VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:31
Behavior list
Basic Information
MD5:f5246478eee045f3372ca8a8b8c9b822
file type:EXE
Production company:
version:
Shell or compiler information:
Key behavior
Behavior description:跨进程写入数据
details:TargetProcess = C:\WINDOWS\system32\F661CC\D92898.EXE, WriteAddress = 0x00010000, Size = 0x000007c2
TargetProcess = C:\WINDOWS\system32\F661CC\D92898.EXE, WriteAddress = 0x00020000, Size = 0x00000704
TargetProcess = C:\WINDOWS\system32\F661CC\D92898.EXE, WriteAddress = 0x7ffda010, Size = 0x00000004
TargetProcess = C:\WINDOWS\system32\F661CC\D92898.EXE, WriteAddress = 0x7ffda1e8, Size = 0x00000004
Behavior description:获取TickCount值
details:TickCount = 489109, SleepMilliseconds = 250.
Behavior description:设置启动项
details:C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\1CEA73.lnk
Behavior description:设置特殊文件属性
details:C:\WINDOWS\system32\F661CC\D92898.EXE
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00000000, DC = 0x1c010494.
Foreground window Info: HWND = 0x00000000, DC = 0xe4010189.
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Process behavior
Behavior description:跨进程写入数据
details:TargetProcess = C:\WINDOWS\system32\F661CC\D92898.EXE, WriteAddress = 0x00010000, Size = 0x000007c2
TargetProcess = C:\WINDOWS\system32\F661CC\D92898.EXE, WriteAddress = 0x00020000, Size = 0x00000704
TargetProcess = C:\WINDOWS\system32\F661CC\D92898.EXE, WriteAddress = 0x7ffda010, Size = 0x00000004
TargetProcess = C:\WINDOWS\system32\F661CC\D92898.EXE, WriteAddress = 0x7ffda1e8, Size = 0x00000004
Behavior description:创建本地线程
details:TargetProcess: %temp%\1460359109.444114.exe, InheritedFromPID = 1944, ProcessID = 1456, ThreadID = 1008, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: D92898.EXE, InheritedFromPID = 1456, ProcessID = 1648, ThreadID = 1880, StartAddress = 77DC845A, Parameter = 00000000
Behavior description:创建新文件进程
details:ImagePath = C:\WINDOWS\system32\F661CC\D92898.EXE, CmdLine = C:\WINDOWS\system32\F661CC\D92898.EXE
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\krnln.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\HtmlView.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\internet.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\eAPI.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\dp1.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\shell.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\spec.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\cnvpe.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\RegEx.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\eCompress.fne
C:\WINDOWS\system32\F661CC\D92898.EXE
C:\WINDOWS\system32\425AE2\cnvpe.fne
C:\WINDOWS\system32\425AE2\dp1.fne
C:\WINDOWS\system32\425AE2\eAPI.fne
C:\WINDOWS\system32\425AE2\eCompress.fne
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\krnln.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\HtmlView.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\internet.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\eAPI.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\dp1.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\shell.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\spec.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\cnvpe.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\RegEx.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\eCompress.fne
C:\WINDOWS\system32\F661CC\D92898.EXE
C:\WINDOWS\system32\425AE2\cnvpe.fne
C:\WINDOWS\system32\425AE2\dp1.fne
C:\WINDOWS\system32\425AE2\eAPI.fne
C:\WINDOWS\system32\425AE2\eCompress.fne
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Cookies\administrator@sogou[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sohu[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\noConnect[3]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\bullet[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\ErrorPageTemplate[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\dnserrordiagoff_webOC[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\down[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\dnserrordiagoff[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\info_48[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\favcenter[3]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[2]
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\internet.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\spec.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\cnvpe.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\RegEx.fnr
Behavior description:复制文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\cnvpe.fne ---> C:\WINDOWS\system32\425AE2\\cnvpe.fne
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\cnvpe.fne-newfile ---> C:\WINDOWS\system32\425AE2\\cnvpe.fne-newfile
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\cnvpe.fne.AmBackup14 ---> C:\WINDOWS\system32\425AE2\\cnvpe.fne.AmBackup14
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\cnvpe.fne.AmBackup8 ---> C:\WINDOWS\system32\425AE2\\cnvpe.fne.AmBackup8
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\dp1.fne ---> C:\WINDOWS\system32\425AE2\\dp1.fne
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\dp1.fne-newfile ---> C:\WINDOWS\system32\425AE2\\dp1.fne-newfile
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\dp1.fne.AmBackup5 ---> C:\WINDOWS\system32\425AE2\\dp1.fne.AmBackup5
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\eAPI.fne ---> C:\WINDOWS\system32\425AE2\\eAPI.fne
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\eAPI.fne-newfile ---> C:\WINDOWS\system32\425AE2\\eAPI.fne-newfile
