VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:60
Behavior list
Basic Information
MD5:138ad08b34bc3a6e9cd4db1c2c8ebc59
file type:EXE
Production company:SA
version:1.7.2.4---1.7.2.4
Shell or compiler information:COMPILER:NSIS
Subfile information:MiniUI.dll / 17e6bb7b79ad2fbdb8be566b23b0b5cd / DLL
360Base.dll / 5f9cf223f8f5d115fc13d54d1c2efc19 / DLL
FileSmasher.exe / f0b38dd213872a2d0cda59d0a6b45e40 / EXE
defaultskin.ui / 1ea59a9ecc0cf9ef04684060c4795130 / zip
main.exe / 9235cb949eec477d645de9434a775440 / EXE
udl.exe / 39ccb7f755816f1d529eaa9814024303 / EXE
sethc.exe / a50ede4c169263021e75359185df034a / EXE
ntsd.exe / 5e416f63451d86e617811bdafc93bb2e / EXE
sys.exe / 1f74315afaaa28ab406486677702e394 / EXE
tpsr64.exe / 28fe0dcdbc3f531d8cbe4e08431cb99a / EXE
tpsr32.exe / a3a88fb651bf2f74a89ead56e8deb71f / EXE
2048.exe / 6cb9978ff78a4bf94b02314c00257672 / EXE
desktop.exe / 0e6ebded5bed0c401f8252408171f5a3 / EXE
sys.exe / d2e5aeb3ab52240108ede31003755dd5 / EXE
snake.exe / 3589057da6259d1974d4f786b12d8b42 / EXE
sethc.exe / d5670cbeee8d1036bc0cf6f8e035cc9a / EXE
sethc.exe / e985f63a222d4d30d3c180869c81dc07 / EXE
DeleteFile.sys / b4a0c14995bb1d1f5cf1c4b693a24299 / SYS
360.sys / 2f585b918a265c696a209cdbe53388ef / SYS
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = init.bat
Behavior description:创建进程
details:[0x000001b4]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c init.bat
Behavior description:创建新文件进程
details:[0x00000674]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GUI\main.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GUI\main.exe
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsz3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\2048.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\desktop.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\hook.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\init.bat
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\main.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\sethc.bat
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\snake.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\uset.bat
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\关于.txt
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\1.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\2.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\360Base.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\MiniUI.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\Config\FileSmash.xml
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\2048.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\desktop.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\hook.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\main.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\snake.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\360Base.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\MiniUI.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\Utils\FileSmasher.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\setup\ntsd.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\setup\sethc.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\x32\sethc.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\x32\sys.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\x32\tpsr32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\x64\360.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\x64\BSOD.sys
Behavior description:修改脚本文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\init.bat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\sethc.bat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\uset.bat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\x32\1.bat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\x32\2.bat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\x32\3.bat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\x32\4.bat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\x64\1.bat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\x64\2.bat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\x64\3.bat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\x64\4.bat ---> Offset = 0
Behavior description:复制文件
details:C:\windows\system32\sethc.exe ---> c:\SAtemp\sethc.exe
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsz3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF5B90.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\2048.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\1.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\2.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\360Base.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\Config\config.xml
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\Config\defaultskin\defaultskin.ui
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\Config\defaultskin\MiniUI.xml
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\Config\FileSmash.xml
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\MiniUI.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\Utils\FileSmasher.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\desktop.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\hook.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\init.bat
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GUI
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GUI\main.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GUI\init.bat
FileName = C:\
FileName = c:\SAtemp\sethc.exe
FileName = C:\windows\system32\sethc.exe
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\2048.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\desktop.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\hook.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\main.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\main.exe ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\main.exe ---> Offset = 51637
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\main.exe ---> Offset = 84405
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\main.exe ---> Offset = 102111
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\snake.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\关于.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\1.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\2.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\360Base.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\360Base.dll ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\360Base.dll ---> Offset = 36274
Registry behavior
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.EIG
Behavior description:创建事件对象
details:EventName = MSCTF.SendReceive.Event.EIG.IC
EventName = MSCTF.SendReceiveConection.Event.EIG.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 1652, Hwnd=0x10350, Text = 关于, ClassName = ThunderRT6CommandButton.
Pid = 1652, Hwnd=0x10352, Text = 其他工具, ClassName = ThunderRT6CommandButton.
Pid = 1652, Hwnd=0x10354, Text = 极域工具箱, ClassName = ThunderRT6CommandButton.
Pid = 1652, Hwnd=0x10356, Text = 安装/卸载大全, ClassName = ThunderRT6CommandButton.
Pid = 1652, Hwnd=0x10358, Text = 一键安装, ClassName = ThunderRT6CommandButton.
Pid = 1652, Hwnd=0x1034e, Text = 极域破解1.7.1, ClassName = ThunderRT6FormDC.
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\2048.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\desktop.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\hook.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\main.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\snake.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\360Base.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\MiniUI.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\Utils\FileSmasher.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\setup\ntsd.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\setup\sethc.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\x32\sethc.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\x32\sys.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\x32\tpsr32.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\x64\360.sys(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\x64\BSOD.sys(签名验证: 未通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 0.
[2]: MilliSeconds = 0.
[3]: MilliSeconds = 0.
Behavior description:隐藏指定窗口
details:[Window,Class] = [极域破解1.7.1,ThunderRT6FormDC]
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\2048.exe ---> 6cb9978ff78a4bf94b02314c00257672
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\desktop.exe ---> 0e6ebded5bed0c401f8252408171f5a3
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\hook.exe ---> e68db58e9b9210f10059806c02f5eae2
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\main.exe ---> 9235cb949eec477d645de9434a775440
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\snake.exe ---> 3589057da6259d1974d4f786b12d8b42
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\360Base.dll ---> 5f9cf223f8f5d115fc13d54d1c2efc19
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\MiniUI.dll ---> 17e6bb7b79ad2fbdb8be566b23b0b5cd
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\deleter\Utils\FileSmasher.exe ---> f0b38dd213872a2d0cda59d0a6b45e40
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\setup\ntsd.exe ---> 5e416f63451d86e617811bdafc93bb2e
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\setup\sethc.exe ---> a50ede4c169263021e75359185df034a
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\x32\sethc.exe ---> d5670cbeee8d1036bc0cf6f8e035cc9a
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\x32\sys.exe ---> d2e5aeb3ab52240108ede31003755dd5
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\x32\tpsr32.exe ---> a3a88fb651bf2f74a89ead56e8deb71f
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\x64\360.sys ---> 2f585b918a265c696a209cdbe53388ef
C:\Documents and Settings\Administrator\Local Settings\Temp\GUI\x64\BSOD.sys ---> 8a0284b190bbee6d1e6dc6017d342ead
Behavior description:打开互斥体
details:ShimCacheMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号