VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:77
Behavior list
Basic Information
MD5:ab9f3741ce70ed9d7ebe94051d6a7778
file type:EXE
Production company:Piriform Ltd
version:5.33.0.6162---5, 33, 00, 6162
Shell or compiler information:COMPILER:PE+(64)
Subfile information:0296dumpFile / 1300b6b2307f6d14b794f52373c5c3bb / DLL
Key behavior
Behavior description:获取TickCount值
details:TickCount = 762600, SleepMilliseconds = 100.
TickCount = 762615, SleepMilliseconds = 100.
TickCount = 762631, SleepMilliseconds = 100.
TickCount = 764193, SleepMilliseconds = 100.
TickCount = 764209, SleepMilliseconds = 100.
TickCount = 764287, SleepMilliseconds = 100.
TickCount = 764303, SleepMilliseconds = 100.
Process behavior
Behavior description:创建本地线程
details:ProcessId = 768, ThreadId = 2948.
ProcessId = 768, ThreadId = 2932.
ProcessId = 768, ThreadId = 3412.
ProcessId = 768, ThreadId = 1804.
ProcessId = 768, ThreadId = 3436.
ProcessId = 768, ThreadId = 2860.
ProcessId = 768, ThreadId = 3948.
ProcessId = 768, ThreadId = 4012.
ProcessId = 768, ThreadId = 3136.
ProcessId = 768, ThreadId = 604.
ProcessId = 768, ThreadId = 3232.
ProcessId = 768, ThreadId = 2092.
File behavior
Behavior description:创建文件
details:C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7GVVEOLL6LXZN5MC2H8H.temp
Behavior description:重命名文件
details:C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7GVVEOLL6LXZN5MC2H8H.temp ---> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\f76de3f293fd9f04.customDestinations-ms
Behavior description:修改文件内容
details:C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7GVVEOLL6LXZN5MC2H8H.temp ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7GVVEOLL6LXZN5MC2H8H.temp ---> Offset = 4096
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7GVVEOLL6LXZN5MC2H8H.temp ---> Offset = 8192
Behavior description:查找文件
details:FileName = C:\Users
FileName = C:\Users\Administrator\AppData
FileName = C:\Users\Administrator\AppData\Local
FileName = C:\Users\Administrator\AppData\Local\Temp
FileName = C:\Users\Administrator\AppData\Local\%temp%
FileName = C:\Users\Administrator\AppData\Local\%temp%\****.exe
FileName = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\*
FileName = C:\Users\Administrator\AppData\Local\Flock\User Data\*
FileName = C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\*
FileName = C:\Users\Administrator\AppData\Local\Chromium\User Data\*
FileName = C:\Users\Administrator\AppData\Local\RockMelt\User Data\*
FileName = C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\*
FileName = C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\User Data\*
FileName = C:\Users\Administrator\AppData\Local\Spark\User Data\*
FileName = C:\Users\Administrator\AppData\Local\Torch\User Data\*
Network behavior
Behavior description:联网打开网址
details:InternetOpenUrlA: https://ww****om/go/app_cc_pro_trialkey, hInternet = 0x00cc0004, Flags = 0x80800000
Behavior description:打开HTTP连接
details:InternetOpenA: UserAgent: Mozilla/4.0 (CCleaner, 5.33.6162), hSession = 0x00cc0004
Behavior description:按名称获取主机地址
details:GetAddrInfoW: ww****om
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Piriform\CCleaner\WipeFreeSpaceDrives
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\RestartManager\Session0000\Owner
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\RestartManager\Session0000\SessionHash
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\RestartManager\Session0000\Sequence
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\RestartManager\Session0000\RegFiles0000
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\RestartManager\Session0000\RegFilesHash
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Piriform\CCleaner\CookiesToSave
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Piriform\CCleaner\RunICS
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Piriform\CCleaner\Monitoring
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\RestartManager\Session0000\RegFilesHash
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\RestartManager\Session0000\RegFiles0000
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\RestartManager\Session0000\Sequence
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\RestartManager\Session0000\SessionHash
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\RestartManager\Session0000\Owner
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Piriform\CCleaner\AutoICS
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Piriform\CCleaner\AutoUpdateNotificationExpiryTime
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect
Behavior description:删除注册表键
details:\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\RestartManager\Session0000\
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:Piriform_CCleaner_PreventSecondInstance
Piriform_CCleaner_SystemTrayIconActive
Local\SessionImmersiveColorMutex
Local\RstrMgr3887CAB8-533F-4C85-B0DC-3E5639F8D511
Local\RstrMgr-3887CAB8-533F-4C85-B0DC-3E5639F8D511-Session0000
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Behavior description:隐藏指定窗口
details:[Window,Class] = [Update available,Button]
[Window,Class] = [&Upgrade,Button]
[Window,Class] = [,Edit]
[Window,Class] = [,msctls_progress32]
Behavior description:窗口信息
details:Pid = 768, Hwnd=0xa0272, Text = &Analyze, ClassName = Button.
