VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:35
Behavior list
Basic Information
MD5:1ec466732014759fd0a56f58383cafc0
file type:EXE
Production company:
version:
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [Overlay]
Subfile information:upx_c_ade3dcb6dumpFile / f38557a9c9e0be868f259434af8bb2fe / EXE
Key behavior
Behavior description:按名称获取主机地址
details:computer
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JavaVM
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Services
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = "c:\windows\services.exe"
Behavior description:创建新文件进程
details:ImagePath = C:\WINDOWS\services.exe, CmdLine = "C:\WINDOWS\services.exe"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建可执行文件
details:C:\WINDOWS\services.exe
C:\WINDOWS\java.exe
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zincite.log---> Offset = 512
C:\WINDOWS\java.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zincite.log---> Offset = 128
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\groadcz.log---> Offset = 64
Behavior description:查找文件
details:FileName = C:\WINDOWS
FileName = C:\WINDOWS\services.exe
FileName = C:\WINDOWS\Temporary Internet Files\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\*.*
FileName = C:\*.*
FileName = C:\222c25ed\*.*
FileName = C:\222c25ed\IE8-Setup-Full\*.*
Network behavior
Behavior description:发送一个已连接的套接字数据
details:SOCKET = 0x000006bc, TotalSize = 1, Offset = 0, ReadSize = 1.
Behavior description:建立到一个指定的套接字连接
details:192.168.1.35:1034
15.130.71.190:1034
24.131.210.134:1034
4.240.78.186:1034
4.240.75.202:1034
16.51.193.7:1034
169.254.33.16:1034
159.134.165.238:1034
192.168.0.221:1034
16.150.197.22:1034
16.115.193.27:1034
16.91.194.91:1034
115.240.47.104:1034
16.181.93.11:1034
15.63.243.141:1034
Behavior description:按名称获取主机地址
details:computer
Registry behavior
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JavaVM
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Services
Other behavior
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 83000.
[2]: MilliSeconds = 800.
[3]: MilliSeconds = 800.
[4]: MilliSeconds = 800.
[5]: MilliSeconds = 800.
[6]: MilliSeconds = 800.
[7]: MilliSeconds = 800.
[8]: MilliSeconds = 800.
[9]: MilliSeconds = 800.
[10]: MilliSeconds = 800.
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [rctrl_renwnd32,]
NtUserFindWindowEx: [Class,Window] = [ATH_Note,]
NtUserFindWindowEx: [Class,Window] = [IEFrame,]
Behavior description:获取TickCount值
details:TickCount = 568968, SleepMilliseconds = 83000.
TickCount = 568984, SleepMilliseconds = 83000.
TickCount = 486106, SleepMilliseconds = 75.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号