VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:78
Behavior list
Basic Information
MD5:cd72f797ea5765f82438493fd415937b
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:UPolyX v0.5
Subfile information:cygwin1.dlldumpFile / 4679fd147e7f30a7ad3c2db08e489712 / DLL
cygwin1.dll / 4679fd147e7f30a7ad3c2db08e489712 / DLL
e2fsck.exedumpFile / ad19af497e5fe7aa0da456300a6d0a91 / EXE
e2fsck.exe / ad19af497e5fe7aa0da456300a6d0a91 / EXE
debugfs.exedumpFile / 6ad6d7b49de6678a5ed1918798ebd858 / EXE
debugfs.exe / 6ad6d7b49de6678a5ed1918798ebd858 / EXE
mke2fs.exedumpFile / 280dd15539a469fb58e9c6e3bfdb572e / EXE
mke2fs.exe / 280dd15539a469fb58e9c6e3bfdb572e / EXE
tune2fs.exedumpFile / c03cca1a093cb87f47f133fd18831777 / EXE
tune2fs.exe / c03cca1a093cb87f47f133fd18831777 / EXE
Ext2Mgr.exedumpFile / 2cbcb9ef2578b3b906ffc14ffbdfab45 / EXE
Ext2Mgr.exe / 2cbcb9ef2578b3b906ffc14ffbdfab45 / EXE
ext2fsd.sysdumpFile / 347fce8cc985049ed774cf0607d0d443 / SYS
ext2fsd.sys / 347fce8cc985049ed774cf0607d0d443 / SYS
ext2fsd.sysdumpFile / 48aa98784039d1ebad5e562096f2fd1e / SYS
ext2fsd.sys / 48aa98784039d1ebad5e562096f2fd1e / SYS
ext2fsd.sysdumpFile / cda63c4baba50b8b9f1e990d4867b1ef / SYS
ext2fsd.sys / cda63c4baba50b8b9f1e990d4867b1ef / SYS
cyggcc_s-1.dlldumpFile / 93db5af3f6e79625618ec04e89fac229 / DLL
Key behavior
Behavior description:修改原系统的EXE文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\cyggcc_s-1.dll
Behavior description:检测自身是否被调试
details:N/A
Process behavior
Behavior description:创建本地线程
details:TargetProcess: e2fsck.exe, InheritedFromPID = 1944, ProcessID = 4084, ThreadID = 1076, StartAddress = 610040A0, Parameter = 6114E6A0
File behavior
Behavior description:修改原系统的EXE文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\cyggcc_s-1.dll
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\cyggcc_s-1.dll ---> Offset = 0
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Cygwin\Installations\e35f786473c208c9
Other behavior
Behavior description:检测自身是否被调试
details:N/A
Behavior description:创建互斥体
details:tty_list::mutex.0
Behavior description:修改后的可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\cyggcc_s-1.dll ---> 93db5af3f6e79625618ec04e89fac229
Behavior description:调整进程token权限
details:SE_RESTORE_PRIVILEGE
SE_BACKUP_PRIVILEGE
SE_CREATE_GLOBAL_PRIVILEGE
Behavior description:打开事件
details:\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Behavior description:修改后的可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\cyggcc_s-1.dll(签名验证: 未通过)
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号