VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:76
Behavior list
Basic Information
MD5:281d18f12d5c5f6f11a803f367cb9e58
file type:Rar
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual C# / Basic .NET
Subfile information:jquery.js / a6ca65c28110bf4c77947e0794a498cd / Unknown
keyboard.pngdumpFile / ef974ac20fc39679a1b01b928c1d47a3 / Unknown
keyboard.png / ef974ac20fc39679a1b01b928c1d47a3 / Unknown
DS3_Tool_Local.exedumpFile / 1493ef580c8ec9daeec07dc3aa9dd789 / EXE
jquery.jsdumpFile / a6ca65c28110bf4c77947e0794a498cd / Unknown
DS3_Tool_Local.exe / 1493ef580c8ec9daeec07dc3aa9dd789 / EXE
minify-jquery-ui-1323347558.cssdumpFile / 07637c175c7c186234a7c92d4f6dbc2f / Unknown
minify-jquery-ui-1323347558.css / 07637c175c7c186234a7c92d4f6dbc2f / Unknown
customdumpFile / e1fb74840375a8010b23f4931cdab0bd / Unknown
custom / e1fb74840375a8010b23f4931cdab0bd / Unknown
SetDS3forPCSX2.exedumpFile / 47bd9eaa095bcf2502045b8d4255ee56 / EXE
SetDS3forPCSX2.exe / 47bd9eaa095bcf2502045b8d4255ee56 / EXE
custom.js / 0d26b91a06a9273e67eac6ec173051c4 / Unknown
custom.jsdumpFile / 0d26b91a06a9273e67eac6ec173051c4 / Unknown
playstation_controller.jsdumpFile / afbcedcba8693855fa1eb0fea374c4f2 / Unknown
playstation_controller.js / afbcedcba8693855fa1eb0fea374c4f2 / Unknown
xbox360_controller.js / 2d3a032e30779c69c2543b00f9b7fe91 / Unknown
xbox360_controller.jsdumpFile / 2d3a032e30779c69c2543b00f9b7fe91 / Unknown
playstation_controller / bf3eea613d860c4286d1bb8f9e132090 / Unknown
Key behavior
Behavior description:检测自身是否被调试
details:N/A
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016090420160905
Behavior description:直接获取CPU时钟
details:N/A
Behavior description:获取TickCount值
details:TickCount = 5417687, SleepMilliseconds = 60000.
TickCount = 5417703, SleepMilliseconds = 60000.
TickCount = 5424406, SleepMilliseconds = 60000.
TickCount = 5424421, SleepMilliseconds = 60000.
TickCount = 5428515, SleepMilliseconds = 60000.
TickCount = 5428781, SleepMilliseconds = 60000.
TickCount = 5429171, SleepMilliseconds = 60000.
TickCount = 5429234, SleepMilliseconds = 60000.
TickCount = 5429453, SleepMilliseconds = 60000.
TickCount = 5429484, SleepMilliseconds = 60000.
TickCount = 5429531, SleepMilliseconds = 60000.
TickCount = 5429546, SleepMilliseconds = 60000.
TickCount = 5429609, SleepMilliseconds = 60000.
TickCount = 5429640, SleepMilliseconds = 60000.
