VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:55
Behavior list
Basic Information
MD5:c1e6de18eaf8fd4c36626d21c1b29e37
file type:EXE
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation *
Key behavior
Behavior description:设置特殊文件属性
details:C:\System\Microsoft Software Installer\MSI.exe
C:\WINDOWS\MSI.com
Behavior description:按名称获取主机地址
details:evo.crabdance.com
Behavior description:设置特殊文件夹属性
details:C:\System
Behavior description:在系统目录释放敏感文件
details:C:\WINDOWS\MSI.com
Behavior description:修改注册表_启动项
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Software Installer
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\System\Microsoft Software Installer\MSI.exe, CmdLine = "C:\System\Microsoft Software Installer\MSI.exe"
File behavior
Behavior description:设置特殊文件属性
details:C:\System\Microsoft Software Installer\MSI.exe
C:\WINDOWS\MSI.com
Behavior description:创建可执行文件
details:C:\System\Microsoft Software Installer\MSI.exe
C:\WINDOWS\MSI.com
Behavior description:修改文件内容
details:C:\WINDOWS\autorun.inf---> Offset = 0
Behavior description:设置特殊文件夹属性
details:C:\System
Behavior description:在系统目录释放敏感文件
details:C:\WINDOWS\MSI.com
Network behavior
Behavior description:发送一个已连接的套接字数据
details:SOCKET = 0x00000724, TotalSize = 64, Offset = 0, ReadSize = 64.
Behavior description:建立到一个指定的套接字连接
details:219.133.40.1:6667
Behavior description:按名称获取主机地址
details:evo.crabdance.com
Registry behavior
Behavior description:修改注册表_启动项
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Software Installer
Other behavior
Behavior description:创建驱动文件镜像
details:C:\WINDOWS\system32\drivers\fastfat.sys
Behavior description:创建互斥体
details:msi-p1
msi-p2
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号