VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:78
Behavior list
Basic Information
MD5:3c6409a767464c7b99f2768fa3812570
file type:EXE
Production company:ApollyonVR
version:0.81.1.0---0.81.1.0
Shell or compiler information:COMPILER:Microsoft Visual C# / Basic .NET
Key behavior
Behavior description:直接获取CPU时钟
details:EAX = 0xb1ce1faa, EDX = 0x00000077
EAX = 0xb4811f26, EDX = 0x00000077
EAX = 0xb4811f72, EDX = 0x00000077
EAX = 0xb4811fbe, EDX = 0x00000077
EAX = 0xd947f4f8, EDX = 0x00000077
EAX = 0x3d7d371a, EDX = 0x00000078
EAX = 0x5fbc3d17, EDX = 0x00000078
EAX = 0x64f70bd0, EDX = 0x00000078
EAX = 0x6a5d0a7c, EDX = 0x00000078
EAX = 0x6a5d0ac8, EDX = 0x00000078
Behavior description:获取TickCount值
details:TickCount = 144827, SleepMilliseconds = -1.
TickCount = 144842, SleepMilliseconds = -1.
TickCount = 144874, SleepMilliseconds = -1.
TickCount = 144905, SleepMilliseconds = -1.
TickCount = 4295112529, SleepMilliseconds = -1.
TickCount = 145249, SleepMilliseconds = -1.
TickCount = 145280, SleepMilliseconds = -1.
TickCount = 4295112576, SleepMilliseconds = -1.
TickCount = 205390, SleepMilliseconds = 60000.
TickCount = 209703, SleepMilliseconds = 60000.
TickCount = 209937, SleepMilliseconds = 60000.
TickCount = 209953, SleepMilliseconds = 60000.
TickCount = 210328, SleepMilliseconds = 60000.
TickCount = 210390, SleepMilliseconds = 60000.
TickCount = 210437, SleepMilliseconds = 60000.
File behavior
Behavior description:创建文件
details:C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Users\Administrator\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_82E162242DAC43C3805C669C13D4F9AA.dat
C:\Users\Administrator\AppData\Roaming\Microsoft\Speech\Files\UserShortcuts\SP_A6155DE8656C4EC19DCB813CE89312AD.dat
C:\Users\Administrator\AppData\Local\%temp%\ott.log
Behavior description:覆盖已有文件
details:C:\Users\Administrator\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_82E162242DAC43C3805C669C13D4F9AA.dat
C:\Users\Administrator\AppData\Roaming\Microsoft\Speech\Files\UserShortcuts\SP_A6155DE8656C4EC19DCB813CE89312AD.dat
Behavior description:修改文件内容
details:C:\Users\Administrator\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_82E162242DAC43C3805C669C13D4F9AA.dat ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Microsoft\Speech\Files\UserShortcuts\SP_A6155DE8656C4EC19DCB813CE89312AD.dat ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\ott.log ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\ott.log ---> Offset = 34
C:\Users\Administrator\AppData\Local\%temp%\ott.log ---> Offset = 71
Behavior description:查找文件
details:FileName = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\Windows\Microsoft.NET\Framework\\*
FileName = C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
FileName = C:\Users
FileName = C:\Users\Administrator\AppData
FileName = C:\Users\Administrator\AppData\Local
FileName = C:\Users\Administrator\AppData\Local\Temp
FileName = C:\Users\Administrator\AppData\Local\%temp%
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe
FileName = C:\Users\Administrator
FileName = C:\Windows\assembly\NativeImages_v4.0.30319_32\OculusTrayTool\*
FileName = C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\*
FileName = C:\Windows\assembly\NativeImages_v4.0.30319_32\System\*
FileName = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\*
FileName = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\*
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\GDIPlus\FontCachePath
