VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:60
Behavior list
Basic Information
MD5:cf46e8100d2014fa3c2b7e2afab6be9c
file type:EXE
Production company:illusion
version:1.0.0.0---1.0.0.0
Shell or compiler information:COMPILER:Microsoft Visual C# / Basic .NET
Key behavior
Behavior description:直接获取CPU时钟
details:EAX = 0x00982836, EDX = 0x00000086
EAX = 0x00982882, EDX = 0x00000086
EAX = 0x034b27fe, EDX = 0x00000086
EAX = 0x034b284a, EDX = 0x00000086
EAX = 0x3fdb665b, EDX = 0x00000086
EAX = 0x3fdb66a7, EDX = 0x00000086
EAX = 0x6c90097e, EDX = 0x00000086
EAX = 0x6c9009ca, EDX = 0x00000086
EAX = 0x6f430946, EDX = 0x00000086
EAX = 0x6f430992, EDX = 0x00000086
Behavior description:获取TickCount值
details:TickCount = 159075, SleepMilliseconds = 200.
TickCount = 159084, SleepMilliseconds = 100.
TickCount = 159193, SleepMilliseconds = 100.
TickCount = 159303, SleepMilliseconds = 100.
TickCount = 159412, SleepMilliseconds = 100.
TickCount = 159521, SleepMilliseconds = 100.
TickCount = 159631, SleepMilliseconds = 100.
TickCount = 159740, SleepMilliseconds = 100.
TickCount = 159850, SleepMilliseconds = 100.
TickCount = 159959, SleepMilliseconds = 100.
TickCount = 160068, SleepMilliseconds = 100.
TickCount = 160178, SleepMilliseconds = 100.
TickCount = 160287, SleepMilliseconds = 100.
TickCount = 160396, SleepMilliseconds = 100.
TickCount = 160506, SleepMilliseconds = 100.
File behavior
Behavior description:查找文件
details:FileName = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\Windows\Microsoft.NET\Framework\\*
FileName = C:\Windows
FileName = C:\Windows\WinSxS
FileName = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80.dll
FileName = C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
FileName = C:\Users
FileName = C:\Users\Administrator\AppData
FileName = C:\Users\Administrator\AppData\Local
FileName = C:\Users\Administrator\AppData\Local\Temp
FileName = C:\Users\Administrator\AppData\Local\%temp%
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe
FileName = C:\Users\Administrator
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.INI
FileName = C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.INI
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Direct3D\MostRecentApplication\Name
\REGISTRY\USER\S-*\Software\Microsoft\CTF\CUAS\DefaultCompositionWindow\Left
\REGISTRY\USER\S-*\Software\Microsoft\CTF\CUAS\DefaultCompositionWindow\Top
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:Local\__DDrawExclMode__
Local\__DDrawCheckExclMode__
PlayHome
Behavior description:创建事件对象
details:EventName = Global\CorDBIPCSetupSyncEvent_3020
Behavior description:打开互斥体
details:Global\CLR_CASOFF_MUTEX
Local\MSCTF.Asm.MutexDefault1
Behavior description:启动系统服务
details:[服务启动成功]: NT Authority\LocalService, Windows Presentation Foundation Font Cache 3.0.0.0, C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Behavior description:打开事件
details:Global\CLR_PerfMon_StartEnumEvent
HookSwitchHookEnabledEvent
\KernelObjects\LowMemoryCondition
Global\SvcctrlStartEvent_A3752DX
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
MSFT.VSA.COM.DISABLE.3020
MSFT.VSA.IEC.STATUS.6c736db0
Behavior description:获取TickCount值
details:TickCount = 159075, SleepMilliseconds = 200.
TickCount = 159084, SleepMilliseconds = 100.
TickCount = 159193, SleepMilliseconds = 100.
TickCount = 159303, SleepMilliseconds = 100.
TickCount = 159412, SleepMilliseconds = 100.
TickCount = 159521, SleepMilliseconds = 100.
TickCount = 159631, SleepMilliseconds = 100.
TickCount = 159740, SleepMilliseconds = 100.
TickCount = 159850, SleepMilliseconds = 100.
TickCount = 159959, SleepMilliseconds = 100.
TickCount = 160068, SleepMilliseconds = 100.
TickCount = 160178, SleepMilliseconds = 100.
TickCount = 160287, SleepMilliseconds = 100.
TickCount = 160396, SleepMilliseconds = 100.
TickCount = 160506, SleepMilliseconds = 100.
Behavior description:调整进程token权限
details:SE_DEBUG_PRIVILEGE
Behavior description:窗口信息
details:Pid = 3020, Hwnd=0x101b8, Text = 初期設定, ClassName = HwndWrapper[b70c.exe;;4f004485-28db-4c5a-88b2-6b0e9989f5c0].
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 200.
[2]: MilliSeconds = 100.
[3]: MilliSeconds = 100.
[4]: MilliSeconds = 100.
[5]: MilliSeconds = 100.
[6]: MilliSeconds = 100.
[7]: MilliSeconds = 100.
[8]: MilliSeconds = 100.
[9]: MilliSeconds = 100.
[10]: MilliSeconds = 100.
Behavior description:隐藏指定窗口
details:[Window,Class] = [CiceroUIWndFrame,CiceroUIWndFrame]
[Window,Class] = [,MSCTFComposition]
Behavior description:获取光标位置
details:CursorPos = (48,18794), SleepMilliseconds = 60000.
CursorPos = (6341,26827), SleepMilliseconds = 60000.
CursorPos = (19176,16051), SleepMilliseconds = 60000.
CursorPos = (11485,29685), SleepMilliseconds = 60000.
CursorPos = (26969,24791), SleepMilliseconds = 60000.
CursorPos = (5712,28472), SleepMilliseconds = 60000.
CursorPos = (23288,17154), SleepMilliseconds = 60000.
CursorPos = (9968,818), SleepMilliseconds = 60000.
Behavior description:直接获取CPU时钟
details:EAX = 0x00982836, EDX = 0x00000086
EAX = 0x00982882, EDX = 0x00000086
EAX = 0x034b27fe, EDX = 0x00000086
EAX = 0x034b284a, EDX = 0x00000086
EAX = 0x3fdb665b, EDX = 0x00000086
EAX = 0x3fdb66a7, EDX = 0x00000086
EAX = 0x6c90097e, EDX = 0x00000086
EAX = 0x6c9009ca, EDX = 0x00000086
EAX = 0x6f430946, EDX = 0x00000086
EAX = 0x6f430992, EDX = 0x00000086
Behavior description:导入密钥
details:[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x002D10D4, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x00294E1C, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x0031099C, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x00310A34, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x00310ACC, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x002D10CC, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x002B1A7C, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x0029BEA4, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x0035DF7C, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x0035E024, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x00A06957, DataLen: 148, Flags: 0x00000000
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号