VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Basic Information
MD5:a65375f97a2a122822871627d2ba91da
file type:MSI文件
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual C++ v7.1 DLL
Subfile information:disk1.cab / 7d109b082891dee2a56bfd48b8c6502f / Cab
Binary.Prereq.dll / ec762829da9ee98c7f68637565ae215f / DLL
!_StringData / 341e56ada156c770091f05638dde6ded / Unknown
Binary.aicustact.dll / 259a4d570031e6aaa548335348159c08 / DLL
Binary.dialog / 8a372c8339a8facc35088ce99a977d96 / Unknown
Icon.GuanDan.exe / ef5fb08aa7d564353282ec88494e0d3e / Unknown
!_StringPool / 880f57a1402a8b50c14c3d0c958f98db / Unknown
!_Validation / 67903414c222bf0735e3eccfeafc24d1 / Unknown
!Control / 2fd99bd7e26934edd99d1d8754a8c879 / Unknown
Binary.banner / c6b57f973a3273cb37a77c11b1aa498f / Unknown
Binary.removico / 20d25e871a244b94574c47726de745d6 / Unknown
Binary.repairic / d234ca0358b21bdcfc5e3f9b2e7c7a22 / Unknown
Binary.insticon / 66c842af0b4fc1c918f531d2e1087b82 / Unknown
Binary.custicon / 3eaebdade778394f06b29659c9c01ed7 / Unknown
Binary.completi / 45b0e074f96a859adae198187ab9fa11 / Unknown
Binary.cmdlinkarrow / 983358ce03817f1ca404befbe1e4d96a / Unknown
!File / 97e89a9f0fe0ec17377d42cae0dbb38b / Unknown
!Error / 18242ce73f5abe83e10890dbba667690 / Unknown
!ControlEvent / e2aec92189beb031d025d391e2f21520 / Unknown
Key behavior
Behavior description:直接调用系统关键API
details:Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x010046E5
Process behavior
Behavior description:创建进程
details:[0x00000ba8]ImagePath = C:\WINDOWS\system32\msiexec.exe, CmdLine = C:\WINDOWS\system32\MsiExec.exe -Embedding 56515149528927B217717D548EDBA5DB C
[0x00000d0c]ImagePath = C:\WINDOWS\system32\msiexec.exe, CmdLine = C:\WINDOWS\system32\MsiExec.exe -Embedding 5E0029098174F3DC11A1A7C78505FCAA
Behavior description:创建本地线程
details:TargetProcess: msiexec.exe, InheritedFromPID = 2000, ProcessID = 2872, ThreadID = 2896, StartAddress = 7CAA2A19, Parameter = 0007D7F0
TargetProcess: msiexec.exe, InheritedFromPID = 2000, ProcessID = 2872, ThreadID = 2900, StartAddress = 77E56C7D, Parameter = 000F8C88
TargetProcess: msiexec.exe, InheritedFromPID = 2000, ProcessID = 2872, ThreadID = 2904, StartAddress = 769AE43B, Parameter = 00104AA0
TargetProcess: msiexec.exe, InheritedFromPID = 652, ProcessID = 2908, ThreadID = 2916, StartAddress = 77DC3519, Parameter = 000E8B38
TargetProcess: msiexec.exe, InheritedFromPID = 652, ProcessID = 2908, ThreadID = 2920, StartAddress = 0100AC3F, Parameter = 00000000
TargetProcess: msiexec.exe, InheritedFromPID = 652, ProcessID = 2908, ThreadID = 2924, StartAddress = 77E56C7D, Parameter = 000F8918
TargetProcess: msiexec.exe, InheritedFromPID = 652, ProcessID = 2908, ThreadID = 2928, StartAddress = 769AE43B, Parameter = 000FB220
TargetProcess: msiexec.exe, InheritedFromPID = 652, ProcessID = 2908, ThreadID = 2932, StartAddress = 77E56C7D, Parameter = 000FCBF0
TargetProcess: msiexec.exe, InheritedFromPID = 2000, ProcessID = 2872, ThreadID = 2936, StartAddress = 77E56C7D, Parameter = 000F8BF8
TargetProcess: msiexec.exe, InheritedFromPID = 652, ProcessID = 2908, ThreadID = 2940, StartAddress = 77E56C7D, Parameter = 00100390
TargetProcess: msiexec.exe, InheritedFromPID = 2000, ProcessID = 2872, ThreadID = 2948, StartAddress = 7CA9D8AF, Parameter = 00158990
TargetProcess: msiexec.exe, InheritedFromPID = 2000, ProcessID = 2872, ThreadID = 2952, StartAddress = 7CADC288, Parameter = 0010F050
TargetProcess: msiexec.exe, InheritedFromPID = 2908, ProcessID = 2984, ThreadID = 2992, StartAddress = 77E56C7D, Parameter = 000F7290
TargetProcess: msiexec.exe, InheritedFromPID = 2908, ProcessID = 2984, ThreadID = 2996, StartAddress = 769AE43B, Parameter = 000F9B20
TargetProcess: msiexec.exe, InheritedFromPID = 2908, ProcessID = 2984, ThreadID = 3012, StartAddress = 77E56C7D, Parameter = 00100848
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\35804.msi
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI6.tmp
C:\WINDOWS\Installer\37ca3.msi
C:\WINDOWS\Installer\MSI7.tmp
C:\WINDOWS\Installer\MSI8.tmp
C:\WINDOWS\Installer\MSI9.tmp
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\MSI3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI6.tmp
C:\WINDOWS\Installer\MSI7.tmp
C:\WINDOWS\Installer\MSI8.tmp
C:\WINDOWS\Installer\MSI9.tmp
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\35804.msi
C:\WINDOWS\Installer\37ca3.msi
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.msi
FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\WINDOWS\Microsoft.NET\Framework\\*
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\MsiExec.exe
FileName = C:\WINDOWS\system32\msiexec.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\MSI3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI6.tmp
C:\WINDOWS\Installer\MSI7.tmp
C:\WINDOWS\Installer\MSI8.tmp
C:\WINDOWS\Installer\MSI9.tmp
C:\WINDOWS\Installer\37ca3.msi
C:\Documents and Settings\Administrator\Local Settings\Temp\35804.msi
