678f2ddb6b57cee8de3 / DLL
libeay32.dlldumpFile / b94d6173a43f3caabe10393cd0fc3a3d / DLL
BDMNet.dll / c7a70450697d6b8ff4c789235fe94025 / DLL
BDMReport.dll / 129d43f0c3aa4541fabd25121469b4ce / DLL
Downloader_rtmp.dlldumpFile / bb3862b95335a65f6a7afd7ff337bcf9 / DLL
Analyzer.dlldumpFile / 5fde48c9b43ad7e4b3fa94730c19e6a8 / DLL
ViDown.exedumpFile / 4a25e3ad04c05371cd606edaa7fd7c49 / EXE
msvcr100.dlldumpFile / 85ea7ac7a8ce95f9951fa5f5b67660c6 / DLL
VDPlayer.exedumpFile / 5d3a88633d7c6e99c6aab31d8d2453cc / EXE
BDMSDWrench.dll / b6ac0cc57a225ec73c391a8e84e10ac2 / DLL
msvcr90.dlldumpFile / e7d91d008fe76423962b91c43c88e4eb / DLL
js32.dlldumpFile / e2498952567392698146764833d74459 / DLL
dbghelp.dlldumpFile / 3d15da1b4cbbc3c2c27224de7cc801b4 / DLL
Key behavior
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [AladinDemo Setup: Installing,#32770]
Behavior description:查找文件方式探测VMware
details:FindFirstFileEx: FileName = c:\program files\common files\vmware\*
FindFirstFileEx: FileName = c:\program files\vmware\*
Behavior description:按名称获取主机地址
details:p.x.baidu.com
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.ALI..HMGKF
MSCTF.MarshalInterface.FileMap.ALI.B.DFHKF
MSCTF.MarshalInterface.FileMap.ALI.C.DFHKF
MSCTF.MarshalInterface.FileMap.ALI.D.DFHKF
MSCTF.MarshalInterface.FileMap.ALI.E.BKHKF
MSCTF.MarshalInterface.FileMap.ALI.F.BMHKF
MSCTF.MarshalInterface.FileMap.ALI.G.BMHKF
MSCTF.Shared.SFM.ALI
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk6.tmp\BDMSkin.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk6.tmp\BDMYinD.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk6.tmp\dl.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk6.tmp\BDMNet.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk6.tmp\BDMReport.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk6.tmp\BDMNetGetInfo.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk6.tmp\kmod.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk6.tmp\lmod.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk6.tmp\AladdinInstallHelper.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk6.tmp\BDMSDWrench.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2015311371.261\ViDown_1.2.9.5_setup.1418034737.exe
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk6.tmp\AladdinWnd.zip---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk6.tmp\task.xml---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk6.tmp\logo.png---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk6.tmp\setup.ico---> Offset = 49152
C:\Documents and Settings\All Users\Application Data\Baidu\Common\Global.db---> Offset = 20
Network behavior
Behavior description:发送一个已连接的套接字数据
details:SOCKET = 0x000006a0, TotalSize = 235, Offset = 0, ReadSize = 235.
Behavior description:建立到一个指定的套接字连接
details:219.133.40.1:80
Behavior description:按名称获取主机地址
details:p.x.baidu.com
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.ALI
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [AladinDemo Setup: Installing,#32770]
Behavior description:样本控制台输出内容
details:N/A
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 2220, Hwnd=0x1036e, Text = 维棠FLV视频下载 安装, ClassName = AladdinInstallWnd.
Pid = 2220, Hwnd=0x10352, Text = &Close, ClassName = Button.
Pid = 2220, Hwnd=0x10354, Text = Cancel, ClassName = Button.
Pid = 2220, Hwnd=0x1035a, Text = Nullsoft Install System (Unicode) v2.46.5-Unicode, ClassName = Static.
Pid = 2220, Hwnd=0x10360, Text = Extract: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\\2015311371.261\ViDown_1.2.9.5_setup.1418034737.exe... 76%, ClassName = Static.
Pid = 2220, Hwnd=0x10368, Text = Show &details, ClassName = Button.
Pid = 2220, Hwnd=0x10350, Text = < &Back, ClassName = Button.
Pid = 2220, Hwnd=0x10360, Text = Completed, ClassName = Static.
Behavior description:查找文件方式探测VMware
details:FindFirstFileEx: FileName = c:\program files\common files\vmware\*
FindFirstFileEx: FileName = c:\program files\vmware\*
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号