VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:87
Behavior list
Basic Information
MD5:d8c661aa1eaad82f1f8a1df22bdab206
file type:Rar
Production company:
version:
Shell or compiler information:COMPILER:Elan
Subfile information:A.exe / 54c4a3a8e12ffed863949376a3278a38 / EXE
软件B.exe / 610a6284b9af6f22370d646a014957a0 / EXE
dm.dll / c578b6820bda5689940560147c6e5ffc / DLL
data.mdb / 46cb9903227b44242107d9d04274aeca / Unknown
软件B使用方法.html / e149ef77b0b000cfdee2ecc7c6919be6 / Unknown
16.jpg / 626d5d6840c379b4dac5f594bbb8db65 / Unknown
19.jpg / 0dd74a228ce28b32d52737198934e685 / Unknown
18.jpg / 68bffce910186665e46964a615e65258 / Unknown
14.jpg / 0d066114480b76c33049862501663299 / Unknown
20.jpg / 70c79284c854a5451d359f8af2c8f344 / Unknown
8.jpg / a36b8b3a0a7543107c856029906adf7e / Unknown
15.jpg / 29d50b062088874003d1075795cd9459 / Unknown
21.jpg / b3489cf0dc7bd43720c6da832d4692f4 / Unknown
11.jpg / bb1e5ac9e7adb7eb5383cff9bc1bb1e4 / Unknown
22.jpg / 6694fc904b4347d0c07d82ac23811ac7 / Unknown
13.jpg / 51fdb15f2c2132d151e123a47b2e7b61 / Unknown
10.jpg / e10e684f0e74648a1cf5ff0cfc9101c3 / Unknown
9.jpg / 56485411d01e1e3f98fcbcc94322ac29 / Unknown
6.jpg / 75163439f9095f5fb05e614a1b77f9a3 / Unknown
Key behavior
Behavior description:直接获取CPU时钟
details:EAX = 0xc8ece6c0, EDX = 0x000000b7
EAX = 0xc8ece70c, EDX = 0x000000b7
EAX = 0xc8ece758, EDX = 0x000000b7
EAX = 0xc8ece7a4, EDX = 0x000000b7
EAX = 0xc8ece7f0, EDX = 0x000000b7
EAX = 0xc8ece83c, EDX = 0x000000b7
EAX = 0xc8ece888, EDX = 0x000000b7
EAX = 0xc8ece8d4, EDX = 0x000000b7
EAX = 0xc8ece920, EDX = 0x000000b7
EAX = 0xc8ece96c, EDX = 0x000000b7
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x000303b0, DC = 0x01010055.
Foreground window Info: HWND = 0x000303b0, DC = 0x09010672.
Foreground window Info: HWND = 0x00010376, DC = 0x09010672.
Foreground window Info: HWND = 0x00010376, DC = 0x01010055.
Foreground window Info: HWND = 0x0001037c, DC = 0x09010672.
Foreground window Info: HWND = 0x0001037a, DC = 0x09010672.
Behavior description:获取TickCount值
details:TickCount = 279187, SleepMilliseconds = 60000.
TickCount = 279203, SleepMilliseconds = 60000.
TickCount = 280828, SleepMilliseconds = 60000.
TickCount = 282546, SleepMilliseconds = 60000.
TickCount = 283812, SleepMilliseconds = 60000.
TickCount = 283875, SleepMilliseconds = 60000.
TickCount = 283906, SleepMilliseconds = 60000.
TickCount = 283921, SleepMilliseconds = 60000.
TickCount = 283937, SleepMilliseconds = 60000.
TickCount = 284187, SleepMilliseconds = 60000.
TickCount = 284828, SleepMilliseconds = 60000.
TickCount = 286890, SleepMilliseconds = 60000.
TickCount = 287828, SleepMilliseconds = 60000.
TickCount = 288796, SleepMilliseconds = 60000.
TickCount = 289218, SleepMilliseconds = 60000.
Process behavior
Behavior description:创建进程
details:[0x00000b9c]ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 dm.dll -s
[0x00000ba4]ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 dm.dll -s
Behavior description:创建本地线程
details:TargetProcess: A.exe, InheritedFromPID = 2000, ProcessID = 2820, ThreadID = 2856, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: A.exe, InheritedFromPID = 2000, ProcessID = 2820, ThreadID = 2920, StartAddress = 77E56C7D, Parameter = 001BE570
TargetProcess: A.exe, InheritedFromPID = 2000, ProcessID = 2820, ThreadID = 2924, StartAddress = 769AE43B, Parameter = 001C8288
File behavior
Behavior description:查找文件
details:FileName =
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\全新软件V6.6(2)0\软件A\SkinH_EL.dll
FileName = C:\WINDOWS\system32\SkinH_EL.dll
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\regsvr32.exe
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x32(BGR 0)
\REGISTRY\MACHINE\SOFTWARE\Classes\dm.dmsoft\
\REGISTRY\MACHINE\SOFTWARE\Classes\dm.dmsoft\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\dm.dmsoft\CurVer\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\FLAGS\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\0\win32\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\HELPDIR\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\ProxyStubClsid\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\ProxyStubClsid32\
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\
Other behavior
Behavior description:创建互斥体
details:RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.IAL
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.IAL.IC
EventName = MSCTF.SendReceiveConection.Event.IAL.IC
Behavior description:打开互斥体
details:RasPbFile
ShimCacheMutex
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 2820, Hwnd=0x303b0, Text = 确定, ClassName = Button.
