VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Basic Information

MD5: 183fe326085a7a7067642151f3c6e5f5
file type: EXE
Production company:
version:
Shell or compiler information: COMPILER:PE+(64)

Key behavior

Behavior description: 获取TickCount值
details: TickCount = 95515, SleepMilliseconds = 500.

File behavior

Behavior description: 创建文件
details: C:\Windows.old\7556621875704017320_0_10000_10000:stream
Behavior description: 查找文件
details: FileName = \\?\C:\Users\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1170589654-2814428265-349930785-500\a18ca4003deb042bbee7a40f15e1970b_*
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\*
FileName = C:\Windows.old\*
FileName = D:\Windows.old\*

Network behavior

Behavior description: 建立到一个指定的套接字连接
details: URL: po****us, IP: **.133.40.**:128, SOCKET = 0x000001bc
URL: bu****uk, IP: **.133.40.**:128, SOCKET = 0x00000180
Behavior description: 发送HTTP包
details: POST /burst?requestType=getMiningInfo HTTP/1.0 Host: po****us:8124 Content-Length: 0 Connection: close
POST /burst?requestType=getMiningInfo HTTP/1.0 Host: bu****uk:8124 Content-Length: 0 Connection: close
Behavior description: 按名称获取主机地址
details: GetAddrInfoW: po****us
GetAddrInfoW: bu****uk

Other behavior

Behavior description: 检测自身是否被调试
details: IsDebuggerPresent
Behavior description: 查找指定窗口
details: FindWindowExA: [Class,Window] = [bc,]
Behavior description: 获取TickCount值
details: TickCount = 95515, SleepMilliseconds = 500.
Behavior description: 调整进程token权限
details: SE_MANAGE_VOLUME_PRIVILEGE
Behavior description: 打开事件
details: \SECURITY\LSA_AUTHENTICATION_INITIALIZED
Behavior description: 调用Sleep函数
details: [1]: MilliSeconds = 500.
[2]: MilliSeconds = 500.
[3]: MilliSeconds = 500.
[4]: MilliSeconds = 500.
[5]: MilliSeconds = 500.
[6]: MilliSeconds = 500.
[7]: MilliSeconds = 500.
[8]: MilliSeconds = 500.
[9]: MilliSeconds = 500.
[10]: MilliSeconds = 500.
Behavior description: 打开互斥体
details: Local\ShimViewer

Run screenshot

VirSCAN