1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.
Language
Server load
1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.
| Safety rating:77 |
| Behavior list |
| Basic Information | |
|---|---|
| MD5: | f0bda259a5f1a9d9764c92075ed19411 |
| file type: | EXE |
| Production company: | |
| version: | 3.0.2.0---3.0.2.0 |
| Shell or compiler information: | COMPILER:.NET executable -> Microsoft * |
| Key behavior | |
|---|---|
| Behavior description: | 直接获取CPU时钟 |
| details: | EAX = 0x900ec200, EDX = 0x00000077 |
| EAX = 0x92c1c17c, EDX = 0x00000077 | |
| EAX = 0x92c1c1c8, EDX = 0x00000077 | |
| EAX = 0x92c1c214, EDX = 0x00000077 | |
| EAX = 0xb500c811, EDX = 0x00000077 | |
| EAX = 0xd76afe01, EDX = 0x00000077 | |
| EAX = 0xd76afe4d, EDX = 0x00000077 | |
| File behavior | |
|---|---|
| Behavior description: | 查找文件 |
| details: | FileName = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll |
| FileName = C:\Windows\Microsoft.NET\Framework\\* | |
| FileName = C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\* | |
| FileName = C:\Users | |
| FileName = C:\Users\Administrator\AppData | |
| FileName = C:\Users\Administrator\AppData\Local | |
| FileName = C:\Users\Administrator\AppData\Local\Temp | |
| FileName = C:\Users\Administrator\AppData\Local\%temp% | |
| FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe | |
| FileName = C:\Users\Administrator | |
| FileName = C:\Windows\assembly\NativeImages_v4.0.30319_32\dnSpy\* | |
| FileName = C:\Windows\assembly\GAC_MSIL\mscorlib.resources\* | |
| Other behavior | |
|---|---|
| Behavior description: | 检测自身是否被调试 |
| details: | IsDebuggerPresent |
| Behavior description: | 创建事件对象 |
| details: | EventName = Global\CPFATE_2724_v4.0.30319 |
| Behavior description: | 打开事件 |
| details: | Global\CLR_PerfMon_StartEnumEvent |
| \KernelObjects\LowMemoryCondition | |
| HookSwitchHookEnabledEvent | |
| MSFT.VSA.COM.DISABLE.2724 | |
| MSFT.VSA.IEC.STATUS.6c736db0 | |
| \KernelObjects\SystemErrorPortReady | |
| Behavior description: | 调用Sleep函数 |
| details: | [1]: MilliSeconds = 60000. |
| Behavior description: | 直接获取CPU时钟 |
| details: | EAX = 0x900ec200, EDX = 0x00000077 |
| EAX = 0x92c1c17c, EDX = 0x00000077 | |
| EAX = 0x92c1c1c8, EDX = 0x00000077 | |
| EAX = 0x92c1c214, EDX = 0x00000077 | |
| EAX = 0xb500c811, EDX = 0x00000077 | |
| EAX = 0xd76afe01, EDX = 0x00000077 | |
| EAX = 0xd76afe4d, EDX = 0x00000077 | |
| Behavior description: | 导入密钥 |
| details: | [CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x00488FE3, DataLen: 148, Flags: 0x00000000 |
| [CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x0070B724, DataLen: 148, Flags: 0x00000000 | |
| [CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x0071467C, DataLen: 148, Flags: 0x00000000 | |
| Run screenshot |
|---|
 |
HOME