Pid = 2820, Hwnd=0x203b4, Text = 初始化失败!, ClassName = Static.
Pid = 2820, Hwnd=0x203ae, Text = 信息:, ClassName = #32770.
Pid = 2820, Hwnd=0x1037e, Text = 按钮, ClassName = Button.
Pid = 2820, Hwnd=0x103a4, Text = 温馨提示:软件采集的过程已去重复的旺旺了,右击列表框有更多操作哦!, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2820, Hwnd=0x1039a, Text = 采集中..., ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2820, Hwnd=0x10398, Text = 欲采数量:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2820, Hwnd=0x10396, Text = 5000, ClassName = Edit.
Pid = 2820, Hwnd=0x10394, Text = 已采集到:0 个买家, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2820, Hwnd=0x10388, Text = 测试打标操作, ClassName = Button(GroupBox).
Pid = 2820, Hwnd=0x10392, Text = ↑↑拖动上方的句柄获取图标到聊天窗口左上角边缘!, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2820, Hwnd=0x1038e, Text = 旺旺号:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2820, Hwnd=0x1038c, Text = dahaishenlan2011, ClassName = Edit.
Pid = 2820, Hwnd=0x1038a, Text = 测试打标, ClassName = Button.
Pid = 2820, Hwnd=0x10384, Text = 操作说明:, ClassName = Button(GroupBox).
Behavior description:获取TickCount值
details:TickCount = 279187, SleepMilliseconds = 60000.
TickCount = 279203, SleepMilliseconds = 60000.
TickCount = 280828, SleepMilliseconds = 60000.
TickCount = 282546, SleepMilliseconds = 60000.
TickCount = 283812, SleepMilliseconds = 60000.
TickCount = 283875, SleepMilliseconds = 60000.
TickCount = 283906, SleepMilliseconds = 60000.
TickCount = 283921, SleepMilliseconds = 60000.
TickCount = 283937, SleepMilliseconds = 60000.
TickCount = 284187, SleepMilliseconds = 60000.
TickCount = 284828, SleepMilliseconds = 60000.
TickCount = 286890, SleepMilliseconds = 60000.
TickCount = 287828, SleepMilliseconds = 60000.
TickCount = 288796, SleepMilliseconds = 60000.
TickCount = 289218, SleepMilliseconds = 60000.
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
MSFT.VSA.COM.DISABLE.2820
MSFT.VSA.IEC.STATUS.6c736db0
Global\Protected.61_-2973
Global\Protected.60_-2973
Global\Protected.61_-2981
Global\Protected.60_-2981
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceive.Event.IOH.IC
MSCTF.SendReceiveConection.Event.IOH.IC
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x000303b0, DC = 0x01010055.
Foreground window Info: HWND = 0x000303b0, DC = 0x09010672.
Foreground window Info: HWND = 0x00010376, DC = 0x09010672.
Foreground window Info: HWND = 0x00010376, DC = 0x01010055.
Foreground window Info: HWND = 0x0001037c, DC = 0x09010672.
Foreground window Info: HWND = 0x0001037a, DC = 0x09010672.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 0.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Afx:400000:b:10011:1900010:0]
[Window,Class] = [,Afx:400000:b:10011:1900015:0]
[Window,Class] = [打标中可按 Ctrl+D 停止,Afx:400000:b:10011:1900015:0]
[Window,Class] = [,SysListView32]
[Window,Class] = [开始添加,Button]
[Window,Class] = [打标速度,Button]
[Window,Class] = [,_EL_PicBox]
[Window,Class] = [关键词:,Afx:400000:b:10011:1900015:0]
[Window,Class] = [裙子,Edit]
[Window,Class] = [开始采集,Button]
[Window,Class] = [综合,Button]
[Window,Class] = [人气,Button]
[Window,Class] = [销量,Button]
[Window,Class] = [,_EL_Timer]
[Window,Class] = [停止打标,Button]
Behavior description:直接获取CPU时钟
details:EAX = 0xc8ece6c0, EDX = 0x000000b7
EAX = 0xc8ece70c, EDX = 0x000000b7
EAX = 0xc8ece758, EDX = 0x000000b7
EAX = 0xc8ece7a4, EDX = 0x000000b7
EAX = 0xc8ece7f0, EDX = 0x000000b7
EAX = 0xc8ece83c, EDX = 0x000000b7
EAX = 0xc8ece888, EDX = 0x000000b7
EAX = 0xc8ece8d4, EDX = 0x000000b7
EAX = 0xc8ece920, EDX = 0x000000b7
EAX = 0xc8ece96c, EDX = 0x000000b7
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号