VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:80
Behavior list
Basic Information
MD5:d8c9b68adaf6ab601f98d6fdf09042fa
file type:zip
Production company:游侠网
version:1.0.0.57---1.0.0.57
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [ZIP SFX]
Subfile information:ali213.dll / big file / DLL
upx_c_225d0394dumpFile / big file / EXE
upx_c_3df2838cdumpFile / 547ddda498183d4f660a7bcccb2c20b1 / EXE
alirili2_setup.exe / fb8f346f024c4025c902de4d13d242e3 / 7z
ali213.d03 / ef524c4a2d435d2df0cf3d8250963bef / Unknown
mgsvtpp.exe / 21a718243fcfabf4949307020e955470 / EXE
mgsvtpp.exe / 21a718243fcfabf4949307020e955470 / EXE
ali213.d12 / 1c3ef64c7359acf945a3a74d87a12b51 / Unknown
ali213.f03 / edf88e30426524074fa018445db877dc / Unknown
alirili2_setup.exe.dow!oad / 8b2adc585803db1c26fbcea1c0b25d63 / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
AtlDebugAllocator_FileMappingNameStatic3_874
MSCTF.MarshalInterface.FileMap.IHI..MJFIH
MSCTF.MarshalInterface.FileMap.IHI.B.MJFIH
MSCTF.MarshalInterface.FileMap.IHI.C.MJFIH
MSCTF.MarshalInterface.FileMap.IHI.D.MJFIH
MSCTF.MarshalInterface.FileMap.IHI.E.LKFIH
MSCTF.MarshalInterface.FileMap.IHI.F.LKFIH
MSCTF.MarshalInterface.FileMap.IHI.G.LKFIH
MSCTF.Shared.SFM.IHI
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Behavior description:向窗口发送DDE执行消息
details:Process = iexplore.exe, hWnd = 0x0001032a, Window = , Class = DDEMLUnicodeServer.
Behavior description:按名称获取主机地址
details:soft.iyouxia.com
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
AtlDebugAllocator_FileMappingNameStatic3_874
MSCTF.MarshalInterface.FileMap.IHI..MJFIH
MSCTF.MarshalInterface.FileMap.IHI.B.MJFIH
MSCTF.MarshalInterface.FileMap.IHI.C.MJFIH
MSCTF.MarshalInterface.FileMap.IHI.D.MJFIH
MSCTF.MarshalInterface.FileMap.IHI.E.LKFIH
MSCTF.MarshalInterface.FileMap.IHI.F.LKFIH
MSCTF.MarshalInterface.FileMap.IHI.G.LKFIH
MSCTF.Shared.SFM.IHI
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\YXLoadDll_1559\RES\YXLOADDLL.DLL
Behavior description:查找文件
details:FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\YXLoadDll_1559\res\temp\
FileName = C:\*.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\YXLoadDll_1559
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\YXLoadDll_1559\*.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\YXLoadDll_1559\RES\*.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\YXLoadDll_1559\RES\temp\*.*
Network behavior
Behavior description:发送一个已连接的套接字数据
details:SOCKET = 0x00000650, TotalSize = 103, Offset = 0, ReadSize = 103.
Behavior description:建立到一个指定的套接字连接
details:110.110.110.110:80
Behavior description:按名称获取主机地址
details:soft.iyouxia.com
Registry behavior
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\DWFileTreeRoot
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
oleacc-msaa-loaded
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.IHI
Behavior description:向窗口发送DDE执行消息
details:Process = iexplore.exe, hWnd = 0x0001032a, Window = , Class = DDEMLUnicodeServer.
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取系统权限
details:SE_DEBUG_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 492815, SleepMilliseconds = 50.
TickCount = 492831, SleepMilliseconds = 50.
TickCount = 492846, SleepMilliseconds = 50.
TickCount = 492862, SleepMilliseconds = 50.
TickCount = 492878, SleepMilliseconds = 50.
TickCount = 492893, SleepMilliseconds = 50.
TickCount = 492909, SleepMilliseconds = 50.
TickCount = 492956, SleepMilliseconds = 50.
TickCount = 492971, SleepMilliseconds = 50.
TickCount = 492987, SleepMilliseconds = 50.
TickCount = 493003, SleepMilliseconds = 50.
TickCount = 493018, SleepMilliseconds = 50.
TickCount = 493034, SleepMilliseconds = 50.
TickCount = 493050, SleepMilliseconds = 50.
TickCount = 493065, SleepMilliseconds = 50.
Behavior description:获取光标位置
details:CursorPos = (106,18467), SleepMilliseconds = 50.
Behavior description:窗口信息
details:Pid = 2164, Hwnd=0x702a2, Text = www.ali213.net 汉化安装包, ClassName = AAU_FORM[TID:2168].
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\res\layout\styles\images\ico.jpg
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\res\layout\styles\images\back.jpg
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号