TickCount = 5429671, SleepMilliseconds = 60000.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: DS3_Tool_Local.exe, InheritedFromPID = 1944, ProcessID = 3216, ThreadID = 3292, StartAddress = 79F0237F, Parameter = 00000000
TargetProcess: DS3_Tool_Local.exe, InheritedFromPID = 1944, ProcessID = 3216, ThreadID = 3296, StartAddress = 79F91FCF, Parameter = 001954D0
TargetProcess: DS3_Tool_Local.exe, InheritedFromPID = 1944, ProcessID = 3216, ThreadID = 3316, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: DS3_Tool_Local.exe, InheritedFromPID = 1944, ProcessID = 3216, ThreadID = 3320, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: DS3_Tool_Local.exe, InheritedFromPID = 1944, ProcessID = 3216, ThreadID = 3324, StartAddress = 77E56C7D, Parameter = 001DB238
TargetProcess: DS3_Tool_Local.exe, InheritedFromPID = 1944, ProcessID = 3216, ThreadID = 3328, StartAddress = 769AE43B, Parameter = 001DD740
TargetProcess: DS3_Tool_Local.exe, InheritedFromPID = 1944, ProcessID = 3216, ThreadID = 3640, StartAddress = 6359727B, Parameter = 002761C8
TargetProcess: DS3_Tool_Local.exe, InheritedFromPID = 1944, ProcessID = 3216, ThreadID = 3644, StartAddress = 79F91FCF, Parameter = 001E3198
TargetProcess: DS3_Tool_Local.exe, InheritedFromPID = 1944, ProcessID = 3216, ThreadID = 3660, StartAddress = 6359727B, Parameter = 054CAA40
TargetProcess: DS3_Tool_Local.exe, InheritedFromPID = 1944, ProcessID = 3216, ThreadID = 3680, StartAddress = 6359727B, Parameter = 054CAB80
TargetProcess: DS3_Tool_Local.exe, InheritedFromPID = 1944, ProcessID = 3216, ThreadID = 3752, StartAddress = 79FDA29C, Parameter = 00000000
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Application Data\MotioninJoy\DS3tool\appconfig
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016090420160905
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\MotioninJoy\DS3tool\appconfig ---> Offset = 0
Behavior description:查找文件
details:FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\WINDOWS\Microsoft.NET\Framework\\*
FileName = C:\WINDOWS
FileName = C:\WINDOWS\WinSxS
FileName = C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
FileName = C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\DS3_Tool_Local.exe
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\DS3_Tool_Local.INI
FileName = C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
Other behavior
Behavior description:检测自身是否被调试
details:N/A
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\DS3_Tool
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EJM
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\!PrivacIE!SharedMemory!Mutex
Behavior description:创建事件对象
details:EventName = Global\CorDBIPCSetupSyncEvent_3216
EventName = MSCTF.SendReceive.Event.EJM.IC
EventName = MSCTF.SendReceiveConection.Event.EJM.IC
Behavior description:打开互斥体
details:ShimCacheMutex
Global\CLR_CASOFF_MUTEX
Local\WininetStartupMutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!IETld!Mutex
CtfmonInstMutexDefaultS-*
_!SHMSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012016090420160905!
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
Behavior description:打开事件
details:Global\CLR_PerfMon_StartEnumEvent
\KernelObjects\LowMemoryCondition
HookSwitchHookEnabledEvent
MSFT.VSA.COM.DISABLE.3216
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007B4.00000000.0000003F
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.0000003F
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
_fCanRegisterWithShellService
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Behavior description:获取TickCount值
details:TickCount = 5417687, SleepMilliseconds = 60000.
TickCount = 5417703, SleepMilliseconds = 60000.
TickCount = 5424406, SleepMilliseconds = 60000.
TickCount = 5424421, SleepMilliseconds = 60000.
TickCount = 5428515, SleepMilliseconds = 60000.
TickCount = 5428781, SleepMilliseconds = 60000.
TickCount = 5429171, SleepMilliseconds = 60000.
TickCount = 5429234, SleepMilliseconds = 60000.
TickCount = 5429453, SleepMilliseconds = 60000.
TickCount = 5429484, SleepMilliseconds = 60000.
TickCount = 5429531, SleepMilliseconds = 60000.
TickCount = 5429546, SleepMilliseconds = 60000.
TickCount = 5429609, SleepMilliseconds = 60000.
TickCount = 5429640, SleepMilliseconds = 60000.
TickCount = 5429671, SleepMilliseconds = 60000.
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 3216, Hwnd=0x7038a, Text = toolStrip1, ClassName = WindowsForms10.Window.8.app.0.378734a.
Pid = 3216, Hwnd=0x1902ce, Text = MotioninJoy Gamepad tool, ClassName = WindowsForms10.Window.8.app.0.378734a.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 60000.
[3]: MilliSeconds = -1.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Shell Embedding]
[Window,Class] = [,Internet Explorer_Server]
Behavior description:获取光标位置
details:CursorPos = (71,18468), SleepMilliseconds = 60000.
CursorPos = (6364,26501), SleepMilliseconds = 60000.
Behavior description:直接获取CPU时钟
details:N/A
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号