VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:82
Behavior list
Behavior analysis report:         Threatbook file behavior analysis report
Basic Information
MD5:ce0271adc5ce12f2f0b6683d555489bc
file type:DLL
Production company:广东一一五科技股份有限公司
version:1.0.0.15---1.0.0.15
Shell or compiler information:COMPILER:UPolyX v0.5
Key behavior
Behavior description:跨进程写入数据
details:TargetProcess = C:\Windows\System32\regsvr32.exe, WriteAddress = 0x00050000, Size = 0x000005dc TargetPID = 0x000007e4
TargetProcess = C:\Windows\System32\regsvr32.exe, WriteAddress = 0x7ffdd1e8, Size = 0x00000004 TargetPID = 0x000007e4
TargetProcess = C:\Windows\System32\regsvr32.exe, WriteAddress = 0x00060000, Size = 0x00000020 TargetPID = 0x000007e4
TargetProcess = C:\Windows\System32\regsvr32.exe, WriteAddress = 0x00060020, Size = 0x00000034 TargetPID = 0x000007e4
TargetProcess = C:\Windows\System32\regsvr32.exe, WriteAddress = 0x7ffdd238, Size = 0x00000004 TargetPID = 0x000007e4
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 115ErrorOverlayIcon\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 115ProcessOverlayIcon\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 115SucceedOverlayIcon\
Process behavior
Behavior description:创建进程
details:[0x000007e4]ImagePath = C:\Windows\System32\regsvr32.exe, CmdLine = Regsvr32.exe c:\users\administrator\appdata\local\%temp%\b70c.dll
Behavior description:跨进程写入数据
details:TargetProcess = C:\Windows\System32\regsvr32.exe, WriteAddress = 0x00050000, Size = 0x000005dc TargetPID = 0x000007e4
TargetProcess = C:\Windows\System32\regsvr32.exe, WriteAddress = 0x7ffdd1e8, Size = 0x00000004 TargetPID = 0x000007e4
TargetProcess = C:\Windows\System32\regsvr32.exe, WriteAddress = 0x00060000, Size = 0x00000020 TargetPID = 0x000007e4
TargetProcess = C:\Windows\System32\regsvr32.exe, WriteAddress = 0x00060020, Size = 0x00000034 TargetPID = 0x000007e4
TargetProcess = C:\Windows\System32\regsvr32.exe, WriteAddress = 0x7ffdd238, Size = 0x00000004 TargetPID = 0x000007e4
Registry behavior
Behavior description:修改注册表_系统右键菜单
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\115ContextMenuExt\
\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\115ContextMenuExt\
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{D489302D-C566-43A0-86F4-378A0699AB66}\
\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\backup_shell.DLL\AppID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEE949EB-C9ED-4967-98B0-ED4E543BEFA5}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEE949EB-C9ED-4967-98B0-ED4E543BEFA5}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEE949EB-C9ED-4967-98B0-ED4E543BEFA5}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\115ContextMenuExt\
\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\115ContextMenuExt\
\REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\shellex\ContextMenuHandlers\115ContextMenuExt\
\REGISTRY\MACHINE\SOFTWARE\Classes\backup_shell.ErrorIconOverlay.1\
\REGISTRY\MACHINE\SOFTWARE\Classes\backup_shell.ErrorIconOverlay.1\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\backup_shell.ErrorIconOverlay\
\REGISTRY\MACHINE\SOFTWARE\Classes\backup_shell.ErrorIconOverlay\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\backup_shell.ErrorIconOverlay\CurVer\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{361F6990-0582-4B1B-88D1-294640A2AB65}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{361F6990-0582-4B1B-88D1-294640A2AB65}\ProgID\
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 115ErrorOverlayIcon\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 115ProcessOverlayIcon\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 115SucceedOverlayIcon\
Other behavior
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_DEBUG_PRIVILEGE
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
Behavior description:隐藏指定窗口
details:[Window,Class] = [,CtrlNotifySink]
Behavior description:打开互斥体
details:Local\MSCTF.Asm.MutexDefault1
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号