VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:b6a6927f8cae906345d36f431308a626
file type:zip
Production company:
version:
Shell or compiler information:
Subfile information:CellPhone.exe / 21ecb5718f10af96e3ccb7158356b7ef / EXE
AntiAdwa.dll / 038e558100b9087608e8088ec497fe37 / DLL
cloudcom2.dll / 2b26890cfbe8b6e26c0f28086a125e5b / DLL
cloudsec3.dll / b65464de3d8e0ebfe83b4ff1284afa26 / DLL
360ScreenCapture.exe / a148d4323e48b6e5fed1b7d91892da39 / EXE
BFsAndReg.dll / 49dc5f920b0640e36bd41992ba13c6fe / DLL
360Util.dll / aa8521186e21bcc5e13e8f28707c753f / DLL
CQhCltHttpW.dll / bc26876ec6d1d26a6ff17f87c0836a12 / DLL
CheckSM.dll / 4edc33d7f63fff234a72eab0692fae52 / DLL
BAPI.dll / 86b8154a3dc6db1ab5b6e84106e45bd5 / DLL
AntiWriteBack.dll / 5e9d49f1f4f18c5d75da2f5a718c0cef / DLL
BeepMBR.sys / 57caa83e78c8fd4f58df5a425aa4f67f / SYS
CheckSM.exe / b7bc2a558e1328f666988b22a1cc2a31 / EXE
AntiDllHiJack.dll / 8ba0813b6bf61216ffd03ef53b8bc74f / DLL
360Verify.dll / 787ccb5e27181cad98a212a74d318810 / DLL
AutorunFixer.dll / d790f0db5c8d79d42b3129dae6c6da84 / DLL
art.dat / 54799772dbba246c8e5d04ef9ee015a8 / Unknown
Agreement.Txt / 3610b149bee7198b7866b53d90fe23ba / Unknown
csp.dat / 0fe11d18ed9dade03740dd5eb5e17fee / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EDC..LPCHH
MSCTF.MarshalInterface.FileMap.EDC.B.LPCHH
MSCTF.MarshalInterface.FileMap.EDC.C.LPCHH
MSCTF.MarshalInterface.FileMap.EDC.D.LPCHH
MSCTF.MarshalInterface.FileMap.EDC.E.LADHH
MSCTF.MarshalInterface.FileMap.EDC.F.LADHH
MSCTF.MarshalInterface.FileMap.EDC.G.LADHH
MSCTF.Shared.SFM.EDC
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000302bc, Text = 安卓手机顽固木马专杀, ClassName = cp*MessageBox.
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ATL:00505CC8]
Behavior description:按名称获取主机地址
details:update.360safe.com
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EDC..LPCHH
MSCTF.MarshalInterface.FileMap.EDC.B.LPCHH
MSCTF.MarshalInterface.FileMap.EDC.C.LPCHH
MSCTF.MarshalInterface.FileMap.EDC.D.LPCHH
MSCTF.MarshalInterface.FileMap.EDC.E.LADHH
MSCTF.MarshalInterface.FileMap.EDC.F.LADHH
MSCTF.MarshalInterface.FileMap.EDC.G.LADHH
MSCTF.Shared.SFM.EDC
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpu3012.tmp---> Offset = 0
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446400182.996823.exe_7zdump\SkAdb\*.tmp
Network behavior
Behavior description:联网打开网址
details:InternetOpenUrlA: http://update.360safe.com/safe/fixtool5_64.ini?000772AD hInternet = 0x00000660
Behavior description:建立到一个指定的套接字连接
details:219.133.40.1:80
Behavior description:按名称获取主机地址
details:update.360safe.com
Behavior description:发送一个已连接的套接字数据
details:SOCKET = 0x00000640, TotalSize = 167, Offset = 0, ReadSize = 167.
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\360Safe\Liveup\mid
Other behavior
Behavior description:创建互斥体
details:1830B7BD-F7A3-4c4d-989B-C004DE465EDE 1772
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
*!@cellphone@!*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EDC
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ATL:00505CC8]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取系统权限
details:SE_DEBUG_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000302bc, Text = 安卓手机顽固木马专杀, ClassName = cp*MessageBox.
Behavior description:窗口信息
details:Pid = 1772, Hwnd=0x302bc, Text = 安卓手机顽固木马专杀, ClassName = cp*MessageBox.
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号