VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:77
Behavior list
Basic Information
MD5:eab22c222ca2023eca9cb2bc9571bb2d
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:.NET executable -> Microsoft *
Subfile information:Readme.txt / 2c2391a696f746526b4f8f7fba25a683 / Unknown
Seed.exe / 9e756c2cd420826b7dc05e7f39bd7416 / EXE
Key behavior
Behavior description:直接获取CPU时钟
details:EAX = 0x22a300a4, EDX = 0x000000b7
EAX = 0x22a300f0, EDX = 0x000000b7
Process behavior
Behavior description:创建本地线程
details:TargetProcess: Seed.exe, InheritedFromPID = 2000, ProcessID = 2708, ThreadID = 2744, StartAddress = 792A741C, Parameter = 00000000
TargetProcess: Seed.exe, InheritedFromPID = 2000, ProcessID = 2708, ThreadID = 2748, StartAddress = 791F59C0, Parameter = 001B0138
TargetProcess: Seed.exe, InheritedFromPID = 2000, ProcessID = 2708, ThreadID = 2848, StartAddress = 77DC845A, Parameter = 00000000
File behavior
Behavior description:查找文件
details:FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\WINDOWS\Microsoft.NET\Framework\\*
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.INI
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\Seed.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\Seed.INI
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.INI
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.INI
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.INI
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.INI
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Behavior description:创建事件对象
details:EventName = Global\CPFATE_2708_v4.0.30319
Behavior description:打开互斥体
details:ShimCacheMutex
Behavior description:打开事件
details:Global\CLR_PerfMon_StartEnumEvent
\KernelObjects\LowMemoryCondition
HookSwitchHookEnabledEvent
Behavior description:直接获取CPU时钟
details:EAX = 0x22a300a4, EDX = 0x000000b7
EAX = 0x22a300f0, EDX = 0x000000b7
Behavior description:导入密钥
details:[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x58D5F12B, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x5595E26A, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x56FB2409, DataLen: 148, Flags: 0x00000000
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号