\REGISTRY\USER\S-*\Software\Microsoft\Speech\Recognizers\DefaultTokenId
\REGISTRY\USER\S-*\Software\Microsoft\Speech\CurrentUserLexicon\CLSID
\REGISTRY\USER\S-*\Software\Microsoft\Speech\CurrentUserLexicon\
\REGISTRY\USER\S-*\Software\Microsoft\Speech\CurrentUserLexicon\{C9E37C15-DF92-4727-85D6-72E5EEB6995A}\Files\Datafile
\REGISTRY\USER\S-*\Software\Microsoft\Speech\CurrentUserLexicon\Generation
\REGISTRY\USER\S-*\Software\Microsoft\Speech\CurrentUserShortcut\CLSID
\REGISTRY\USER\S-*\Software\Microsoft\Speech\CurrentUserShortcut\
\REGISTRY\USER\S-*\Software\Microsoft\Speech\CurrentUserShortcut\{C9E37C15-DF92-4727-85D6-72E5EEB6995A}\Files\Datafile
\REGISTRY\USER\S-*\Software\Microsoft\Speech\PhoneConverters\DefaultTokenId
\REGISTRY\USER\S-*\Software\Microsoft\Speech\RecoProfiles\Tokens\{C1A753DD-BAAC-477E-A97C-9021DD6177B6}\
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_Recognizers_Tokens_MS-2052-80-DESK_Mutex
Local\MSASR LMA Version Update
Local\HKEY_CURRENT_USER_SOFTWARE_Microsoft_Speech_CurrentUserLexicon_Mutex
Local\30F1B4D6-EEDA-11d2-9C23-00C04F8EF87C
Local\{DFA9ED21-3400-4835-AA2D-DA60C76AA717}-Mutex
Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_Recognizers_Tokens_MS-2052-80-DESK_LocaleHandler_Mutex
Local\HKEY_CURRENT_USER_SOFTWARE_Microsoft_Speech_CurrentUserShortcut_Mutex
Local\{E4604094-B968-480C-82BF-4D97717C8004}-Mutex
Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_Chinese_Mutex
Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_English_Mutex
Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_French_Mutex
Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_German_Mutex
Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_Japanese_Mutex
Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_Spanish_Mutex
Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_TraditionalChinese_Mutex
Behavior description:创建事件对象
details:EventName = Global\CPFATE_2740_v4.0.30319
EventName = b56dbadf-9299-4657-8c10-f466449659f30.81Event
EventName = b56dbadf-9299-4657-8c10-f466449659f30.81Event2
EventName = Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_Recognizers_Tokens_MS-2052-80-DESK_Event
EventName = Local\HKEY_CURRENT_USER_SOFTWARE_Microsoft_Speech_CurrentUserLexicon_Event
EventName = Local\{DFA9ED21-3400-4835-AA2D-DA60C76AA717}-Event-0
EventName = Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_Recognizers_Tokens_MS-2052-80-DESK_LocaleHandler_Event
EventName = Local\HKEY_CURRENT_USER_SOFTWARE_Microsoft_Speech_CurrentUserShortcut_Event
EventName = Local\{E4604094-B968-480C-82BF-4D97717C8004}-Event-0
EventName = Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_Chinese_Event
EventName = Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_English_Event
EventName = Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_French_Event
EventName = Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_German_Event
EventName = Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_Japanese_Event
EventName = Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_Spanish_Event
Behavior description:打开互斥体
details:Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_Recognizers_Tokens_MS-2052-80-DESK_Mutex
Local\MSASR LMA Version Update
Local\HKEY_CURRENT_USER_SOFTWARE_Microsoft_Speech_CurrentUserLexicon_Mutex
Local\30F1B4D6-EEDA-11d2-9C23-00C04F8EF87C
Local\{DFA9ED21-3400-4835-AA2D-DA60C76AA717}-Mutex
Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_Recognizers_Tokens_MS-2052-80-DESK_LocaleHandler_Mutex
