VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:72
Behavior list
Basic Information
MD5:a4649a522d0adcf759aca9a1ba6b8d8e
file type:Rar
Production company:
version:
Shell or compiler information:COMPILER:UPolyX v0.5
Subfile information:ThunderCore.xar / 0a6a95d3f38366be5c515e3b5458e0ed / Unknown
XLUE.dll / 1ae4738555bd8e57c170ec0f46833517 / DLL
DownloadSDK.dll / da7926db986caaf30b89c5d78b0d5bd6 / DLL
DownloadKernel.dll / c9bf2608866b15ee2e3072e666155e38 / DLL
ThunderNewTask.exe / 299be8eb78d174f6ee90fbf5f10f4ca9 / EXE
XLAccount.dll / f1dbc38792a7b7e71b740890f4414255 / DLL
Offline.xar / 0f9578c2784baf63d433ce5c4b8e7951 / Unknown
np_tdieplat.dll / 28a9c1b9fbcea96d821a342d4051f29d / DLL
TaskDetailInfoPanel.xar / 15e5b3bfb925b301ee720e783fda3585 / Unknown
P2PBase.dll / 93b1b325463996fb7469b440d7ddb731 / DLL
BasicControls.xar / 686aad9d946553ec0544a1333e69dd15 / Unknown
Thunder.exe / 70917b1e59289d97c4591bdfdc65b77d / EXE
BaseCommunity.xar / ac7647cc76e262308f0bf028110beeda / Unknown
XUdt.dll / 76ee56decfeae52bc0d9099d558b4a23 / DLL
DownloadDispatcher.xta / 4b2463c74f90fcebf2a7ce22c5a387bc / Unknown
P2PFramework.dll / cada6b2a1f284ac8810b807abd2a28e3 / DLL
XLGraphic.dll / a33f843f731b2e1db0b523f8e290838e / DLL
BrowserSupport.xar / 7a1bc536dc39a66c55186e74d0010a7d / Unknown
libexpat.dll / 4dd4db83e6e0278a4d1ec9843be0c24b / DLL
Process behavior
Behavior description:创建本地线程
details:TargetProcess: ThunderNewTask.exe, InheritedFromPID = 2000, ProcessID = 3456, ThreadID = 3492, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: ThunderNewTask.exe, InheritedFromPID = 2000, ProcessID = 3456, ThreadID = 3532, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: ThunderNewTask.exe, InheritedFromPID = 2000, ProcessID = 3456, ThreadID = 3536, StartAddress = 7854345E, Parameter = 0150BB10
TargetProcess: ThunderNewTask.exe, InheritedFromPID = 2000, ProcessID = 3456, ThreadID = 3540, StartAddress = 7854345E, Parameter = 0150BD30
TargetProcess: ThunderNewTask.exe, InheritedFromPID = 2000, ProcessID = 3456, ThreadID = 3544, StartAddress = 7854345E, Parameter = 0150BD30
TargetProcess: ThunderNewTask.exe, InheritedFromPID = 2000, ProcessID = 3456, ThreadID = 3584, StartAddress = 7854345E, Parameter = 0150BD30
TargetProcess: ThunderNewTask.exe, InheritedFromPID = 2000, ProcessID = 3456, ThreadID = 3588, StartAddress = 7854345E, Parameter = 0150BD30
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\All Users\Application Data\Thunder Network\DownloadLib\pub_store.dat
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\迅雷大众版+v9.1.38.862+V3\Thunder 9\Data\ThunderNewTaskStat.dat
Behavior description:修改文件内容
details:C:\Documents and Settings\All Users\Application Data\Thunder Network\DownloadLib\pub_store.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\迅雷大众版+v9.1.38.862+V3\Thunder 9\Data\ThunderNewTaskStat.dat ---> Offset = 0
Behavior description:查找文件
details:FileName = C:\WINDOWS
FileName = C:\WINDOWS\WinSxS
FileName = C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCR90.dll
Network behavior
Behavior description:连接指定站点
details:WinHttpConnect: ServerName = xm****et, PORT = 80, UserName = , Password = , hSession = 0x02421100, hConnect = 0x02421200, Flags = 0x00000000
Behavior description:打开HTTP连接
details:WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x02421100
Behavior description:建立到一个指定的套接字连接
details:URL: xm****et, IP: **.133.40.**:80, SOCKET = 0x00000278
Behavior description:发送HTTP包
details:GET /?appid=54 HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: xm****et Connection: Keep-Alive
Behavior description:打开HTTP请求
details:WinHttpOpenRequest: xm****et:80/?appid=54, hConnect = 0x02421200, hRequest = 0x025d0000, Verb: GET, Referer: , Flags = 0x00000080
Behavior description:按名称获取主机地址
details:GetAddrInfoW: xm****et
Other behavior
Behavior description:设置对象安全信息
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\迅雷大众版+v9.1.38.862+V3\Thunder 9\Program\
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
ThunerNewTask_Instance
Behavior description:隐藏指定窗口
details:[Window,Class] = [ThunderNewTask_CDownloadClientMgrWnd,ATL:0047CA18]
[Window,Class] = [ThunderNewTask_AgentDataWnd,CAgentDataWindow]
[Window,Class] = [,ATL:01F31238]
[Window,Class] = [,ATL:01F31538]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [CAgentDataWindow,ThunderNewTask_AgentDataWnd]
NtUserFindWindowEx: [Class,Window] = [Xunlei.IPC.Server.Window,Xunlei.XLIPC.DownloadAppIPC.Window]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Behavior description:打开互斥体
details:ShimCacheMutex
N/A
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号