VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:50
Behavior list
Basic Information
MD5:c29c709586366322e2aa971c91f987e9
file type:Rar5
Production company:
version:
Shell or compiler information:
Subfile information:ItemData.db / 1c636b7305bd3438e5f839948552e7ec / Unknown
QQWry.Dat / 29f08fbf44026626c236555975b07d29 / Unknown
MuEdit.exe / 92e7c05c8bc6a54d010283396c47c47b / EXE
MuEdit.exe / 93378e4356d4d5000205b53a73eb2c12 / EXE
ItemDataEdit.exe / a311956791dc3a5a91b14a9c4464f806 / EXE
MuEdit-update190111.rar / 1a7b72e4edd98a950a6cb811556f1b5b / RAR5
MemberItem.db / 458d47c7bb86029e1abbddf3e9fd6f6e / Unknown
Config.ini / 779777866b21230279edde845826950e / Unknown
Key behavior
Behavior description:获取TickCount值
details:TickCount = 280968, SleepMilliseconds = 60000.
TickCount = 280984, SleepMilliseconds = 60000.
TickCount = 281078, SleepMilliseconds = 60000.
TickCount = 281093, SleepMilliseconds = 60000.
TickCount = 281109, SleepMilliseconds = 60000.
TickCount = 281125, SleepMilliseconds = 60000.
TickCount = 281156, SleepMilliseconds = 60000.
TickCount = 281171, SleepMilliseconds = 60000.
TickCount = 281187, SleepMilliseconds = 60000.
TickCount = 281218, SleepMilliseconds = 60000.
TickCount = 281250, SleepMilliseconds = 60000.
TickCount = 281281, SleepMilliseconds = 60000.
TickCount = 281312, SleepMilliseconds = 60000.
TickCount = 281328, SleepMilliseconds = 60000.
TickCount = 281343, SleepMilliseconds = 60000.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: MuEdit.exe, InheritedFromPID = 2000, ProcessID = 3020, ThreadID = 3092, StartAddress = 77E56C7D, Parameter = 00246888
TargetProcess: MuEdit.exe, InheritedFromPID = 2000, ProcessID = 3020, ThreadID = 3100, StartAddress = 769AE43B, Parameter = 00249178
TargetProcess: MuEdit.exe, InheritedFromPID = 2000, ProcessID = 3020, ThreadID = 3212, StartAddress = 756D3AAF, Parameter = 019BA794
TargetProcess: MuEdit.exe, InheritedFromPID = 2000, ProcessID = 3020, ThreadID = 3216, StartAddress = 1B004723, Parameter = 1B120E10
TargetProcess: MuEdit.exe, InheritedFromPID = 2000, ProcessID = 3020, ThreadID = 3220, StartAddress = 1B004723, Parameter = 1B120E10
TargetProcess: MuEdit.exe, InheritedFromPID = 2000, ProcessID = 3020, ThreadID = 3224, StartAddress = 1B004723, Parameter = 1B120E10
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\JET6A01.tmp
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\ItemData.ldb
C:\Documents and Settings\Administrator\Local Settings\Temp\JET6A3F.tmp
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\MemberItem.ldb
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\JET6A01.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\JET6A3F.tmp
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\ItemData.ldb
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\MemberItem.ldb
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\ItemData.ldb ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\MemberItem.ldb ---> Offset = 0
Behavior description:查找文件
details:FileName = ItemData.db
FileName = Config.INI
FileName = MemberItem.db
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\system.mdb
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\ItemData.db
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\MemberItem.db
Network behavior
Behavior description:建立到一个指定的套接字连接
details:URL: COMPUTER, IP: **.133.40.**:1433, SOCKET = 0x00000258
Behavior description:按名称获取主机地址
details:gethostbyname: COMPUTER
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.ANL
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
EventName = MSCTF.SendReceive.Event.ANL.IC
EventName = MSCTF.SendReceiveConection.Event.ANL.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
MSFT.VSA.COM.DISABLE.3020
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\crypt32LogoffEvent
Behavior description:获取TickCount值
details:TickCount = 280968, SleepMilliseconds = 60000.
TickCount = 280984, SleepMilliseconds = 60000.
TickCount = 281078, SleepMilliseconds = 60000.
TickCount = 281093, SleepMilliseconds = 60000.
TickCount = 281109, SleepMilliseconds = 60000.
TickCount = 281125, SleepMilliseconds = 60000.
TickCount = 281156, SleepMilliseconds = 60000.
TickCount = 281171, SleepMilliseconds = 60000.
TickCount = 281187, SleepMilliseconds = 60000.
TickCount = 281218, SleepMilliseconds = 60000.
TickCount = 281250, SleepMilliseconds = 60000.
TickCount = 281281, SleepMilliseconds = 60000.
TickCount = 281312, SleepMilliseconds = 60000.
TickCount = 281328, SleepMilliseconds = 60000.
TickCount = 281343, SleepMilliseconds = 60000.
Behavior description:调整进程token权限
details:SE_INC_BASE_PRIORITY_PRIVILEGE
Behavior description:窗口信息
details:Pid = 3020, Hwnd=0x1034a, Text = 创建应用对象...., ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3020, Hwnd=0x10e4e, Text = 整理商店, ClassName = Button.
Pid = 3020, Hwnd=0x10e4c, Text = 清空商店, ClassName = Button.
Pid = 3020, Hwnd=0x10d80, Text = 整理背包, ClassName = Button.
Pid = 3020, Hwnd=0x10d7e, Text = 清空背包, ClassName = Button.
Pid = 3020, Hwnd=0x10cb2, Text = 整理背包, ClassName = Button.
Pid = 3020, Hwnd=0x10cb0, Text = 清空背包, ClassName = Button.
Pid = 3020, Hwnd=0x10f26, Text = 瑞币最大上限, ClassName = Button.
Pid = 3020, Hwnd=0x10b70, Text = 金钱最大上限, ClassName = Button.
Pid = 3020, Hwnd=0x10b6e, Text = 清空包裹, ClassName = Button.
Pid = 3020, Hwnd=0x10b6c, Text = 整理包裹, ClassName = Button.
Pid = 3020, Hwnd=0x10aea, Text = 清空装备, ClassName = Button.
Pid = 3020, Hwnd=0x10ae8, Text = 保存人物, ClassName = Button.
Pid = 3020, Hwnd=0x10f54, Text = 宠物包裹, ClassName = Button.
Pid = 3020, Hwnd=0x108b8, Text = 整理仓库, ClassName = Button.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 100.
[3]: MilliSeconds = 10.
[4]: MilliSeconds = 10.
[5]: MilliSeconds = 10.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,_EL_Timer]
[Window,Class] = [,WTWindow]
[Window,Class] = [,ComboLBox]
[Window,Class] = [扩展仓库: ,_EL_Label]
[Window,Class] = [,ComboBox]
[Window,Class] = [,_EL_Label]
[Window,Class] = [套装物品信息,Button]
[Window,Class] = [发放装备======>,Button]
[Window,Class] = [保存自定义装备,Button]
[Window,Class] = [类别:,_EL_Label]
[Window,Class] = [名字:,_EL_Label]
[Window,Class] = [等级:,_EL_Label]
[Window,Class] = [追加:,_EL_Label]
[Window,Class] = [技能,Button]
[Window,Class] = [幸运,Button]
Behavior description:打开互斥体
details:ShimCacheMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号