VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:72
Behavior list
Basic Information
MD5:28e6e3c67a6815bb91125d8e7931354e
file type:EXE
Production company:初雨团队
version:10.1.7.1---10.1.7.1
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [Overlay]
Subfile information:wimgapi.dll / 96923e8b475ec03aa04e99d35f28e3ea / DLL
Dism++x64.exe / e45adb13ae61f163c9132ddd5b08dfbc / EXE
wimgapi.dll / 53c456e3bef446e9283bb56d4c6f85a6 / DLL
PluginRes.dll / 6f7cc4faa11e492acf4c7e73c517552f / DLL
DuiLib.dll / ab3738a6333e917f86aa8db9f629dee9 / DLL
Dism++x86.exe / 640e2611392322948afff64c3a2856b0 / EXE
DuiLib.dll / c49633dac882e526f8fd1c748f987519 / DLL
Data.xml / e5995f7c4ba733ca09d2841f113f63bc / Unknown
wofadk.sys / fb8df6932fccb3c981fb0a6ac207c57e / SYS
wofadk.sys / 01e35a14d653ede10e4cc566a6579194 / SYS
bcdboot.exe / 65299fb983d624c649e4fcaa430ca5e1 / EXE
winapp1.ini / e74decad94b3399660eedd84e05a1ca2 / Unknown
bcdboot.exe / 892afd96dffba13d8c02f78506073b78 / EXE
CBSHost.dll / d1e4a715fc7de49162c4c221b2cd3ec9 / DLL
upx_c_83800732dumpFile / b3b8e7e9ccb1a8c41ffd6a480521491e / EXE
CBSHost.dll / aed2c81b01463154b28b8de518541a6a / DLL
Plugin.amd64.dll / edcae10439def5d5d3cc89ac0f6410df / DLL
Plugin.x86.dll / cab9659eb8a86fc1fa88579665908166 / DLL
dism++.exe / e99a4e5a8151c7624a85ee2d0e2674d1 / EXE
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = "C:\Documents and Settings\Administrator\Local Settings\Temp\4C.tmp\Dism.CMD"
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c ""C:\Documents and Settings\Administrator\Local Settings\Temp\4C.tmp\Dism.CMD" "
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 3432, ThreadID = 3508, StartAddress = 00401284, Parameter = 00919D18
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 3432, ThreadID = 3512, StartAddress = 77C0A341, Parameter = 00A006B0
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 3432, ThreadID = 3516, StartAddress = 77C0A341, Parameter = 00A076C0
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 3432, ThreadID = 3520, StartAddress = 77C0A341, Parameter = 00A006B0
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 3432, ThreadID = 3680, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: dism++.exe, InheritedFromPID = 3432, ProcessID = 3684, ThreadID = 3704, StartAddress = 765E964D, Parameter = 001C5BE0
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\dism++.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\dism++.exe"
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\Config.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\Data.xml
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\default.ui.zip
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\Languages\zh-Hans.xml
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\winapp1.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\bcdboot.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\CBSHost.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\DuiLib.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\wimgapi.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\wofadk.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\Plugins\FrogPlugins_Pcn7FMvReAsVWfCQBfRJCw\Plugin.amd64.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\Plugins\FrogPlugins_Pcn7FMvReAsVWfCQBfRJCw\Plugin.x86.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\Plugins\FrogPlugins_Pcn7FMvReAsVWfCQBfRJCw\PluginRes.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\x86\bcdboot.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\x86\CBSHost.dll
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\4C.tmp
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\bcdboot.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\CBSHost.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\DuiLib.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\wimgapi.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\wofadk.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\Plugins\FrogPlugins_Pcn7FMvReAsVWfCQBfRJCw\Plugin.amd64.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\Plugins\FrogPlugins_Pcn7FMvReAsVWfCQBfRJCw\Plugin.x86.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\Plugins\FrogPlugins_Pcn7FMvReAsVWfCQBfRJCw\PluginRes.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\x86\bcdboot.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\x86\CBSHost.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\x86\DuiLib.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\x86\wimgapi.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\x86\wofadk.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\dism++.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Dism++x64.exe
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\Config.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\Data.xml ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\default.ui.zip ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\Languages\zh-Hans.xml ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\winapp1.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\bcdboot.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\bcdboot.exe ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\bcdboot.exe ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\CBSHost.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\CBSHost.dll ---> Offset = 9008
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\CBSHost.dll ---> Offset = 74544
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\CBSHost.dll ---> Offset = 140080
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\DuiLib.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\DuiLib.dll ---> Offset = 56112
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\DuiLib.dll ---> Offset = 121648
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\dism++.exe
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\dism++.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\dism++.exe
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Local Settings\Temp\4C.tmp\Dism.CMD
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Dism++x86.exe
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.AIO
Behavior description:创建事件对象
details:EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
EventName = MSCTF.SendReceive.Event.AIO.IC
EventName = MSCTF.SendReceiveConection.Event.AIO.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
_fCanRegisterWithShellService
Global\crypt32LogoffEvent
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000041
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000041
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000042
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000042
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\bcdboot.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\CBSHost.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\DuiLib.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\wimgapi.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\wofadk.sys(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\Plugins\FrogPlugins_Pcn7FMvReAsVWfCQBfRJCw\Plugin.amd64.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\Plugins\FrogPlugins_Pcn7FMvReAsVWfCQBfRJCw\Plugin.x86.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\Plugins\FrogPlugins_Pcn7FMvReAsVWfCQBfRJCw\PluginRes.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\x86\bcdboot.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\x86\CBSHost.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\x86\DuiLib.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\x86\wimgapi.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\x86\wofadk.sys(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\dism++.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Dism++x64.exe(签名验证: 未通过)
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\bcdboot.exe ---> 65299fb983d624c649e4fcaa430ca5e1
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\CBSHost.dll ---> d1e4a715fc7de49162c4c221b2cd3ec9
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\DuiLib.dll ---> ab3738a6333e917f86aa8db9f629dee9
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\wimgapi.dll ---> 96923e8b475ec03aa04e99d35f28e3ea
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\amd64\wofadk.sys ---> fb8df6932fccb3c981fb0a6ac207c57e
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\Plugins\FrogPlugins_Pcn7FMvReAsVWfCQBfRJCw\Plugin.amd64.dll ---> edcae10439def5d5d3cc89ac0f6410df
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\Plugins\FrogPlugins_Pcn7FMvReAsVWfCQBfRJCw\Plugin.x86.dll ---> cab9659eb8a86fc1fa88579665908166
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\Plugins\FrogPlugins_Pcn7FMvReAsVWfCQBfRJCw\PluginRes.dll ---> 6f7cc4faa11e492acf4c7e73c517552f
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\x86\bcdboot.exe ---> 892afd96dffba13d8c02f78506073b78
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\x86\CBSHost.dll ---> aed2c81b01463154b28b8de518541a6a
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\x86\DuiLib.dll ---> c49633dac882e526f8fd1c748f987519
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\x86\wimgapi.dll ---> 53c456e3bef446e9283bb56d4c6f85a6
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Config\x86\wofadk.sys ---> 01e35a14d653ede10e4cc566a6579194
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\dism++.exe ---> e99a4e5a8151c7624a85ee2d0e2674d1
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Dism++x64.exe ---> e45adb13ae61f163c9132ddd5b08dfbc
Behavior description:打开互斥体
details:ShimCacheMutex
Local\!IETld!Mutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号