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\35804.msi ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\35804.msi ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\35804.msi ---> Offset = 121368
C:\Documents and Settings\Administrator\Local Settings\Temp\35804.msi ---> Offset = 186904
C:\Documents and Settings\Administrator\Local Settings\Temp\35804.msi ---> Offset = 242736
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI3.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI3.tmp ---> Offset = 512
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI3.tmp ---> Offset = 1024
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI3.tmp ---> Offset = 1536
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI3.tmp ---> Offset = 2048
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI4.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI4.tmp ---> Offset = 512
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI4.tmp ---> Offset = 1024
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI4.tmp ---> Offset = 1536
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI4.tmp ---> Offset = 2048
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.MDL
Global\_MSIExecute
Behavior description:创建事件对象
details:EventName = Global\crypt32LogoffEvent
EventName = MSCTF.SendReceive.Event.MDL.IC
EventName = MSCTF.SendReceiveConection.Event.MDL.IC
EventName = DisableLowDiskWarning
Behavior description:直接调用系统关键API
details:Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x010046E5
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:打开事件
details:CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Global\crypt32LogoffEvent
MSFT.VSA.COM.DISABLE.2872
MSFT.VSA.IEC.STATUS.6c736db0
Global\SvcctrlStartEvent_A3752DX
MSFT.VSA.COM.DISABLE.2908
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
MSFT.VSA.COM.DISABLE.2984
_fCanRegisterWithShellService
\INSTALLATION_SECURITY_HOLD
MSFT.VSA.COM.DISABLE.3340
Behavior description:调整进程token权限
details:SE_SHUTDOWN_PRIVILEGE
SE_INCREASE_QUOTA_PRIVILEGE
SE_RESTORE_PRIVILEGE
SE_SECURITY_PRIVILEGE
SE_CREATE_TOKEN_PRIVILEGE
SE_ASSIGNPRIMARYTOKEN_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 2872, Hwnd=0x10380, Text = &Next >, ClassName = Button.
Pid = 2872, Hwnd=0x1037c, Text = Cancel, ClassName = Button.
Pid = 2872, Hwnd=0x10384, Text = dialog, ClassName = Static.
Pid = 2872, Hwnd=0x1037e, Text = < &Back, ClassName = Button.
Pid = 2872, Hwnd=0x1037a, Text = Welcome to 单机掼蛋 Setup Wizard, ClassName = Static.
Pid = 2872, Hwnd=0x10378, Text = The Setup Wizard will install 单机掼蛋 on your computer. Click Next to continue or Cancel to exit the Setup Wizard., ClassName = Static.
Pid = 2872, Hwnd=0x10374, Text = 单机掼蛋 Setup, ClassName = MsiDialogCloseClass.
Pid = 2872, Hwnd=0x20366, Text = &Next >, ClassName = Button.
Pid = 2872, Hwnd=0x1038a, Text = &Folder:, ClassName = Static.
Pid = 2872, Hwnd=0x1038c, Text = C:\Program Files\tonycoming\单机掼蛋\, ClassName = RichEdit20W.
Pid = 2872, Hwnd=0x20368, Text = Br&owse..., ClassName = Button.
Pid = 2872, Hwnd=0x3035c, Text = Advanced Installer, ClassName = Static.
Pid = 2872, Hwnd=0x2036c, Text = Cancel, ClassName = Button.
Pid = 2872, Hwnd=0x2036a, Text = < &Back, ClassName = Button.
Pid = 2872, Hwnd=0x10386, Text = banner, ClassName = Static.
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\MSI3.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI4.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI5.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI6.tmp(签名验证: 未通过)
C:\WINDOWS\Installer\MSI7.tmp(签名验证: 未通过)
C:\WINDOWS\Installer\MSI8.tmp(签名验证: 未通过)
C:\WINDOWS\Installer\MSI9.tmp(签名验证: 未通过)
Behavior description:隐藏指定窗口
details:[Window,Class] = [Windows Installer,#32770]
[Window,Class] = [,Static]
[Window,Class] = [ ,Static]
[Window,Class] = [单机掼蛋 Setup,MsiDialogCloseClass]
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\MSI3.tmp ---> 259a4d570031e6aaa548335348159c08
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI4.tmp ---> 259a4d570031e6aaa548335348159c08
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI5.tmp ---> ec762829da9ee98c7f68637565ae215f
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI6.tmp ---> 259a4d570031e6aaa548335348159c08
C:\WINDOWS\Installer\MSI7.tmp ---> 259a4d570031e6aaa548335348159c08
C:\WINDOWS\Installer\MSI8.tmp ---> 259a4d570031e6aaa548335348159c08
C:\WINDOWS\Installer\MSI9.tmp ---> ec762829da9ee98c7f68637565ae215f
Behavior description:打开互斥体
details:ShimCacheMutex
Global\_MSIExecute
Behavior description:加载新释放的文件
details:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI3.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI4.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI5.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI6.tmp.
Image: C:\WINDOWS\Installer\MSI7.tmp.
Image: C:\WINDOWS\Installer\MSI8.tmp.
Image: C:\WINDOWS\Installer\MSI9.tmp.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号