VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:20
Behavior list
Basic Information
MD5:b59b8c0e8395945ce95dc6495888d39e
file type:Rar
Production company:
version:
Shell or compiler information:COMPILER:Elan
Subfile information:aspack212r_ebcae0b0dumpFile / 2a463e1b6f56ecd584f9121e9de3b38c / EXE
透明头像.exe / 6ee339e8f20593242fed3dd811793aae / EXE
CF辅助外挂交流群 492201331.url / 54cd0c201133a2878b44749ab2968b2b / Unknown
不会使用加我QQ1323912567.url / 3b0ac524b8ce302f6635accdf733d446 / Unknown
下载更多CF辅助.url / d46c9ec1b1cb99b4dd2c9815bcdd35cf / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.IHF..CHHGH
MSCTF.MarshalInterface.FileMap.IHF.B.CIHGH
MSCTF.MarshalInterface.FileMap.IHF.C.CIHGH
MSCTF.MarshalInterface.FileMap.IHF.D.CIHGH
MSCTF.MarshalInterface.FileMap.IHF.E.BJHGH
MSCTF.MarshalInterface.FileMap.IHF.F.BKHGH
MSCTF.MarshalInterface.FileMap.IHF.G.ALHGH
MSCTF.Shared.SFM.IHF
Behavior description:连接QQ登录服务器
details:InternetConnectA: ServerName = ptlogin2.qq.com, PORT = 80
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:隐藏指定窗口
details:[Window,Class] = [重新登录,Afx:400000:b:502e7:1900015:0]
[Window,Class] = [上传失败怎么办?,Afx:400000:b:502e7:1900015:0]
[Window,Class] = [,Afx:400000:8:10011:1900015:0]
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x01010055, DC = 0x01010055.
Foreground window Info: HWND = 0x0101038b, DC = 0x0101038b.
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.IHF..CHHGH
MSCTF.MarshalInterface.FileMap.IHF.B.CIHGH
MSCTF.MarshalInterface.FileMap.IHF.C.CIHGH
MSCTF.MarshalInterface.FileMap.IHF.D.CIHGH
MSCTF.MarshalInterface.FileMap.IHF.E.BJHGH
MSCTF.MarshalInterface.FileMap.IHF.F.BKHGH
MSCTF.MarshalInterface.FileMap.IHF.G.ALHGH
MSCTF.Shared.SFM.IHF
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445946543.856645.exe_7zdump\透明头像.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qrc.png
FileName =
Network behavior
Behavior description:连接QQ登录服务器
details:InternetConnectA: ServerName = ptlogin2.qq.com, PORT = 80
Behavior description:下载文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qrc.png
Behavior description:读取网络文件
details:hFile = 0x00000650, BytesToRead =10240, BytesRead = 10240.
hFile = 0x00000654, BytesToRead =512, BytesRead = 512.
hFile = 0x00000648, BytesToRead =512, BytesRead = 512.
hFile = 0x0000064c, BytesToRead =512, BytesRead = 512.
Behavior description:打开HTTP请求
details:HttpOpenRequestA: ptlogin2.qq.com:80/ptqrshow?appid=549000912&e=2&l=m&s=3&d=72&v=4&t=0.6169928649913426&daid=5, hConnect = 0x00000654
HttpOpenRequestA: ptlogin2.qq.com:80/ptqrlogin?u1=http%3a%2f%2fqzs.qq.com%2fqzone%2fv5%2floginsucc.html%3fpara%3dizone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=16-44-1412049235444&js_ver=10095&js_type=1&login_sig=&pt_uistyle=32&aid=549000912&daid
Other behavior
Behavior description:创建互斥体
details:RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.IHF
Behavior description:隐藏指定窗口
details:[Window,Class] = [重新登录,Afx:400000:b:502e7:1900015:0]
[Window,Class] = [上传失败怎么办?,Afx:400000:b:502e7:1900015:0]
[Window,Class] = [,Afx:400000:8:10011:1900015:0]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 284, Hwnd=0x302da, Text = 请使用QQ手机版扫描二维码安全登录, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 284, Hwnd=0x202c8, Text = QQ扫一扫安全登录, ClassName = WTWindow.
Pid = 284, Hwnd=0x202d8, Text = 上传失败怎么办?, ClassName = Afx:400000:b:502e7:1900015:0.
Pid = 284, Hwnd=0x202d6, Text = 重新登录, ClassName = Afx:400000:b:502e7:1900015:0.
Pid = 284, Hwnd=0x302dc, Text = 欢迎使用,请先登录..., ClassName = Afx:400000:b:10011:1900015:0.
Pid = 284, Hwnd=0x202d4, Text = 状态:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 284, Hwnd=0x302bc, Text = 更多QQ技术 >, ClassName = Afx:400000:b:502e7:1900015:0.
Pid = 284, Hwnd=0x302ba, Text = 一键上传QQ透明头像, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 284, Hwnd=0x202b4, Text = 上传, ClassName = Button.
Pid = 284, Hwnd=0x202cc, Text = 扫码登录后点击上传, ClassName = Button(GroupBox).
Pid = 284, Hwnd=0x202a8, Text = QQ透明头像神器V2.0 - 菲菲博客网, ClassName = WTWindow.
Pid = 284, Hwnd=0x302dc, Text = 操作失败,请重新登录!, ClassName = Afx:400000:b:10011:1900015:0.
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x01010055, DC = 0x01010055.
Foreground window Info: HWND = 0x0101038b, DC = 0x0101038b.
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qrc.jpg
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号