Pid = 768, Hwnd=0x40386, Text = &Run Cleaner, ClassName = Button.
Pid = 768, Hwnd=0x80412, Text = Update available, ClassName = Button.
Pid = 768, Hwnd=0x4040c, Text = Check for &updates, ClassName = Static.
Pid = 768, Hwnd=0x402c2, Text = &Cleaner, ClassName = Button.
Pid = 768, Hwnd=0x80226, Text = Re&gistry, ClassName = Button.
Pid = 768, Hwnd=0x80222, Text = &Tools, ClassName = Button.
Pid = 768, Hwnd=0xf0282, Text = &Options, ClassName = Button.
Pid = 768, Hwnd=0x4041c, Text = &Upgrade, ClassName = Button.
Pid = 768, Hwnd=0xb0250, Text = Piriform CCleaner, ClassName = PiriformCCleaner.
Behavior description:打开事件
details:\KernelObjects\MaximumCommitCondition
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagAJBAHNDAGPPHAAAAAADAAAAA
MSFT.VSA.COM.DISABLE.768
MSFT.VSA.IEC.STATUS.6c736db0
Behavior description:获取TickCount值
details:TickCount = 762600, SleepMilliseconds = 100.
TickCount = 762615, SleepMilliseconds = 100.
TickCount = 762631, SleepMilliseconds = 100.
TickCount = 764193, SleepMilliseconds = 100.
TickCount = 764209, SleepMilliseconds = 100.
TickCount = 764287, SleepMilliseconds = 100.
TickCount = 764303, SleepMilliseconds = 100.
Behavior description:获取光标位置
details:CursorPos = (156,18470), SleepMilliseconds = 100.
CursorPos = (6449,26503), SleepMilliseconds = 100.
CursorPos = (19284,15727), SleepMilliseconds = 100.
CursorPos = (11593,29361), SleepMilliseconds = 100.
CursorPos = (27077,24467), SleepMilliseconds = 100.
CursorPos = (5820,28148), SleepMilliseconds = 100.
CursorPos = (23396,16830), SleepMilliseconds = 100.
CursorPos = (10076,494), SleepMilliseconds = 100.
CursorPos = (3110,11945), SleepMilliseconds = 100.
CursorPos = (4942,5439), SleepMilliseconds = 100.
CursorPos = (32506,14607), SleepMilliseconds = 100.
CursorPos = (4017,156), SleepMilliseconds = 100.
CursorPos = (407,12385), SleepMilliseconds = 100.
CursorPos = (17536,18719), SleepMilliseconds = 100.
CursorPos = (19833,19898), SleepMilliseconds = 100.
Behavior description:枚举窗口
details:N/A
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 100.
Behavior description:打开互斥体
details:Local\MSCTF.Asm.MutexDefault1S-1-5-21-1170589654-2814428265-349930785-500
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault1
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号