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\eAPI.fne.AmBackup4 ---> C:\WINDOWS\system32\425AE2\\eAPI.fne.AmBackup4
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\eCompress.fne ---> C:\WINDOWS\system32\425AE2\\eCompress.fne
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\eCompress.fne-newfile ---> C:\WINDOWS\system32\425AE2\\eCompress.fne-newfile
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\eCompress.fne.AmBackup10 ---> C:\WINDOWS\system32\425AE2\\eCompress.fne.AmBackup10
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\HtmlView.fne ---> C:\WINDOWS\system32\425AE2\\HtmlView.fne
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\HtmlView.fne-newfile ---> C:\WINDOWS\system32\425AE2\\HtmlView.fne-newfile
Behavior description:设置启动项
details:C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\1CEA73.lnk
Behavior description:设置特殊文件属性
details:C:\WINDOWS\system32\F661CC\D92898.EXE
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\.*
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\WINDOWS\system32\F661CC\D92898.EXE
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\F661CC
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\*.*
FileName = C:\Documents and Settings\Administrator\Cookies\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\*.*
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\krnln.fnr ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\HtmlView.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\internet.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\eAPI.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\dp1.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\shell.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\spec.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\cnvpe.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\RegEx.fnr ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\eCompress.fne ---> Offset = 0
C:\WINDOWS\system32\F661CC\D92898.EXE ---> Offset = 0
C:\WINDOWS\system32\425AE2\cnvpe.fne ---> Offset = 0
C:\WINDOWS\system32\425AE2\cnvpe.fne ---> Offset = 4096
C:\WINDOWS\system32\425AE2\cnvpe.fne ---> Offset = 8192
C:\WINDOWS\system32\425AE2\cnvpe.fne ---> Offset = 12288
Registry behavior
Behavior description:删除注册表键
details:\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\TypedURLs\
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Wait For Buffer Return
EventName = rxr
EventName = Global\userenv: User Profile setup event
Behavior description:获取TickCount值
details:TickCount = 489109, SleepMilliseconds = 250.
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00000000, DC = 0x1c010494.
Foreground window Info: HWND = 0x00000000, DC = 0xe4010189.
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\krnln.fnr(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\HtmlView.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\internet.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\eAPI.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\dp1.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\shell.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\spec.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\cnvpe.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\RegEx.fnr(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\eCompress.fne(签名验证: 未通过)
C:\WINDOWS\system32\F661CC\D92898.EXE(签名验证: 未通过)
C:\WINDOWS\system32\425AE2\cnvpe.fne(签名验证: 未通过)
C:\WINDOWS\system32\425AE2\dp1.fne(签名验证: 未通过)
C:\WINDOWS\system32\425AE2\eAPI.fne(签名验证: 未通过)
C:\WINDOWS\system32\425AE2\eCompress.fne(签名验证: 未通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 250.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Afx:10000000:8:10011:1900015:0]
[Window,Class] = [,Afx:1e10000:8]
[Window,Class] = [,Shell Embedding]
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\krnln.fnr ---> e30466f8e25661acd9d35f2881d1ca85
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\HtmlView.fne ---> 7f1e7a79886753a00053e06e086b8aeb
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\internet.fne ---> ad44d4abb1b88eb1c8a6e201c4ead6af
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\eAPI.fne ---> 56d71b745fc5472a03b4f9d852f130ea
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\dp1.fne ---> 393d95d2c87e893bacb954af00aec387
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\shell.fne ---> f8f74939f5334ca1b42aeeea408e7ef1
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\spec.fne ---> 78464e340a7748ce967b9bcaa6d51a45
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\cnvpe.fne ---> f08a86eb3916c1b97270f8a153b12968
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\RegEx.fnr ---> 575b8b06673726290beb64eb53ad5b22
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\eCompress.fne ---> 9b3e876daa798d49705cc043624dacc5
C:\WINDOWS\system32\F661CC\D92898.EXE ---> f5246478eee045f3372ca8a8b8c9b822
C:\WINDOWS\system32\425AE2\cnvpe.fne ---> f08a86eb3916c1b97270f8a153b12968
C:\WINDOWS\system32\425AE2\dp1.fne ---> 393d95d2c87e893bacb954af00aec387
C:\WINDOWS\system32\425AE2\eAPI.fne ---> 56d71b745fc5472a03b4f9d852f130ea
C:\WINDOWS\system32\425AE2\eCompress.fne ---> 9b3e876daa798d49705cc043624dacc5
Behavior description:加载新释放的文件
details:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\krnln.fnr.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\HtmlView.fne.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\eCompress.fne.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\shell.fne.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\eAPI.fne.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\dp1.fne.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号