VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:20
Behavior list
Basic Information
MD5:c1de071592b251eb27e36c2522198990
file type:EXE
Production company:sad
version:1.0.0.0---1.0.0.0
Shell or compiler information:COMPILER:Elan
Key behavior
Behavior description:连接QQ登录服务器
details:WinHttpConnect: ServerName = xui.ptlogin2.qq.com, PORT = 80, UserName = , Password = , hSession = 0x01073100, hConnect = 0x01073200, Flags = 0x00000000
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2636, ThreadID = 2648, StartAddress = 77DC845A, Parameter = 00000000
Network behavior
Behavior description:连接指定站点
details:WinHttpConnect: ServerName = lo****om, PORT = 4300, UserName = , Password = , hSession = 0x01073100, hConnect = 0x01073300, Flags = 0x00000000
Behavior description:打开HTTP连接
details:WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x01073100
Behavior description:建立到一个指定的套接字连接
details:URL: xu****om, IP: **.133.40.**:80, SOCKET = 0x000001bc
URL: lo****om, IP: **.133.40.**:4300, SOCKET = 0x00000184
Behavior description:发送HTTP包
details:474554202F6367692D62696E2F786C6F67696E3F70726F78795F75726C3D687474702533412F2F717A732E71712E636F6D2F717A6F6E652F76362F706F7274616C2F70726F78792E68746D6C26646169643D352626686964655F7469746C655F6261723D31266C6F775F6C6F67696E3D3026716C6F67696E5F6175746F5F6C6F67696E3D31266E6F5F766572696679696D673D31266C696E6B5F7461726765743D626C616E6B2661707069643D353439303030393132267374796C653D3232267461726765743D73656C6626735F75726C3D68747470253341253246253246717A732E71712E636F6D253246717A6F6E6525324676352532466C6F67696E737563632E68746D6C25334670617261253344697A6F6E652670745F71725F6170703DE6898BE69CBA5151E7A9BAE997B42670745F71725F6C696E6B3D687474702533412F2F7A2E717A6F6E652E636F6D2F646F776E6C6F61642E68746D6C2673656C665F72656775726C3D687474702533412F2F717A732E71712E636F6D2F717A6F6E652F76362F7265672F696E6465782E68746D6C2670745F71725F68656C705F6C696E6B3D687474702533412F2F7A2E717A6F6E652E636F6D2F646F776E6C6F61642E68746D6C20485454502F312E310D0A4163636570743A202A2F2A0D0A526566657265723A20687474703A2F2F7875692E70746C6F67696E322E71712E636F6D2F6367692D62696E2F786C6F67696E3F70726F78795F75726C3D687474702533412F2F717A732E71712E636F6D2F717A6F6E652F76362F706F7274616C2F70726F78792E68746D6C26646169643D352626686964655F7469746C655F6261723D31266C6F775F6C6F67696E3D3026716C6F67696E5F6175746F5F6C6F67696E3D31266E6F5F766572696679696D673D31266C696E6B5F7461726765743D626C616E6B2661707069643D353439303030393132267374796C653D3232267461726765743D73656C6626735F75726C3D68747470253341253246253246717A732E71712E636F6D253246717A6F6E6525324676352532466C6F67696E737563632E68746D6C25334670617261253344697A6F6E652670745F71725F6170703DCAD6BBFA5151BFD5BCE42670745F71725F6C696E6B3D687474702533412F2F7A2E717A6F6E652E636F6D2F646F776E6C6F61642E68746D6C2673656C665F72656775726C3D687474702533412F2F717A732E71712E636F6D2F717A6F6E652F76362F7265672F696E6465782E68746D6C2670745F71725F68656C705F6C696E6B3D687474702533412F2F7A2E717A6F6E652E636F6D2F646F776E6C6F61642E68746D6C0D0A4163636570742D4C616E67756167653A207A682D636E0D0A557365722D4167656E743A204D6F7A696C6C612F342E302028636F6D70617469626C653B204D53494520392E303B2057696E646F7773204E5420362E31290D0A436F6E74656E742D547970653A206170706C69636174696F6E2F782D7777772D666F726D2D75726C656E636F6465640D0A486F73743A207875692E70746C6F67696E322E71712E636F6D0D0A436F6E6E656374696F6E3A204B6565702D416C6976650D0A0D0A00
GET /pt_get_uins?callback=ptui_getuins_CB&r=0.1505466122933&pt_local_tk= HTTP/1.1 Accept: */* Referer: http://localhost.ptlogin2.qq.com:4300/pt_get_uins?callback=ptui_getuins_CB&r=0.1505466122933&pt_local_tk= Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Content-Type: application/x-www-form-urlencoded Host: lo****om:4300 Connection: Keep-Alive
Behavior description:打开HTTP请求
details:WinHttpOpenRequest: xu****om:80/cgi-bin/xlogin?proxy_url=http%3a//qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http%3a%2f%2fqzs.qq.com%2fqzone, hConnect = 0x01073200, hRequest = 0x01100000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: lo****om:4300/pt_get_uins?callback=ptui_getuins_cb&r=0.1505466122933&pt_local_tk=, hConnect = 0x01073300, hRequest = 0x01100000, Verb: GET, Referer: , Flags = 0x00000080
Behavior description:按名称获取主机地址
details:GetAddrInfoW: xu****om
GetAddrInfoW: lo****om
Other behavior
Behavior description:创建互斥体
details:RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ListBox]
[Window,Class] = [,SysListView32]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Behavior description:连接QQ登录服务器
details:WinHttpConnect: ServerName = xui.ptlogin2.qq.com, PORT = 80, UserName = , Password = , hSession = 0x01073100, hConnect = 0x01073200, Flags = 0x00000000
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
Behavior description:打开互斥体
details:RasPbFile
ShimCacheMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号