VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:38be4e69aed17cff7c001e56c4ac95a0
file type:7z
Production company:Malwarebytes
version:7.6.4.0
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Subfile information:libiconv2.dll / e0dc8c6bbc787b972a9a468648dbfd85 / DLL
upx_c_e711739ddumpFile / 0c545ad179cb03ef7a981904d7b70664 / EXE
JQ.DAT / a5342bab6db36e9d4e0116745a7568b6 / EXE
WGET.DAT / bd126a7b59d5d1f97ba89a3e71425731 / EXE
firefox.bat / 7c2536139b5d838d88d3e0082f9a77fc / Unknown
misc.bat / 1e8f0916024b512938fb5e905d8b6a7c / Unknown
pcre3.dll / 57cac848fa14ae38f14f9441f8933282 / DLL
upx_c_211bdf7fdumpFile / 8ac656972ebcf563b2e32fee3abf126d / EXE
upx_c_4b4f101cdumpFile / 0043973af5d9bd658c69be892223b8ec / EXE
libintl3.dll / d202baa425176287017ffe1fb5d1b77c / DLL
SED.DAT / 2b657a67aebb84aea5632c53e61e23bf / EXE
GREP.DAT / 83a3d89f40a05038760110b1e6e54762 / EXE
wl_bhoclsid.cfg / 838a37fe4fc2c2792d26d88b26fc7039 / Unknown
regex2.dll / 547c43567ab8c08eb30f6c6bacb479a3 / DLL
wl_toolbars.cfg / 38258f710e1d878ff0d2ccd73e923dfe / Unknown
CreateRestorePoint.exe / d34de397c882e8e71fb0966d28f07cb1 / EXE
CHR_storage.cfg / 3e52e9d02f5c1f4d358a6a583a46a9f9 / Unknown
SHORTCUT.DAT / 59375510bde2ff0dba7a8197ad9f12bb / EXE
NirCmd.chm / 66729efe2819e71c060af7fd49732c28 / Chm
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MFN..IAMHH
MSCTF.MarshalInterface.FileMap.MFN.B.IAMHH
MSCTF.MarshalInterface.FileMap.MFN.C.IAMHH
MSCTF.MarshalInterface.FileMap.MFN.D.IAMHH
MSCTF.MarshalInterface.FileMap.MFN.E.IAMHH
MSCTF.MarshalInterface.FileMap.MFN.F.IBMHH
MSCTF.MarshalInterface.FileMap.MFN.G.IBMHH
Local\UrlZonesSM_Administrator
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00140134, Text = Junkware Removal Tool by Malwarebytes - Version 7.6.4, ClassName = ConsoleWindowClass.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Static]
[Window,Class] = [,Button]
Behavior description:按名称获取主机地址
details:www.google.com
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c ""C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\get.bat" "
ImagePath = C:\WINDOWS\system32\ping.exe, CmdLine = PING -n 1 www.google.com
ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = C:\WINDOWS\system32\cmd.exe /S /D /c" pause 1>nul"
ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = C:\WINDOWS\system32\cmd.exe /S /D /c" set/p=Press any key to continue . . ."
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MFN..IAMHH
MSCTF.MarshalInterface.FileMap.MFN.B.IAMHH
MSCTF.MarshalInterface.FileMap.MFN.C.IAMHH
MSCTF.MarshalInterface.FileMap.MFN.D.IAMHH
MSCTF.MarshalInterface.FileMap.MFN.E.IAMHH
MSCTF.MarshalInterface.FileMap.MFN.F.IBMHH
MSCTF.MarshalInterface.FileMap.MFN.G.IBMHH
Local\UrlZonesSM_Administrator
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\CUT.DAT
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\GREP.DAT
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\JQ.DAT
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\NIRCMD.DAT
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\SED.DAT
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\SHORTCUT.DAT
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\WGET.DAT
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\CreateRestorePoint.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\nfo\nircmdc.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\libiconv2.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\libintl3.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\pcre3.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\regex2.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\jrtcurrentmd5---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\nfo\NirCmd.chm---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\clean_shortcut.vbs---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\nfo\sed.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\nfo\shortcut.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\nfo\wget.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\appinit64_null.reg---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\appinit_null.reg---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\CHR_open_x64.reg---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\CHR_open_x86.reg---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\datamngr_del.reg---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\FF_open_x64.reg---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\FF_open_x86.reg---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\IE_open_x64.reg---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\IE_open_x86.reg---> Offset = 0
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\get.bat
FileName = C:\WINDOWS\system32\ping.exe
FileName = C:\WINDOWS\system32\fc.exe
Network behavior
Behavior description:按名称获取主机地址
details:www.google.com
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\get.bat
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
SHIMLIB_LOG_MUTEX
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Static]
[Window,Class] = [,Button]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 490316, SleepMilliseconds = 20.
TickCount = 490332, SleepMilliseconds = 20.
TickCount = 490348, SleepMilliseconds = 20.
TickCount = 490363, SleepMilliseconds = 20.
TickCount = 490379, SleepMilliseconds = 20.
TickCount = 490395, SleepMilliseconds = 20.
TickCount = 490504, SleepMilliseconds = 20.
TickCount = 490520, SleepMilliseconds = 20.
TickCount = 492270, SleepMilliseconds = 20.
TickCount = 492348, SleepMilliseconds = 20.
TickCount = 492473, SleepMilliseconds = 20.
TickCount = 492488, SleepMilliseconds = 20.
TickCount = 508723, SleepMilliseconds = 20.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00140134, Text = Junkware Removal Tool by Malwarebytes - Version 7.6.4, ClassName = ConsoleWindowClass.
Behavior description:窗口信息
details:Pid = 2344, Hwnd=0x140134, Text = Junkware Removal Tool by Malwarebytes - Version 7.6.4, ClassName = ConsoleWindowClass.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号