VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:83
Behavior list
Basic Information
MD5:2e510e573e45bca3c810ef9039b96e80
file type:EXE
Production company:AirInstaller
version:2.0.7.3---2.0.7.3
Shell or compiler information:
Subfile information:mpress_b56571cbdumpFile / fbffa2ed901d8bd35b648342b10a4682 / EXE
Key behavior
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000302a6, Text = HD Player, ClassName = #32770.
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:自删除
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1449086710.269108.exe
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setup.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setup.exe relaunch
Behavior description:进程退出
details:N/A
Behavior description:枚举进程
details:N/A
Behavior description:创建本地线程
details:N/A
File behavior
Behavior description:创建文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\air3.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setup.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\6XoWPlF9Pk\session.xml
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setup.exe
Behavior description:复制文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1449086710.209199.exe ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setup.exe
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setup.exe
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\6XoWPlF9Pk\session.xml---> Offset = 0
Behavior description:自删除
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1449086710.269108.exe
Network behavior
Behavior description:联网打开网址
details:InternetOpenUrlA: http://trk.airinstaller.com/get/launch/?c=8a8d2b9a-dbe8-11e3-b4f3-06b0c48d4512&m=33134618153450464137&l=2052&b=myatwun9&sid=104196&os=2.5.1.2600 32bit hInternet = 0x00000630
InternetOpenUrlA: http://trk.airinstaller.com/get/session/?c=8a8d2b9a-dbe8-11e3-b4f3-06b0c48d4512&b=myatwun9&d=&sid=104196&uid=&o=&sig= hInternet = 0x00000630
InternetOpenUrlA: http://trk.airinstaller.com/get/log/?c=8a8d2b9a-dbe8-11e3-b4f3-06b0c48d4512&d=2.0.1.6&o= &r=&s=2704557129c27fc629c27fc6&t=179 hInternet = 0x00000630
InternetOpenUrlA: http://trk.airinstaller.com/get/file_size/?key=6071642c4008dc81c4f4e4035b09d321&url= hInternet = 0x000006d0
Behavior description:读取网络文件
details:hFile = 0x00000630, BytesToRead =4095, BytesRead = 4095.
hFile = 0x000006d0, BytesToRead =4095, BytesRead = 4095.
Registry behavior
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\DWFileTreeRoot
Other behavior
Behavior description:创建互斥体
details:oleacc-msaa-loaded
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
SHIMLIB_LOG_MUTEX
AirInstaller-Admin
INSTALLER-238EA140-C13E-31F2-E1C5-106067709672
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EGI
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.EGI.IC
EventName = MSCTF.SendReceiveConection.Event.EGI.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000302a6, Text = HD Player, ClassName = #32770.
Behavior description:窗口信息
details:Pid = 2144, Hwnd=0x302cc, Text = Preparing your installation, please wait..., ClassName = Static.
Pid = 2144, Hwnd=0x302a6, Text = HD Player, ClassName = #32770.
Behavior description:可执行文件签名信息
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setup.exe(签名验证: 未通过)
Behavior description:可执行文件MD5
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setup.exe ---> 2e510e573e45bca3c810ef9039b96e80
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号