1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.
| Virscan.org multi-engine scan report |
| Behavior analysis report: Habo file analysis |
| MD5:2d53dfd965333e04f09ef244c43ef920 |
| 文件大小:5.58MB |
| 上传时间: 2014-09-22 10:36:30 (CST) |
| Package names: |
| Minimum operating environment: |
| copyright: |
| Behavior description: | 设置特殊文件夹属性 |
| details: | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 | |
| C:\Documents and Settings\Administrator\Local Settings\History | |
| C:\Documents and Settings\Administrator\Local Settings\History\History.IE5 | |
| C:\Documents and Settings\Administrator\Cookies | |
| Behavior description: | 获取TickCount值 |
| details: | TickCount = 485813, SleepMilliseconds = 1. |
| TickCount = 485891, SleepMilliseconds = 1. | |
| TickCount = 486001, SleepMilliseconds = 1. | |
| TickCount = 486016, SleepMilliseconds = 1. | |
| TickCount = 486079, SleepMilliseconds = 1. | |
| TickCount = 486094, SleepMilliseconds = 1. | |
| TickCount = 486126, SleepMilliseconds = 1. | |
| TickCount = 486157, SleepMilliseconds = 1. | |
| TickCount = 546171, SleepMilliseconds = 60000. | |
| TickCount = 546687, SleepMilliseconds = 60000. | |
| TickCount = 546765, SleepMilliseconds = 60000. | |
| TickCount = 546859, SleepMilliseconds = 60000. | |
| TickCount = 546875, SleepMilliseconds = 60000. | |
| TickCount = 546890, SleepMilliseconds = 60000. | |
| TickCount = 546906, SleepMilliseconds = 60000. |
| Behavior description: | 创建本地线程 |
| details: | N/A |
| Behavior description: | 进程退出 |
| details: | N/A |
| Behavior description: | 枚举进程 |
| details: | N/A |
| Behavior description: | 创建文件 |
| details: | C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gfd7.tmp |
| C:\Documents and Settings\Administrator\Local Settings\Temp\51f71cca-f859-4a7a-8379-74ca7bcdc368\bin.dmc | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\51f71cca-f859-4a7a-8379-74ca7bcdc368\bin\bin.html | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\51f71cca-f859-4a7a-8379-74ca7bcdc368\config.dmc | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[1] | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1] | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1] | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1] | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1] | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1] | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1] | |
| Behavior description: | 创建可执行文件 |
| details: | C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gfd7.tmp |
| Behavior description: | 覆盖已有文件 |
| details: | C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gfd7.tmp |
| C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[1] | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1] | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1] | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1] | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1] | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1] | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1] | |
| Behavior description: | 查找文件 |
| details: | FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll |
| FileName = C:\WINDOWS\Microsoft.NET\Framework\\* | |
| FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.INI | |
| FileName = C:\DOCUME~1 | |
| FileName = C:\Documents and Settings\ADMINI~1 | |
| FileName = C:\Documents and Settings\Administrator\LOCALS~1 | |
| FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gfd7.INI | |
| FileName = C:\DOCUME~1\ADMINI~1 | |
| FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1 | |
| FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp | |
| FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gfd7.tmp | |
| FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp% | |
| FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.INI | |
| FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.INI | |
| FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI | |
| Behavior description: | 删除文件 |
| details: | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[2] |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\ErrorPageTemplate[2] | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\errorPageStrings[1] | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\httpErrorPagesScripts[1] | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[2] | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\info_48[1] | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\bullet[1] | |
| Behavior description: | 设置特殊文件夹属性 |
| details: | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 | |
| C:\Documents and Settings\Administrator\Local Settings\History | |
| C:\Documents and Settings\Administrator\Local Settings\History\History.IE5 | |
| C:\Documents and Settings\Administrator\Cookies | |
| Behavior description: | 修改文件内容 |
| details: | C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT---> Offset = 0 |
| C:\Documents and Settings\Administrator\Local Settings\Temp\51f71cca-f859-4a7a-8379-74ca7bcdc368\config.dmc---> Offset = 0 | |
| C:\WINDOWS\system32\wbem\Logs\wbemprox.log---> Offset = 0 | |
| C:\WINDOWS\system32\wbem\Logs\wbemprox.log---> Offset = 299 | |
| C:\WINDOWS\system32\wbem\Logs\wbemprox.log---> Offset = 374 | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[1]---> Offset = 0 | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]---> Offset = 0 | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]---> Offset = 0 | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]---> Offset = 0 | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1]---> Offset = 0 | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1]---> Offset = 0 | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1]---> Offset = 0 | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\51f71cca-f859-4a7a-8379-74ca7bcdc368\bin\bin.html---> Offset = 0 | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\51f71cca-f859-4a7a-8379-74ca7bcdc368\bin.dmc---> Offset = 0 |
