VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:44
Behavior list
Basic Information
MD5:2b2c17e2d5ac7e18b3989615783bb4dd
file type:EXE
Production company:
version:
Shell or compiler information:COMPILER:NothingFound
Key behavior
Behavior description:修改原系统的EXE文件
details:C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\ARPPRODUCTICON.exe---> Offset = 61440
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe---> Offset = 106496
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe---> Offset = 61440
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe---> Offset = 106496
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe---> Offset = 106496
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Temp\sogouexplorerup.exe---> Offset = 565248
C:\Documents and Settings\Administrator\Application Data\SogouPY\SogouExplorer.exe---> Offset = 126976
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\commonf_inst\TXSSOSetup.exe---> Offset = 978944
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\SafeBase\QQSafeUD.exe---> Offset = 28672
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\STemp\SetupEx~0\QQSetupEx.exe---> Offset = 237568
Behavior description:跨进程写入数据
details:C:\Program Files\Internet Explorer\iexplore.exe
Behavior description:设置特殊文件属性
details:C:\WINDOWS\system32\runouce.exe
Behavior description:创建远程线程
details:C:\Program Files\Internet Explorer\iexplore.exe
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Runonce
Process behavior
Behavior description:创建远程线程
details:C:\Program Files\Internet Explorer\iexplore.exe
Behavior description:跨进程写入数据
details:C:\Program Files\Internet Explorer\iexplore.exe
Behavior description:创建本地线程
details:N/A
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1448089347.497273.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1448089347.497273.exe
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建文件
details:C:\WINDOWS\system32\runouce.exe
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\readme.eml
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\readme.eml
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.1\readme.eml
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.share\0.0.0.1\readme.eml
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\readme.eml
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\readme.eml
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\readme.eml
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\readme.eml
Behavior description:修改原系统的EXE文件
details:C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\ARPPRODUCTICON.exe---> Offset = 61440
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe---> Offset = 106496
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe---> Offset = 61440
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe---> Offset = 106496
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe---> Offset = 106496
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Temp\sogouexplorerup.exe---> Offset = 565248
C:\Documents and Settings\Administrator\Application Data\SogouPY\SogouExplorer.exe---> Offset = 126976
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\commonf_inst\TXSSOSetup.exe---> Offset = 978944
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\SafeBase\QQSafeUD.exe---> Offset = 28672
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\STemp\SetupEx~0\QQSetupEx.exe---> Offset = 237568
Behavior description:设置特殊文件属性
details:C:\WINDOWS\system32\runouce.exe
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\readme.eml---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\backgroundpage.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\readme.eml---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\backgroundpage.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\readme.eml---> Offset = 14880
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\popup.html---> Offset = 39547
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.1\readme.eml---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.1\backgroundpage.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.share\0.0.0.1\readme.eml---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.share\0.0.0.1\backgroundpage.html---> Offset = 5201
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\readme.eml---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\background.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\readme.eml---> Offset = 14880
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\callback.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\pop.html---> Offset = 12867
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1448089347.450779.exe
FileName = *.*
Registry behavior
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Runonce
Other behavior
Behavior description:创建互斥体
details:ChineseHacker-2
Behavior description:修改后的可执行文件MD5
details:C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe ---> 文件过大!
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\ARPPRODUCTICON.exe ---> 268bb6b2d8d857bc857bff057c50f248
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe ---> 90a42f3c353426ce6319e3655be40f75
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe ---> afadfaef5bcf609023980fda53a6a6f9
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe ---> 90a42f3c353426ce6319e3655be40f75
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe ---> 90a42f3c353426ce6319e3655be40f75
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Temp\sogouexplorerup.exe ---> 775a6bafc79ee99b4c1a866ce6eaf428
C:\Documents and Settings\Administrator\Application Data\SogouPY\SogouExplorer.exe ---> 6f1eb7e04a1d66af0007849475c1a254
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\commonf_inst\TXSSOSetup.exe ---> 453edcddedbc7de11d0723f21956a00a
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\SafeBase\QQSafeUD.exe ---> b6a80eedaeda1adac211589d0c8b4e54
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\STemp\SetupEx~0\QQSetupEx.exe ---> 9cb936cc35ff5d9ef974c0c0eee9c92d
Behavior description:修改后的可执行文件签名信息
details:C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\ARPPRODUCTICON.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Temp\sogouexplorerup.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\SogouPY\SogouExplorer.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\commonf_inst\TXSSOSetup.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\SafeBase\QQSafeUD.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\STemp\SetupEx~0\QQSetupEx.exe(签名验证: 未通过)
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [,]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号