Local\HKEY_CURRENT_USER_SOFTWARE_Microsoft_Speech_CurrentUserShortcut_Mutex
Local\{E4604094-B968-480C-82BF-4D97717C8004}-Mutex
Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_Chinese_Mutex
Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_English_Mutex
Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_French_Mutex
Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_German_Mutex
Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_Japanese_Mutex
Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_Spanish_Mutex
Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_TraditionalChinese_Mutex
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:打开事件
details:Global\CLR_PerfMon_StartEnumEvent
\KernelObjects\LowMemoryCondition
HookSwitchHookEnabledEvent
MSFT.VSA.COM.DISABLE.2740
MSFT.VSA.IEC.STATUS.6c736db0
\KernelObjects\MaximumCommitCondition
Global\TermSrvReadyEvent
Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_Recognizers_Tokens_MS-2052-80-DESK_Event
Local\HKEY_CURRENT_USER_SOFTWARE_Microsoft_Speech_CurrentUserLexicon_Event
Local\{DFA9ED21-3400-4835-AA2D-DA60C76AA717}-Event-0
Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_Recognizers_Tokens_MS-2052-80-DESK_LocaleHandler_Event
Local\HKEY_CURRENT_USER_SOFTWARE_Microsoft_Speech_CurrentUserShortcut_Event
Local\{E4604094-B968-480C-82BF-4D97717C8004}-Event-0
Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_Chinese_Event
Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_English_Event
Behavior description:获取TickCount值
details:TickCount = 144827, SleepMilliseconds = -1.
TickCount = 144842, SleepMilliseconds = -1.
TickCount = 144874, SleepMilliseconds = -1.
TickCount = 144905, SleepMilliseconds = -1.
TickCount = 4295112529, SleepMilliseconds = -1.
TickCount = 145249, SleepMilliseconds = -1.
TickCount = 145280, SleepMilliseconds = -1.
TickCount = 4295112576, SleepMilliseconds = -1.
TickCount = 205390, SleepMilliseconds = 60000.
TickCount = 209703, SleepMilliseconds = 60000.
TickCount = 209937, SleepMilliseconds = 60000.
TickCount = 209953, SleepMilliseconds = 60000.
TickCount = 210328, SleepMilliseconds = 60000.
TickCount = 210390, SleepMilliseconds = 60000.
TickCount = 210437, SleepMilliseconds = 60000.
Behavior description:窗口信息
details:Pid = 2740, Hwnd=0x40242, Text = 确定, ClassName = Button.
Pid = 2740, Hwnd=0x701de, Text = Missing dependency: CoreAudioApi.dll, cannot continue, ClassName = Static.
Pid = 2740, Hwnd=0x40244, Text = Oculus Tray Tool, ClassName = #32770.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = -1.
[2]: MilliSeconds = 60000.
[3]: MilliSeconds = 0.
[4]: MilliSeconds = 0.
[5]: MilliSeconds = -1.
[6]: MilliSeconds = -1.
[7]: MilliSeconds = 20.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [Oculus Tray Tool,WindowsForms10.Window.8.app.0.141b42a_r14_ad1]
Behavior description:直接获取CPU时钟
details:EAX = 0xb1ce1faa, EDX = 0x00000077
EAX = 0xb4811f26, EDX = 0x00000077
EAX = 0xb4811f72, EDX = 0x00000077
EAX = 0xb4811fbe, EDX = 0x00000077
EAX = 0xd947f4f8, EDX = 0x00000077
EAX = 0x3d7d371a, EDX = 0x00000078
EAX = 0x5fbc3d17, EDX = 0x00000078
EAX = 0x64f70bd0, EDX = 0x00000078
EAX = 0x6a5d0a7c, EDX = 0x00000078
EAX = 0x6a5d0ac8, EDX = 0x00000078
Behavior description:导入密钥
details:[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x69EE3828, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x69F4F920, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x00259B04, DataLen: 148, Flags: 0x00000000
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号