VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:88
Behavior list
Basic Information
MD5:bad1cdc4fbc0eceeebe449903f5dba30
file type:Rar
Production company:
version:
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [Overlay]
Subfile information:aspack.dll / 01a6f608860dfefc7ac410d711e38de3 / DLL
ASPack.exe / c0f3c8d148d1e270516eeffb858addaf / EXE
pcnsl.exe / 8536f47393b2835cb6b676e02ec94228 / EXE
ASPack_ru.chm / e7cda463cd8073725a5eb221f7ccf539 / Chm
ASPack.chm / 4a52838fc45e1987f8580349a3d335e7 / Chm
aspack.x86 / d3ce2523d597a96f36b65c8896a2d5d8 / EXE
license_ru.rtf / 470a97622a13830e6a49d917fa450e4a / Unknown
license.rtf / 1b700295112453a75339d6f51f1a292d / Unknown
Polski.ini / c6a9721eb5c7c07550509d1cd975651a / Unknown
French.ini / 139be2e03069f6a7407a570a91d61ee6 / Unknown
Italian.ini / f7446769f2032bd3068b12bd6e01bf34 / Unknown
Suomi.ini / 9ba1b8236930c09a532a38b2f0e333dd / Unknown
Spanish.ini / da9dd1db330e2e5d6e4bd38b273a0ca5 / Unknown
Russian.ini / fc90ef516e0b69fd573cb7a9e93d8707 / Unknown
Hungarian.ini / 545cd93118f2edf1ab93698c1e16261f / Unknown
German.ini / e44f58cccef4e9a6474b657fc45c164d / Unknown
Dutch.ini / b3059c93eb36f40e4dc55cdaa76125bb / Unknown
Slovene.ini / 9e19b576fc33bbe0cfe5737189880b26 / Unknown
Norwegian.ini / 1882ffeef849861fca6b78b9b8aefa1f / Unknown
Key behavior
Behavior description:直接调用系统关键API
details:Index = 0x000000B2, Name: NtQueryVirtualMemory, Instruction Address = 0x00E51A86
Behavior description:直接获取CPU时钟
details:EAX = 0xf9762115, EDX = 0x000000b9
EAX = 0xf9762161, EDX = 0x000000b9
EAX = 0xf97621ad, EDX = 0x000000b9
EAX = 0xf97621f9, EDX = 0x000000b9
EAX = 0xf9762245, EDX = 0x000000b9
EAX = 0xf9762291, EDX = 0x000000b9
EAX = 0xf97622dd, EDX = 0x000000b9
EAX = 0xf9762329, EDX = 0x000000b9
EAX = 0xf9762375, EDX = 0x000000b9
EAX = 0xf97623c1, EDX = 0x000000b9
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\ASPack
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\ASPack\*.ini
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\ASPack\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\ASPack\english.ini
FileName =
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\ASPack\VersionNum
\REGISTRY\USER\S-*\Software\ASPack\Options\Flags
\REGISTRY\USER\S-*\Software\ASPack\Options\ShowCmd
\REGISTRY\USER\S-*\Software\ASPack\Options\PixelsPerInch
\REGISTRY\USER\S-*\Software\ASPack\Options\MinMaxPos(1920x973)
\REGISTRY\USER\S-*\Software\ASPack\Options\MinMaxPos
\REGISTRY\USER\S-*\Software\ASPack\Options\NormPos(1920x973)
\REGISTRY\USER\S-*\Software\ASPack\Options\NormPos
\REGISTRY\USER\S-*\Software\ASPack\Options\Visible
\REGISTRY\USER\S-*\Software\ASPack\Options\CBAutoRun_Checked
\REGISTRY\USER\S-*\Software\ASPack\Options\CBBackup_Checked
\REGISTRY\USER\S-*\Software\ASPack\Options\CBContextMenu_Checked
\REGISTRY\USER\S-*\Software\ASPack\Options\CBExit_Checked
\REGISTRY\USER\S-*\Software\ASPack\Options\CBExtraData_Checked
\REGISTRY\USER\S-*\Software\ASPack\Options\CBImportLoader_Checked
Other behavior
Behavior description:直接调用系统关键API
details:Index = 0x000000B2, Name: NtQueryVirtualMemory, Instruction Address = 0x00E51A86
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.IHL
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [ASPack 2.42,TfrmMain]
Behavior description:打开互斥体
details:ShimCacheMutex
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [MS_WINHELP,]
Behavior description:枚举窗口
details:N/A
Behavior description:搜索kernel32.dll基地址
details:Instruction Address = 0x00c429d2
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:窗口信息
details:Pid = 2932, Hwnd=0x10358, Text = Open File, ClassName = TTabSheet.
Pid = 2932, Hwnd=0x1035e, Text = Open, ClassName = TButton.
Pid = 2932, Hwnd=0x1035c, Text = File information, ClassName = TPanel.
Pid = 2932, Hwnd=0x10350, Text = Options, ClassName = TTabSheet.
Pid = 2932, Hwnd=0x1034c, Text = Compress, ClassName = TTabSheet.
Pid = 2932, Hwnd=0x10342, Text = ASPack 2.42, ClassName = TfrmMain.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 0.
[2]: MilliSeconds = 0.
Behavior description:创建事件对象
details:EventName = MSCTF.SendReceive.Event.IHL.IC
EventName = MSCTF.SendReceiveConection.Event.IHL.IC
Behavior description:直接获取CPU时钟
details:EAX = 0xf9762115, EDX = 0x000000b9
EAX = 0xf9762161, EDX = 0x000000b9
EAX = 0xf97621ad, EDX = 0x000000b9
EAX = 0xf97621f9, EDX = 0x000000b9
EAX = 0xf9762245, EDX = 0x000000b9
EAX = 0xf9762291, EDX = 0x000000b9
EAX = 0xf97622dd, EDX = 0x000000b9
EAX = 0xf9762329, EDX = 0x000000b9
EAX = 0xf9762375, EDX = 0x000000b9
EAX = 0xf97623c1, EDX = 0x000000b9
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号