VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:70
Behavior list
Basic Information
MD5:0ffe2fa21cf434646dda90d538ab7873
file type:EXE
Production company:佚名
version:1.0.0.0---1.0.0.0
Shell or compiler information:PACKER:UPX V2.00-V3.00 -> Markus Oberhumer & Laszlo Molnar & John Reiser *
Subfile information:upx30_3956743bdumpFile / 4e5545aaf45366f2b40abc1fcfb7553f / EXE
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2700, ThreadID = 2712, StartAddress = 77DC845A, Parameter = 00000000
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\config.ini
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\config.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\config.ini ---> Offset = 20
C:\Documents and Settings\Administrator\Local Settings\%temp%\config.ini ---> Offset = 28
C:\Documents and Settings\Administrator\Local Settings\%temp%\config.ini ---> Offset = 36
C:\Documents and Settings\Administrator\Local Settings\%temp%\config.ini ---> Offset = 44
C:\Documents and Settings\Administrator\Local Settings\%temp%\config.ini ---> Offset = 52
C:\Documents and Settings\Administrator\Local Settings\%temp%\config.ini ---> Offset = 60
C:\Documents and Settings\Administrator\Local Settings\%temp%\config.ini ---> Offset = 68
C:\Documents and Settings\Administrator\Local Settings\%temp%\config.ini ---> Offset = 76
C:\Documents and Settings\Administrator\Local Settings\%temp%\config.ini ---> Offset = 84
C:\Documents and Settings\Administrator\Local Settings\%temp%\config.ini ---> Offset = 93
C:\Documents and Settings\Administrator\Local Settings\%temp%\config.ini ---> Offset = 102
C:\Documents and Settings\Administrator\Local Settings\%temp%\config.ini ---> Offset = 111
C:\Documents and Settings\Administrator\Local Settings\%temp%\config.ini ---> Offset = 120
C:\Documents and Settings\Administrator\Local Settings\%temp%\config.ini ---> Offset = 129
Network behavior
Behavior description:连接指定站点
details:WinHttpConnect: ServerName = 13****om, PORT = 80, UserName = , Password = , hSession = 0x02025000, hConnect = 0x02025100, Flags = 0x00000000
Behavior description:建立到一个指定的套接字连接
details:URL: 13****om, IP: **.133.40.**:80, SOCKET = 0x000001c4
Behavior description:发送HTTP包
details:GET /13139813/1949380 HTTP/1.1 User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: text/html, application/xhtml+xml, */* Accept-Encoding: gbk, GB2312 Accept-Language: zh-cn Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Host: 13****om Connection: Keep-Alive
Behavior description:打开HTTP请求
details:WinHttpOpenRequest: 13****om:80/13139813/1949380, hConnect = 0x02025100, hRequest = 0x02080000, Verb: GET, Referer: , Flags = 0x00000000
Behavior description:按名称获取主机地址
details:GetAddrInfoW: 13****om
Registry behavior
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\DWFileTreeRoot
Other behavior
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Behavior description:隐藏指定窗口
details:[Window,Class] = [<,AfxWnd42s]
[Window,Class] = [>,AfxWnd42s]
[Window,Class] = [,Afx:400000:b:10011:1900010:0]
[Window,Class] = [,_EL_Timer]
[Window,Class] = [第一步: 登录网站后台,进入资源库,在你要采集的目标上点击右键 属性,获取在采集当天或本周的链接地址。,Afx:400000:b:10011:1900015:0]
[Window,Class] = [,Afx:400000:b:10011:1900015:0]
[Window,Class] = [复制右侧红框中的地址,Afx:400000:b:10011:1900015:0]
[Window,Class] = [第三步:下载附件,把admin_reslib2.php文件放入admin文件夹并修改其中的密码和你上一步设置的密码一致。 $pkey = 123456; //采集授权密码,请修改为自己的密码,防止被恶意采集 ,Afx:400000:b:10011:1900015:0]
[Window,Class] = [第二步:修改上一步复制的网址里的 admin_reslib.php 为 admin_reslib2.php,并且在最后面添加:&password=123456 其中123456是你自己设置的密码。这样就得到了最终的采集网址。,Afx:400000:b:10011:1900015:0]
[Window,Class] = [点击此处下载,Afx:400000:b:10011:1900015:0]
[Window,Class] = [查看官网教程,Afx:400000:b:10011:1900015:0]
[Window,Class] = [但愿每次回忆,对生活都不感到负疚。,Afx:400000:b:10011:1900015:0]
[Window,Class] = [软件作者:佚名,Afx:400000:b:10011:1900015:0]
[Window,Class] = [用户QQ群:无,Afx:400000:b:10011:1900015:0]
[Window,Class] = [如果您觉得本软件对您有所帮助,您可以考虑对作者进行小额赞助。,Afx:400000:b:10011:1900015:0]
Behavior description:打开互斥体
details:ShimCacheMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号