| Behavior description: | 连接指定站点 |
| details: | InternetConnectA: ServerName = api.v2.secdls.com, PORT = 80 |
| Behavior description: | 建立到一个指定的套接字连接 |
| details: | 127.0.0.1:1031 |
| Behavior description: | 打开HTTP请求 |
| details: | HttpOpenRequestA: api.v2.secdls.com:80/index.php/apiloading/837.html, hConnect = 0x00000260 |
| Behavior description: | 按名称获取主机地址 |
| details: | wpad. |
| staticrr.paleokits.net | |
| staticrr.sslsecure1.com | |
| staticrr.sslsecure2.com | |
| staticrr.sslsecure3.com | |
| staticrr.sslsecure4.com | |
| staticrr.sslsecure5.com | |
| staticrr.sslsecure6.com | |
| staticrr.sslsecure7.com | |
| staticrr.sslsecure8.com | |
| staticrr.sslsecure9.com | |
| staticrr.sslsecure10.com | |
| track.v2.secdls.com | |
| track.v2.sslsecure1.com | |
| track.v2.sslsecure2.com |
| Behavior description: | 修改注册表 |
| details: | \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings |
| Behavior description: | 删除注册表键值_IE连接设置 |
| details: | \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer |
| \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL |
| Behavior description: | 创建互斥体 |
| details: | CTF.LBES.MutexDefaultS-* |
| CTF.Compart.MutexDefaultS-* | |
| CTF.Asm.MutexDefaultS-* | |
| CTF.Layouts.MutexDefaultS-* | |
| CTF.TMD.MutexDefaultS-* | |
| CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-* | |
| Local\ZonesCounterMutex | |
| Local\ZoneAttributeCacheCounterMutex | |
| Local\ZonesCacheCounterMutex | |
| Local\ZonesLockedCacheCounterMutex | |
| RasPbFile | |
| Local\!PrivacIE!SharedMemory!Mutex | |
| MSCTF.Shared.MUTEX.ELH | |
| Behavior description: | 创建事件对象 |
| details: | EventName = Global\CPFATE_416_v4.0.30319 |
| EventName = DINPUTWINMM | |
| EventName = Global\userenv: User Profile setup event | |
| Behavior description: | 查找指定窗口 |
| details: | NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,] |
| NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,] | |
| NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,] | |
| Behavior description: | 获取系统权限 |
| details: | SE_LOAD_DRIVER_PRIVILEGE |
| SE_DEBUG_PRIVILEGE | |
| Behavior description: | 获取TickCount值 |
| details: | TickCount = 485813, SleepMilliseconds = 1. |
| TickCount = 485891, SleepMilliseconds = 1. | |
| TickCount = 486001, SleepMilliseconds = 1. | |
| TickCount = 486016, SleepMilliseconds = 1. | |
| TickCount = 486079, SleepMilliseconds = 1. | |
| TickCount = 486094, SleepMilliseconds = 1. | |
| TickCount = 486126, SleepMilliseconds = 1. | |
| TickCount = 486157, SleepMilliseconds = 1. | |
| TickCount = 546171, SleepMilliseconds = 60000. | |
| TickCount = 546687, SleepMilliseconds = 60000. | |
| TickCount = 546765, SleepMilliseconds = 60000. | |
| TickCount = 546859, SleepMilliseconds = 60000. | |
| TickCount = 546875, SleepMilliseconds = 60000. | |
| TickCount = 546890, SleepMilliseconds = 60000. | |
| TickCount = 546906, SleepMilliseconds = 60000. | |
| Behavior description: | 获取光标位置 |
| details: | CursorPos = (106,18467), SleepMilliseconds = 60000. |
| CursorPos = (6399,26500), SleepMilliseconds = 60000. | |
| CursorPos = (19234,15724), SleepMilliseconds = 60000. | |
| CursorPos = (11543,29358), SleepMilliseconds = 60000. | |
| CursorPos = (27027,24464), SleepMilliseconds = 60000. | |
| CursorPos = (5770,28145), SleepMilliseconds = 60000. | |
| CursorPos = (23346,16827), SleepMilliseconds = 60000. | |
| CursorPos = (10026,491), SleepMilliseconds = 60000. | |
| CursorPos = (3060,11942), SleepMilliseconds = 60000. | |
| CursorPos = (4892,5436), SleepMilliseconds = 60000. | |
| CursorPos = (32456,14604), SleepMilliseconds = 60000. | |
| CursorPos = (3967,153), SleepMilliseconds = 60000. | |
| CursorPos = (357,12382), SleepMilliseconds = 60000. | |
| CursorPos = (17486,18716), SleepMilliseconds = 60000. | |
| CursorPos = (19783,19895), SleepMilliseconds = 60000. | |
| Behavior description: | 窗口信息 |
| details: | Pid = 416, Hwnd=0x202c8, Text = Loading..., ClassName = WindowsForms10.STATIC.app.0.5c39d4_r26_ad1. |
| Pid = 416, Hwnd=0x202c6, Text = wait a moment please..., ClassName = WindowsForms10.STATIC.app.0.5c39d4_r26_ad1. | |
| Pid = 416, Hwnd=0x102de, Text = 确定, ClassName = Button. | |
| Pid = 416, Hwnd=0x102e0, Text = An error has occurred, ClassName = Static. | |
| Pid = 416, Hwnd=0x302c8, Text = Loading..., ClassName = WindowsForms10.STATIC.app.0.5c39d4_r26_ad1. | |
| Pid = 416, Hwnd=0x302c6, Text = wait a moment please..., ClassName = WindowsForms10.STATIC.app.0.5c39d4_r26_ad1. | |
| Behavior description: | 可执行文件签名信息 |
| details: | C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gfd7.tmp(签名验证: 未通过) |
| Behavior description: | 调用Sleep函数 |
| details: | [1]: MilliSeconds = 60000. |
| [2]: MilliSeconds = 60000. | |
| [3]: MilliSeconds = 60000. | |
| [4]: MilliSeconds = 60000. | |
| [5]: MilliSeconds = 60000. | |
| Behavior description: | 隐藏指定窗口 |
| details: | [Window,Class] = [,WindowsForms10.Window.8.app.0.5c39d4_r26_ad1] |
| Behavior description: | 可执行文件MD5 |
| details: | C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gfd7.tmp ---> 1f6fcd24694cbe31558db57f7f7b7690 |
| Behavior description: | 加载新释放的文件 |
| details: | Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gfd7.tmp. |
HOME
