VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:77
Behavior list
Basic Information
MD5:f0bda259a5f1a9d9764c92075ed19411
file type:EXE
Production company:
version:3.0.2.0---3.0.2.0
Shell or compiler information:COMPILER:.NET executable -> Microsoft *
Key behavior
Behavior description:直接获取CPU时钟
details:EAX = 0x900ec200, EDX = 0x00000077
EAX = 0x92c1c17c, EDX = 0x00000077
EAX = 0x92c1c1c8, EDX = 0x00000077
EAX = 0x92c1c214, EDX = 0x00000077
EAX = 0xb500c811, EDX = 0x00000077
EAX = 0xd76afe01, EDX = 0x00000077
EAX = 0xd76afe4d, EDX = 0x00000077
File behavior
Behavior description:查找文件
details:FileName = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\Windows\Microsoft.NET\Framework\\*
FileName = C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
FileName = C:\Users
FileName = C:\Users\Administrator\AppData
FileName = C:\Users\Administrator\AppData\Local
FileName = C:\Users\Administrator\AppData\Local\Temp
FileName = C:\Users\Administrator\AppData\Local\%temp%
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe
FileName = C:\Users\Administrator
FileName = C:\Windows\assembly\NativeImages_v4.0.30319_32\dnSpy\*
FileName = C:\Windows\assembly\GAC_MSIL\mscorlib.resources\*
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建事件对象
details:EventName = Global\CPFATE_2724_v4.0.30319
Behavior description:打开事件
details:Global\CLR_PerfMon_StartEnumEvent
\KernelObjects\LowMemoryCondition
HookSwitchHookEnabledEvent
MSFT.VSA.COM.DISABLE.2724
MSFT.VSA.IEC.STATUS.6c736db0
\KernelObjects\SystemErrorPortReady
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 60000.
Behavior description:直接获取CPU时钟
details:EAX = 0x900ec200, EDX = 0x00000077
EAX = 0x92c1c17c, EDX = 0x00000077
EAX = 0x92c1c1c8, EDX = 0x00000077
EAX = 0x92c1c214, EDX = 0x00000077
EAX = 0xb500c811, EDX = 0x00000077
EAX = 0xd76afe01, EDX = 0x00000077
EAX = 0xd76afe4d, EDX = 0x00000077
Behavior description:导入密钥
details:[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x00488FE3, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x0070B724, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x0071467C, DataLen: 148, Flags: 0x00000000
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号