VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:79
Behavior list
Basic Information
MD5:1cfb730008413da4d4213d98c8f0c526
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:Borland Delphi 4.0 - 5.0
Subfile information:hexelon.exe / 415342de8c4fdd7901adfc19bc7a0bdd / EXE
hexelon_pl.chm / eecb7d8cfdad675e76440371bd1ff5b0 / Chm
hexelon_en.chm / cd288ee3aab72d41fc9f91c50a807dda / Chm
hexwork.exe / 8587b37ee3ad60b6fc94d8a2d0573fc7 / EXE
polski.lng / 9c73bf83e07e4b1028204d5e2feff7a5 / Unknown
czech.lng / b2ddd95e3d7d8c1f3e05cfe822e786bb / Unknown
english.lng / a831a8a587f8515f0565cf7de1f5486a / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.AEI..FIJIG
MSCTF.MarshalInterface.FileMap.AEI.B.EMJIG
MSCTF.MarshalInterface.FileMap.AEI.C.EMJIG
MSCTF.MarshalInterface.FileMap.AEI.D.EMJIG
MSCTF.MarshalInterface.FileMap.AEI.E.EMJIG
MSCTF.MarshalInterface.FileMap.AEI.F.EMJIG
MSCTF.MarshalInterface.FileMap.AEI.G.EMJIG
MSCTF.Shared.SFM.AEI
MSCTF.MarshalInterface.FileMap.AEI.H.DALMG
MSCTF.MarshalInterface.FileMap.AEI.I.DALMG
MSCTF.MarshalInterface.FileMap.AEI.J.DALMG
MSCTF.MarshalInterface.FileMap.AEI.K.DALMG
MSCTF.MarshalInterface.FileMap.AEI.L.DALMG
MSCTF.MarshalInterface.FileMap.AEI.M.DALMG
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改注册表_启动项
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Run\HEXelon MAX
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.AEI..FIJIG
MSCTF.MarshalInterface.FileMap.AEI.B.EMJIG
MSCTF.MarshalInterface.FileMap.AEI.C.EMJIG
MSCTF.MarshalInterface.FileMap.AEI.D.EMJIG
MSCTF.MarshalInterface.FileMap.AEI.E.EMJIG
MSCTF.MarshalInterface.FileMap.AEI.F.EMJIG
MSCTF.MarshalInterface.FileMap.AEI.G.EMJIG
MSCTF.Shared.SFM.AEI
MSCTF.MarshalInterface.FileMap.AEI.H.DALMG
MSCTF.MarshalInterface.FileMap.AEI.I.DALMG
MSCTF.MarshalInterface.FileMap.AEI.J.DALMG
MSCTF.MarshalInterface.FileMap.AEI.K.DALMG
MSCTF.MarshalInterface.FileMap.AEI.L.DALMG
MSCTF.MarshalInterface.FileMap.AEI.M.DALMG
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Application Data\HEXelon\config\hexelon.ini---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\HEXelon\config\hexelon.ini---> Offset = 18
C:\Documents and Settings\Administrator\Application Data\HEXelon\config\hexelon.ini---> Offset = 31
C:\Documents and Settings\Administrator\Application Data\HEXelon\config\hexelon.ini---> Offset = 42
C:\Documents and Settings\Administrator\Application Data\HEXelon\config\hexelon.ini---> Offset = 55
C:\Documents and Settings\Administrator\Application Data\HEXelon\config\hexelon.ini---> Offset = 70
C:\Documents and Settings\Administrator\Application Data\HEXelon\config\hexelon.ini---> Offset = 86
C:\Documents and Settings\Administrator\Application Data\HEXelon\config\hexelon.ini---> Offset = 82
C:\Documents and Settings\Administrator\Application Data\HEXelon\config\hexelon.ini---> Offset = 67
C:\Documents and Settings\Administrator\Application Data\HEXelon\config\hexelon.ini---> Offset = 39
C:\Documents and Settings\Administrator\Application Data\HEXelon\config\hexelon.ini---> Offset = 26
C:\Documents and Settings\Administrator\Application Data\HEXelon\config\hexelon.ini---> Offset = 15
C:\Documents and Settings\Administrator\Application Data\HEXelon\config\hexelon.ini---> Offset = 101
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = hexelon.com, PORT = 80
InternetConnectA: ServerName = www.HEXelon.com, PORT = 80
Behavior description:下载文件
details:URLDownloadToFileW: http://www.HEXelon.com/hexelon_in_out/reklama/reklama_pobierz.php?jezyk=en&wersja=6.07 ---> C:\Documents and Settings\Administrator\Application Data\HEXelon\config\advertisement.jpg
C:\Documents and Settings\Administrator\Application Data\HEXelon\config\advertisement.jpg
Behavior description:读取网络文件
details:hFile = 0x00000618, BytesToRead =1025, BytesRead = 1025.
hFile = 0x00000614, BytesToRead =1025, BytesRead = 1025.
Behavior description:打开HTTP请求
details:HttpOpenRequestA: hexelon.com:80/hexelon_in_out/portale.php?ver=6.07&lang=en&a=xciuumyeuru7f9zxgzs86oea5ad5acdp, hConnect = 0x0000061c
HttpOpenRequestA: www.hexelon.com:80/hexelon_in_out/biezaca_wersja.php?ver=6.07&lang=en&a=xciuumyeuru7f9zxgzs86oea5ad5acdp, hConnect = 0x00000620
Registry behavior
Behavior description:删除注册表键值_删除启动项
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Run\HEXelon MAX
Behavior description:修改注册表_启动项
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Run\HEXelon MAX
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
35db68023471390e351529a052ac7fe1
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.AEI
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 2108, Hwnd=0x501ae, Text = wykres, ClassName = TButton.
Pid = 2108, Hwnd=0x301d0, Text = 0123456789ABCDEF, ClassName = THEXelonEdit.
Pid = 2108, Hwnd=0x301c6, Text = zmienne, ClassName = TButton.
Pid = 2108, Hwnd=0x301c0, Text = EditMemory, ClassName = TEdit.
Pid = 2108, Hwnd=0x401be, Text = ToolBar, ClassName = TToolBar.
Pid = 2108, Hwnd=0x4020e, Text = HEXelon MAX 6.07, ClassName = TFrmMain.
Pid = 2108, Hwnd=0x501be, Text = ToolBar, ClassName = TToolBar.
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:打开图片文件
details:\Documents and Settings\Administrator\Application Data\HEXelon\config\advertisement.jpg
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号