VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:78
Behavior list
Behavior analysis report:         Threatbook file behavior analysis report
Basic Information
MD5:e1d3e20e41b850f35fb2c41715b690c5
file type:Rar
Production company:
version:
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [RAR SFX]
Subfile information:upx_c_5f7d737ddumpFile / 29538e42b29dcdc9225a8a05e5eab9bf / EXE
upx_c_5ef670a5dumpFile / 29538e42b29dcdc9225a8a05e5eab9bf / EXE
WIN7 Activation.exedumpFile / db32449409f446c5f68e99eeb40321c1 / EXE
WIN7 Activation.exe / db32449409f446c5f68e99eeb40321c1 / EXE
upx_c_782991dddumpFile / 720319dd8d37e6bcf138a9c91a38b8c7 / EXE
bootinst.exedumpFile / 70c5f6f69cdc6c5b8240622cf7d90380 / EXE
bootrest.exedumpFile / e1921dea226b244f83ac5f59681d48a2 / EXE
bootinst.exe / 70c5f6f69cdc6c5b8240622cf7d90380 / EXE
bootrest.exe / e1921dea226b244f83ac5f59681d48a2 / EXE
Certificate.xrm-msdumpFile / f25832af6a684360950dbb15589de34a / Unknown
Certificate.xrm-ms / f25832af6a684360950dbb15589de34a / Unknown
READ_ME.txtdumpFile / 75162e7093c2fa72a9aa3c3b52359d77 / Unknown
READ_ME.txt / 75162e7093c2fa72a9aa3c3b52359d77 / Unknown
lang.inidumpFile / 63edbd0147485cc173900753f46a3b90 / Unknown
lang.ini / 63edbd0147485cc173900753f46a3b90 / Unknown
datadumpFile / d41d8cd98f00b204e9800998ecf8427e / Unknown
Key behavior
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Auto-Suggest Dropdown]
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\WIN7 Activation.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\WIN7 Activation.exe"
File behavior
Behavior description:写权限映射文件
details:Local\UrlZonesSM_Administrator
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\data\bootinst.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\data\bootrest.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\WIN7 Activation.exe
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\data\READ_ME.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\data\lang.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\data\Certificate.xrm-ms---> Offset = 0
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\WIN7 Activation.exe
Other behavior
Behavior description:创建互斥体
details:Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
_SHuassist.mtx
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [EDIT,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Auto-Suggest Dropdown]
Behavior description:窗口信息
details:Pid = 200, Hwnd=0xb018a, Text = 卸载, ClassName = TcxButton.
Pid = 200, Hwnd=0xc01b2, Text = 激活, ClassName = TcxButton.
Pid = 200, Hwnd=0xb019c, Text = WIN7 Activation v1.7 , ClassName = TForm1.
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号