VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:50
Behavior list
Basic Information
MD5:2c6d2ac0801c6305daf44cc3ed503bb4
file type:EXE
Production company:
version:
Shell or compiler information:PACKER:AsCrypt v0.1 -> SToRM - needs to be added *
Subfile information:upx30_86164c2edumpFile / e0a2f526ed55296fbc1c95c69f975bab / EXE
Process behavior
Behavior description:创建进程
details:[0x00000b38]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = "C:\WINDOWS\system32\cmd" /c ""C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\4.bat" "C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe""
Behavior description:创建新文件进程
details:[0x00000b40]ImagePath = C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\svchost.exe, CmdLine = svchost kill-server
[0x00000b48]ImagePath = C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\svchost.exe, CmdLine = svchost connect :5555
[0x00000b68]ImagePath = C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\svchost.exe, CmdLine = svchost connect :5555
[0x00000b70]ImagePath = C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\svchost.exe, CmdLine = svchost shell exit
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\4.bat
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\1.jpg
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\2.jpg
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\AdbWinApi.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\AdbWinUsbApi.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\svchost.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\dbzm.apk
C:\Documents and Settings\Administrator\Local Settings\Temp\5.tmp
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\AdbWinApi.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\AdbWinUsbApi.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\svchost.exe
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\cmd.exe
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\4.bat
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\svchost.*
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\svchost.COM
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\1.jpg
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\2.jpg
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\AdbWinApi.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\AdbWinUsbApi.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\dbzm.apk
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\4.bat
C:\Documents and Settings\Administrator\Local Settings\Temp\5.tmp
Behavior description:修改BAT脚本文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\4.bat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\4.bat ---> Offset = 11
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\4.bat ---> Offset = 18167
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\1.jpg ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\2.jpg ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\AdbWinApi.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\AdbWinUsbApi.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\svchost.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\dbzm.apk ---> Offset = 0
Network behavior
Behavior description:建立到一个指定的套接字连接
details:IP: **.0.0.**:5037, SOCKET = 0x00000770
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Behavior description:样本控制台输出内容
details:N/A
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\AdbWinApi.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\AdbWinUsbApi.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\svchost.exe(签名验证: 未通过)
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\AdbWinApi.dll ---> 47a6ee3f186b2c2f5057028906bac0c6
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\AdbWinUsbApi.dll ---> 5f23f2f936bdfac90bb0a4970ad365cf
C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\svchost.exe ---> 5787e5df1a68e7afea82d58e5f0d6549
Behavior description:打开互斥体
details:ShimCacheMutex
Behavior description:加载新释放的文件
details:Image: C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp\AdbWinApi.dll.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号