VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:9a46f1e4f98abeb1aca0c42e132e2757
file type:7z
Production company:TektonIT
version:6.3.0.6---6.3
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Subfile information:Data1.cabdumpFile / big file / Cab
installer.exe / big file / EXE
rms.host6.3ru_mod.msi / big file / Compound
!_StringDatadumpFile / 5dd6d939e9125a72898119de718120a8 / Unknown
Binary.ISSELFREG.DLLdumpFile / b9be841281819a5af07e3611913a55f5 / DLL
Binary.SetAllUsers.dlldumpFile / b0bcc622f1fff0eec99e487fa1a4ddd9 / DLL
Icon.server_stop_27D7873393984316BEA10FB36BB4D2F9.exedumpFile / 9e2c097647125ee25068784acb01d7d3 / EXE
Icon.server_start_C00864331B9D4391A8A26292A601EBE2.exedumpFile / 9e2c097647125ee25068784acb01d7d3 / EXE
Icon.server_config_C8E9A92497A149D695F92E4E3AE550F0.exedumpFile / 9e2c097647125ee25068784acb01d7d3 / EXE
Icon.ARPPRODUCTICON.exedumpFile / 4667578a6b885927dac70c85a3e87e4f / EXE
Icon.UNINST_Uninstall_R_3B1E3C8B7D0945898DA82CEEED02F0C7.exedumpFile / feadfa166a51e957ec1d7cce7eaf403b / EXE
Binary.NewBinary5dumpFile / f2214468d60379585113dbc7b88ac0ca / Unknown
!_StringPooldumpFile / c2479e7a3cd7a2ac741f5c83d7149130 / Unknown
!ControldumpFile / 834dd1d2236576bfc8bb9fa63cce9067 / Unknown
Binary.NewBinary9dumpFile / 6e42cf0d47af25dea4cecdbe093d521c / Unknown
Binary.NewBinary1dumpFile / ae356e1982de3219b03d45acf8b3d0cd / Unknown
_DigitalSignaturedumpFile / 199f29fdbd476a2c4163ee76419afdb1 / Unknown
!_ValidationdumpFile / 87479a6599fa571e004751e77016d27b / Unknown
Binary.NewBinary10dumpFile / 7f2548dc667d9a15410e22ed3a0fd099 / Unknown
Key behavior
Behavior description:打开注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
ShmNPA_UnitVersioning_1268
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = c:\docume~1\admini~1\locals~1\temp\7zipsfx.000\installer.exe, CmdLine = "c:\docume~1\admini~1\locals~1\temp\7zipsfx.000\installer.exe" /rsetup
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\msiexec.exe, CmdLine = "C:\WINDOWS\system32\msiexec.exe" /i "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\rms.host6.3ru_mod.msi" /qn
ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\killself.bat
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\installer.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\installer.exe" /rsetup
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
ShmNPA_UnitVersioning_1268
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\installer.exe
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\rms.host6.3ru_mod.msi---> Offset = 4194304
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\installer.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\installer.zh-CN
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\installer.zh-Hans
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\installer.zh
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\installer.CHS
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\installer.CH
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\installer.exe
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\msiexec.exe
Other behavior
Behavior description:打开注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions
Behavior description:枚举窗口
details:N/A
Behavior description:窗口信息
details:Pid = 4084, Hwnd=0x302a8, Text = C:\WINDOWS\system32\cmd.exe, ClassName = ConsoleWindowClass.
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
MutexNPA_UnitVersioning_1268
SHIMLIB_LOG_MUTEX
Global\_MSIExecute
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
SE_INCREASE_QUOTA_PRIVILEGE
SE_CREATE_TOKEN_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号