1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
Safety rating:79 |
Behavior list |
Behavior analysis report: Hybrid file analysis Threatbook file behavior analysis report |
Basic Information | |
---|---|
MD5: | 357dd53df03baa40564ad7a99632972a |
file type: | Rar |
Production company: | |
version: | 1.0.0.0 |
Shell or compiler information: | |
Subfile information: | w7ldr / f8d487926c8f0925e704b7ceee6a6a92 / Unknown |
bootinst.exedumpFile / a841800dbc71eb00bf7b841738c48b92 / EXE | |
w7ldrdumpFile / f8d487926c8f0925e704b7ceee6a6a92 / Unknown | |
bootrest.exedumpFile / e1921dea226b244f83ac5f59681d48a2 / EXE | |
bootinst.exe / a841800dbc71eb00bf7b841738c48b92 / EXE | |
bootrest.exe / e1921dea226b244f83ac5f59681d48a2 / EXE | |
showdrive.exedumpFile / 23bee4b5b4d117c63d8650080c690d2e / EXE | |
showdrive.exe / 23bee4b5b4d117c63d8650080c690d2e / EXE | |
Win7.cmddumpFile / 15748c7d01af21a2e18cc32436f19aec / Unknown | |
Win7.cmd / 15748c7d01af21a2e18cc32436f19aec / Unknown | |
Certificate.xrm-msdumpFile / 4baa251d0af2e67eb5d7e231175e9e94 / Unknown | |
Certificate.xrm-ms / 4baa251d0af2e67eb5d7e231175e9e94 / Unknown | |
msg.vbsdumpFile / 545ae6a469af091b1035032e9072794d / Unknown | |
msg.vbs / 545ae6a469af091b1035032e9072794d / Unknown | |
filesdumpFile / d41d8cd98f00b204e9800998ecf8427e / Unknown |
Key behavior | |
---|---|
Behavior description: | 隐藏指定窗口 |
details: | [Window,Class] = [,ComboLBox] |
Process behavior | |
---|---|
Behavior description: | 创建进程 |
details: | ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c ""C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\Win7.cmd" " |
Behavior description: | 创建新文件进程 |
details: | ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\files\showdrive.exe, CmdLine = files\showdrive.exe |
File behavior | |
---|---|
Behavior description: | 写权限映射文件 |
details: | Local\UrlZonesSM_Administrator |
Behavior description: | 创建可执行文件 |
details: | C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\files\bootinst.exe |
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\files\bootrest.exe | |
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\files\showdrive.exe | |
Behavior description: | 修改文件内容 |
details: | C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\msg.vbs---> Offset = 0 |
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\Win7.cmd---> Offset = 0 | |
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\files\w7ldr---> Offset = 131072 | |
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\files\Certificate.xrm-ms---> Offset = 0 |
Registry behavior | |
---|---|
Behavior description: | 修改注册表 |
details: | \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass |
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\Win7.cmd |
Other behavior | |
---|---|
Behavior description: | 创建互斥体 |
details: | Local\ZonesCounterMutex |
Local\ZoneAttributeCacheCounterMutex | |
Local\ZonesCacheCounterMutex | |
Local\ZonesLockedCacheCounterMutex | |
Behavior description: | 隐藏指定窗口 |
details: | [Window,Class] = [,ComboLBox] |
Behavior description: | 查找指定窗口 |
details: | NtUserFindWindowEx: [Class,Window] = [EDIT,] |
Behavior description: | 获取系统权限 |
details: | SE_LOAD_DRIVER_PRIVILEGE |
Behavior description: | 窗口信息 |
details: | Pid = 560, Hwnd=0xd01e8, Text = 阿非修改的Windows 7激活程序 v1.0, ClassName = ConsoleWindowClass. |
Behavior description: | 直接操作物理设备 |
details: | \??\PhysicalDrive0 |
Run screenshot |
---|
![]() |